Rural firms warned to guard against internal attacks
Rural firms warned to guard against internal attacks
Jan 31, 2005: An Australian expert on information security has urged regional businesses to be alive to the threat of security breaches, warning that rural firms are as much at risk of technology attack as their city-based counterparts.
Jo Stewart-Rattray, director of information security for Asia-Pacific information security company Vectra Corporation, issued the call as part of a regional educational campaign in South Australia, but the advice is pertinent to companies across the country. "Businesses in rural areas may think they are less at risk than their city counterparts because they’re out of the limelight," said Ms. Stewart-Rattray.
"The fact is that the biggest information security problem threatens businesses no matter where they are located. Research shows that 70 percent of all damage to corporate information and networks is perpetrated from within, by current employees. Disgruntled employees who have recently left the organisation are a threat from the outside."
Stewart-Rattray said her presentation would outline the threats faced by every business and suggest basic steps to protect corporate information. "The two most valuable assets any organisation has are its information and its people," she said.
"Can your organisation afford to have one its most valuable assets tampered with? Ironically only 20 percent of the threats to your security are technology-based - about 80 percent of the threats to your information security arise from people-related issues. Kevin Mitnick, America’s most famous cyber criminal, rarely used technology to gain access to corporate networks. Your people could put your security at risk inadvertently!"
She added that the first steps towards information security were to recognise the threat and establish policies to defend against it. "Your corporate information is under threat from tampering, theft, loss, leakage, sabotage, Trojan software, malicious code and people bypassing security controls," she said. "You need to accept that information security is primarily about human behaviour. Be aware of these risks and implement security awareness programs to address the ‘people’ risks. Also use network and physical access policies and procedures and appropriate technology solutions.
"But the bottom line is that it doesn’t matter how much you spend on information security systems if you don’t train people to use them and enforce the need to use them all the time."
Related Article: