Workers Are No. 1 Threat to Russia's IT

[InfoSec News <isn () c4i org>]

http://www.themoscowtimes.com/stories/2002/04/03/047.html

By Alexander Boreiko and Yury Granovsky 
Vedomosti 
Wednesday, Apr. 3, 2002. Page 8 

Hackers may the greatest danger to computer systems in the West, but
in Russia the biggest problems are employees, legislative failings and
vandalism.

Only 2 percent of damage to computer systems in Russia is connected
with hackers, said Ivan Kurnosov, deputy head of the Communications
Ministry's information department.

Some 55 percent of damaging incidents are the result of employee
errors, according to the Documentary Electronic Communications
Association, while 25 percent are caused by intentional employee
abuse.

Russia's biggest problem, however, is the continuing absence of laws
to combat the majority of computer crimes, said Yelena Volchinskaya, a
consultant with the State Duma security committee.

"There is nothing in our legislation that outlaws spam," she said,
referring to junk e-mail.

Dangerous attacks like flooding servers with fake requests from
different computers are not considered a crime under Russian law, she
said.

"Denial of Service" attacks, as they are called, are considered the
most widespread and dangerous form of computer crime in the world.

The Documentary Electronic Communications Association is developing a
concept for information security that would expand an earlier
presidential decree on information security, said Alexander Sundukov,
deputy head of the Communications Ministry's security department.

The document should be adopted later this year, he said.

The original concept of information security scarcely touches on
protecting telecommunication systems.

The greatest threat to telecoms infrastructure is excavating
equipment, which often damages communication lines during construction
operations, said Azat Yarmukhamet, one of the developers of the
concept and director of communications with the Kazan-based ICL-KPO
VS. Theft of cables and their sale as scrap is another major problem,
he said.

Hackers and viruses, however, are the greatest danger to computer
systems in the West, according to a survey by the KPMG auditing and
consulting company.

One company lost $10 million after a so-called postal virus penetrated
the company's e-mail system. The name of the company was not revealed
in the report.

"The main problem is that many companies clearly overestimate the
means they have at their disposal for protecting information," said
Sergei Tatarchenko, the head of KPMG Russia's risk management
department.

"Having wasted millions of dollars on implementing security systems,
companies often don't even check their effectiveness."

Ninety-six percent of the respondents to the KPMG survey said they had
confidence in their information defense systems. But further
questioning revealed that only about 35 percent of the companies had
actually tested their systems, while 52 percent had no system for
detecting hacker intrusions.

Many companies suffer from simple technical failures, and almost 12
percent of companies suffered major losses due to electricity cuts.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.