Business security depends on people

[InfoSec News <isn () c4i org>]

Forwarded from: William Knowles <wk () c4i org>

http://www.santacruzsentinel.com/archive/2003/June/12/biz/stories/01biz.htm

By JENNIFER PITTMAN
Sentinel correspondent
June 12, 2003 

SCOTTS VALLEY - Patents and copyrights aren't enough to safeguard a 
company's treasures, according to Curtis Coleman. The director of 
worldwide electronic security for Seagate Technology touts the need 
for an increasing holistic view of corporate security in a competitive 
world.

Coleman's job is to look for trouble, preferably before it happens by 
scoping out potential vulnerabilities that could put his employer's 
business in danger. He is charged with safeguarding the international 
company's proprietary information, which includes technology the 
company develops and uses as well as data and business systems.

As the main speaker today at the Santa Cruz-based Intellectual 
Property Society luncheon, Coleman aims to link high-tech security 
issues pertinent to business with the everyday security issues that 
companies often overlook.

"Most people think corporate espionage is only in the movies and has 
nothing to do with the ordinary company that might just be getting 
formed, but what we've discovered in the last three to five years is 
that there's an increase in five areas in how intellectual property is 
getting out of companies," Coleman said. "People are very lax about 
security. They think they don’t have to secure anything." 

Coleman, a former U.S. Air Force commander specializing in computer 
security systems, helps train law enforcement in computer forensic 
techniques as well as security management courses. He will cover the 
five problem areas, as well as corporate espionage, and the bridge 
between high-tech and no-tech security solutions.

"Usually we talk about legal rights," said Patrick Reilly, founder and 
president of the Intellectual Property Society. "But there is a 
pragmatic issue of how physically you protect your property." 

Intellectual property security isn't just important for 
tech-development companies, Reilly said. It's important for artists 
and small businesses of all kinds that need to protect their 
competitive secrets about how they win business.

While many smaller and midsize companies may not think they need to 
protect their intellectual property, or only need to protect 
information about a specific design or product, Coleman says that 
companies of all types and sizes are relatively ill-equipped to 
protect themselves. 

Hired investigators in a growing market for competitive intelligence 
can learn a lot about a company simply by collecting pieces of 
information that is often considered innocuous, such as how late 
people stay at an office or how behind in bill payments they are. The 
fact that engineers suddenly stop publishing reports on new 
technologies may indicate a startup is under way.

Coleman is especially wary of friendly little phone conversations 
involving seemingly innocuous details about a company's routine 
business that reveal information a company might not normally want to 
share. 

"Most people think getting something that's high technology is going 
to protect them," Coleman said. "But the human firewall is key to 
protecting intellectual property."

According to the Eighth Annual Computer Crime and Security Survey 
released this month by the FBI and the Computer Security Institute, 
theft of proprietary information caused the greatest financial loss - 
about $70.2 million - among 251 organizations interviewed this year. 

The second most expensive computer crime among survey respondents was 
denial of service, at $65.64 million, according to the survey. 
Computer viruses and insider abuse of network access were the most 
commonly cited forms of attack or abuse.

On the brighter side, financial fraud was only about $10.18 million 
compared to almost $116 million reported last year, and while there 
were about the same amount of unauthorized computer use at 
organizations, resulting annual losses were down from 2002, to 2001 
figures.

The survey included business, government, education and legal 
respondents. The authors noted that most respondents said they don't 
report intrusions to law enforcement for fear of negative publicity 
and competition. 

According to the FBI/CSI report, only 30 percent of the respondents 
reported computer intrusions in the last 12 months. 

Scotts Valley Police Detective Sergeant Donna Lind, who heads the 
Santa Cruz County High Tech Crime Investigators Association, said 
identity theft is the largest growing crime nationwide and is costing 
individuals and businesses more each year. 

"We have had businesses where their records have been taken," Lind 
said. "They've obtained personal records, PIN numbers and passwords. 
The crooks that we're dealing with are becoming more high tech."


 
*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.