Re: Insiders are main computer security threat

[InfoSec News <isn () c4i org>]

Forwarded by: Robert V. Jacobson <jacobson () pipeline com>

With respect, should not the sentence:

+ACI-Authorized users are by far a company's biggest security threat,
according to the survey, which was conducted by market research firm
Digital Research for security software developer Camelot and eWeek
magazine.+ACI-

read:

+ACI-The 547 organizations that chose to respond to a recent survey
sponsored by a security software vendor said that authorized users
were the biggest security threat.  The experience of those who did not
respond is unknown. The number and source of undetected and unreported
attacks is unknown.+ACI-

Robert V. Jacobson, CPP  www.ist-usa.com
International Security Technology, Inc.
99 Park Avenue, New York, NY 10016-1501  USA
+-1 (212) 557-0900 Cell phone: (917) 751-5190
jacobson+AEA-ist-usa.com


----- Original Message -----
From: InfoSec News +ADw-isn+AEA-c4i.org+AD4-
To: +ADw-isn+AEA-securityfocus.com+AD4-
Sent: Wednesday, June 20, 2001 2:58 AM
Subject: +AFs-ISN+AF0- Insiders are main computer security threat


+AD4- http://technology.scmp.com/techbiz/ZZZ8CXNL5OC.html
+AD4-
+AD4- REUTERS in San Francisco
+AD4- Wednesday, June 20, 2001
+AD4-
+AD4- Disgruntled insiders and accounts held by former employees are a
+AD4- greater computer security threat to United States companies than
+AD4- outside hackers, according to a survey released on Tuesday.
+AD4-
+AD4- Authorised users are by far a company's biggest security threat,
+AD4- according to the survey, which was conducted by market research firm
+AD4- Digital Research for security software developer Camelot and eWeek
+AD4- magazine.
+AD4-
+AD4- +ACI-It's a real issue that departments apparently can't keep up with
+AD4- closing accounts in a timely fashion,+ACI- said Moti Dolgin, senior
+AD4- vice-president and general manager of Camelot's Americas unit.
+AD4-
+AD4- Of the 548 online surveys completed last week by eWeek readers, 57 per
+AD4- cent of respondents said their worst security breaches were from
+AD4- corporate users tapping unauthorised information. The second biggest
+AD4- problems reported were those created by user accounts left active
+AD4- after employees had left the company.
+AD4-
+AD4- Only a minority of 21 per cent complained that outsiders gaining
+AD4- access to sensitive information by hacking was their most pressing
+AD4- concern.
+AD4-
+AD4- +ACI-In most cases users get access to much more information than they
+AD4- actually need to do their job,+ACI- said Mr Dolgin.
+AD4-
+AD4- The view that the biggest security threat is internal may come as a
+AD4- surprise, given the media play that malicious hackers generate.
+AD4-
+AD4- +ACI-Hacker attacks do get more of their share of media attention and
+AD4- certainly are much more hyped,+ACI- Mr Dolgin said. +ACI-One of the reasons is
+AD4- that companies, many times, are hesitant to disclose attacks by
+AD4- insiders.+ACI-
+AD4-
+AD4- The survey also found that companies are spending more on securing
+AD4- their networks, in the view that prevention is cheaper than damage
+AD4- control.
+AD4-
+AD4- Nearly half the companies responding to the survey said they are
+AD4- increasing their budget for network security software and hardware.
+AD4-
+AD4- Haifa, Israel-based Camelot sells software that sets and monitors
+AD4- user-access permission. Unlike systems that rely on manual
+AD4- configuration, the software detects when a user is no longer active on
+AD4- the network and automatically shuts down their access.
+AD4-
+AD4-
+AD4-
+AD4-
+AD4- ISN is hosted by SecurityFocus.com
+AD4- ---
+AD4- To unsubscribe email isn-unsubscribe+AEA-SecurityFocus.com.



ISN is hosted by SecurityFocus.com
---
To unsubscribe email isn-unsubscribe () SecurityFocus com.