Report Shows Internal IT Attacks Rising

 
Internal attacks on computer systems are overtaking external attacks at the worldâs largest financial institutions. 

See Also: Addressing the Identity Risk Factor in the Age of 'Need It Now'

Thatâs a key finding from the 2005 Global Security Survey conducted by Deloitte Touche Tohmatsu.  In the annual survey, 35% respondents said that in the past 12 months, theyâve suffered attacks that originated inside the organization.  Thatâs a massive increase over the previous yearâs 14%.

By comparison, 26% said they were attacked by outside sources, up from 23% the prior year.

 
Sea Change

Why the shift?  Experts say the growth in external attacks has slowed because financial institutions have become more effective at deploying technological defenses that fend off outsiders, such as intrusion-detection systems, anti-virus software, and content filtering and monitoring.
 

The result is that criminals spend less energy directly attacking banksâ IT systems.  Instead, they search for the traditional weak link in any security system: a human being. 
 

Disgruntled employees and former employees, or workers in desperate financial need, are highly sought after by â-social engineersâ" who view such people as their key to the bank vault.  These workers â" especially those familiar with the enterpriseâs computer and network operations â" are convinced to help criminals steal customersâ personal information, proprietary competitive data, and other vitally important information.
 

Part of the problem according to the survey, is that only 65% of companies have trained staffers to spot suspicious behavior in co-workers.  Experts say that employees with sudden newfound (and unexplained) money, or those embittered by a missed promotion, are likely candidates to steal data from the company, or help others do so.

© National Security Institute, Inc. â" This article is the property of the National Security Institute and my not be copied or redistributed in any fashion without an appropriate licensing agreement.  For more information and FREE samples, visit http://nsi.org/SECURITYsense2.html.


About the Author




Around the Network