Insiders Still the Greatest Risk to Data Security
Studies on IT security keep pointing out that employees' careless actions are greatly responsible for companies' overall threat to information security. This is the highlight in a report that RSA released on December 10, 2007. RSA is a security wing of EMC, the enterprise storage firm.
RSA conducted the survey in November 2007 through questionnaires to 126 people who were corporate or government employees in Washington, D.C. and Boston.
During the interviews, 35% of respondents said that they consciously ignored the established security procedures and policies of their organizations only to perform their jobs without hindrances. In addition, more than half or 63% of respondents admitted forwarding work files to their own e-mail addresses in order to complete the tasks later at home.
According to the report, threat arising from well-intended insiders, including the employees, partners, suppliers, contractors, consultants and visitors who have access to the organization's information assets, greatly adds to that from the same insiders but with malicious intent who deliberately spill out sensitive data to make personal monetary gain, or to fulfill other criminal objectives.
A major 56% of respondents informed that they sometime or frequently use their company e-mail on public wireless connections. Another 52% declared that they accessed their company e-mail from public PCs.
Data assets are the true assets that relate to information. So the basic requirement is to minimize risks surrounding company information, said vice President of marketing and product management for Bedford, Sam Curry. ChannelWeb NETWORK reported this on December 10, 2007. Bedford is the Massachusetts-based branch of RSA. The crooks, who are up to committing fraud, are driven with high financial motive. However, it is possible to reduce much of the risk by eliminating the innocent errors, Curry said.
The latest SANS Top 20 for 2007, the year's list for most severe security threats, too noted that the weakest point in the security chain is related to computer users.
While RSA suggests in its report that adding security mechanisms to business activities could lessen these risks, it accepts that users' disregard for security policies are partly to blame the makers of those rules.
Related article: Inqtana.d Installs on Macs Using Bluetooth
» SPAMfighter News - 23-12-2007