Human error and complacency biggest IT security threats

Powered by SC Magazine
 

Human error and complacency remain the biggest threats to an organisation's IT security.

According to security service providers, organisations can spend a million dollars on a solution but it won’t protect the business from threats often caused by lack of staff education.

A recent survey conducted by Galaxy Research has found that only 33 percent of IT managers believe converging online threats are a major problem to their company’s security systems.

Despite their lack of concern, in the month of March alone, security software vendor MessageLabs found 2.9 million spam emails with links to Storm malware were received, proving that these converging security threats are both real and widespread.

Frank T. Windoloski, general manager Commercial Security Solutions at Verizon Business said the survey certainly rings true for him. Feedback he is receiving in the managed security field is that hackers are constantly inventing new ways to try and break into organisations.

“These people are strides ahead of everyone else. In a typical working environment most people believe that technology alone will deter hackers into breaking into an organisation’s network,” he said.

On the other hand, when an organisation does incorporate a security policy, Windoloski said these company policies are a blanket policy of denial. He argued these businesses believe if they deny access to social Internet sites to their employees, then they are safe from harm.

“Just because they are not seeing someone steal the mail doesn’t mean it’s not happening. Some of the employees, especially those just out of University, can easily get around those types of security policies,” he said.

Most organisations believe a blanket approach to disallowing user’s access to social networking sites will stop potential virus outbreaks. According to security resellers, businesses become complacent once a security product is installed and rely solely on the product to protect the organisation.

According to Lee Curtis, business development manager for security service provider Ice Systems, many organisations aren’t clued up on security issues and turn up the paranoia level or they put all their trust into technology and their staff.

“All it takes is someone from the inside of an organisation to make a mistake and let the bad guys in. That is why a lot of these hackers are targeting social networking sites, because they realise it’s the humans that make an organisation vulnerable. These days you can find out everything about an organisation very easily, including their weak spots,” he said.

With that in mind companies can’t be complacent when it comes to IT security said Curtis. They must be able to take the technology they have and make sure all of their staff are well educated on the security vulnerabilities of an organisation.

“It is so easy to buy a million dollar security solution, and expect the high price tag to protect an organisation. In most cases it has been human error and not technology that’s the problem. At least 80 percent of people are forcing the bad guys to go through the human route, because that is the easiest way to attack an organisation. It would be simpler and cost effective for an organisation to look after its staff then to implement a crack a security system,” he said.

Curtis recalled a story he recently heard from a security expert working at a national bank in Australia. The security experts job was to conduct ‘penetration tests’, so according to Curtis this person put on a Telstra shirt, walked into the bank’s building and said the organisation’s switch was down. He created a lot of huff and puff; so the building’s security agents let him walk through to the switch room.

“It was very rare for an organisation to pass this ‘penetration test’. It wasn’t technology that failed the bank, it was the human element. I believe that a combination of processes, policy, technology and staff education will keep the bad guys out of an organisation,” Curtis said.

There is no great panacea to securing a business, the challenge is for an organisation – at a managerial level – to let go of their paranoia and/or security blanket (technology) and implement a well rounded process to ensuring the IT security of an organisation isn’t compromised.

Human error and complacency biggest IT security threats
 
 
 
Top Stories
Meet FABACUS, Westpac's first computer
GE225 operators celebrate gold anniversary.
 
NSW Govt gets ready to throw out the floppy disks
[Opinion] Dominic Perrottet says its time for government to catch up.
 
iiNet facing new copyright battle with Hollywood
Fighting to protect customer details.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  26%
 
Sourcing and strategy
  12%
 
IT infrastructure (servers, storage, networking)
  21%
 
End user computing (desktops, mobiles, apps)
  15%
 
Software development
  26%
TOTAL VOTES: 335

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  57%
 
No
  43%
TOTAL VOTES: 139

Vote