Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

ISACA reveals the ease with which corporate data can be stolen

ISACA : 03 October, 2008  (Technical Article)
After data theft experiments, ISACA provide three-step advice for companies to control their data and prevent information loss resulting from poor staff controls
In a podcast interview, Peter Wood Member of the ISACA Conference Committee and founder of First Base Technologies reveals the ease with which criminals are able to steal data and gives 3 critical steps organisations can take to block them.

Wood reveals how he and a colleague walked unchallenged into an insurance company and were able to steal all their data as part of a security exercise. And he is not the only one to get away with stealing data; very often companies unwittingly hire people whose sole purpose is to steal data.

Wood goes on to explain "some people in the banking community have quietly and anonymously said to me over the last year that they have found employees who have been placed in their company by criminal gangs and they have been operating as moles over that period."

Companies also make the mistake of storing sensitive and confidential data in one place which makes it very easy for criminals to steal data.

Wood says, "intellectual property or large credit card data bases are probably the primary targets and someone told me, a Japanese company in fact, that they could store all their key data, all their intellectual property and the stuff that really differentiates them on a thumb drive, as a result one hit there is more than adequate to give the criminal what they want."

"The physical attack is sometimes the easiest and probably the way of the future for a lot of criminal gangs", however according to Wood "you don't have to be onsite, remote control attacks through email phishing, spear phishing, email-attached Trojans or even web drive-by attacks are increasing in popularity and someone receiving an email that directs them to a site that appears innocent and then quickly installs something on their PC is just as vulnerable"

Wood believes that people are critically important in preventing these attacks. He says "If people are given some baseline education as to how to look for criminal activity then they can be the greatest asset any organization could possibly deploy".

He adds, "I think there is a huge gulf between the technical controls that firms put in place and the human and HR control and the physical premises control. There is little or no communication between the three areas and it's through those gaps that criminals can walk unchallenged".

However there is a light at the end of this very dark and dangerous tunnel of information security breaches. According to Peter Wood there are three critical steps an organization could take to protect themselves.

* Good quality vetting of staff and third parties
* An awareness campaign that is intelligently designed and has a strong focus to encourage and inform people
* Conducting regular meetings with HR, physical security, IT security and the business to provide a holistic defence against an attack.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo