Increase of insider attacks with portable storage
Increase of insider attacks with portable storage
Apr 06, 2004: The stealing of critical business information by employees with the use of mobile phones, PDAs, USB flash memory cards and other portable devices is on the increase in Australia due to the higher availability and accessibility of these products.
Research by PricewaterhouseCoopers has revealed that 70 percent of security threats come from within the enterprise, whereas only 10 percent of breaches come from external attacks, such as Internet viruses.
In addition, 70 percent of Fortune 1000 companies have reported internal security incidents, 77 percent of companies admit that they have highly confidential information held on the network and 65 percent of businesses said they would suffer major problems if the information were taken.
As for employees, 70 percent of them have admitted to stealing important information from a company before 72 percent do not see an ethical problem with this.
Phil Hare, the regional managing director of Centennial Software, which provides software called DeviceWall, says that it is becoming more common for employees to have access to technology that can easily extract important information.
DeviceWall, however, can lockdown PCs through the selective management of access to particular devices based upon a user's specific needs and privileges.
It enables used-based control of removable media types, including iPods and media players, USB mass storage devices, CD/DVDs, PDAs and diskettes for users both online and offline.
Hare said: "35 percent of the working population owns portable storage device now, and that percentage is increasing all the time with greater availability of this kind of storage through ever decreasing prices.
"The storage capacity for these devices is very high too. Some systems have 80GB drives that are so simple to plug-in to the PC. The importance to control what can or cannot be taken by these devices is growing more essential all the time too with enforcement of compliance regulations that demand that the integrity of information is protected."
Hare provided added that if a bank, for example, was a victim of exploitation by an insider, this could cause the share price to fall and customers would probably not trust the bank if their personal information was stolen and used by an employee who stole their details through the use of a portable device.
Hare also believes that his company's solution of restricting access for these devices will be well received by employees too, because it will provide them with clarity over what they are allowed and not allowed to do.
Related Article: