Home page logo

isn logo Information Security News mailing list archives

Insiders are main computer security threat
From: InfoSec News <isn () c4i org>
Date: Wed, 20 Jun 2001 01:58:19 -0500 (CDT)


REUTERS in San Francisco 
Wednesday, June 20, 2001

Disgruntled insiders and accounts held by former employees are a
greater computer security threat to United States companies than
outside hackers, according to a survey released on Tuesday.

Authorised users are by far a company's biggest security threat,
according to the survey, which was conducted by market research firm
Digital Research for security software developer Camelot and eWeek

"It's a real issue that departments apparently can't keep up with
closing accounts in a timely fashion," said Moti Dolgin, senior
vice-president and general manager of Camelot's Americas unit.

Of the 548 online surveys completed last week by eWeek readers, 57 per
cent of respondents said their worst security breaches were from
corporate users tapping unauthorised information. The second biggest
problems reported were those created by user accounts left active
after employees had left the company.

Only a minority of 21 per cent complained that outsiders gaining
access to sensitive information by hacking was their most pressing

"In most cases users get access to much more information than they
actually need to do their job," said Mr Dolgin.

The view that the biggest security threat is internal may come as a
surprise, given the media play that malicious hackers generate.

"Hacker attacks do get more of their share of media attention and
certainly are much more hyped," Mr Dolgin said. "One of the reasons is
that companies, many times, are hesitant to disclose attacks by

The survey also found that companies are spending more on securing
their networks, in the view that prevention is cheaper than damage

Nearly half the companies responding to the survey said they are
increasing their budget for network security software and hardware.

Haifa, Israel-based Camelot sells software that sets and monitors
user-access permission. Unlike systems that rely on manual
configuration, the software detects when a user is no longer active on
the network and automatically shuts down their access.

ISN is hosted by SecurityFocus.com
To unsubscribe email isn-unsubscribe () SecurityFocus com 

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]