- +
Auditor general finds Canadian gov't failing security test 15/11/2007 20:06:15
Auditor General lashes out at governments ineffectual security practiceCanadian government agencies are failing to meet security standards on industrial contracting procedures, leaving sensitive government information vulnerable. - +
Why You Shouldn't Look for Your New Job on Company Time 19/12/2007 11:50:55
An open-source algorithm called Author-Topic is now being investigated for analyzing corporate e-mail to flag employee behaviour and attitudes. - +
Foreign Office breached Data Protection Act 14/11/2007 11:31:39
Security hole meant personal data of people applying for UK visas was visible to other usersThe UK Foreign Office has been slammed for breaching the Data Protection Act after a probe by the Information Commissioner into a security flaw on a website used by people applying for UK visas.
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Email Archiving Implementation: Five Costly Mistakes to Avoid
Web Security SaaS: The Next Generation of Web Security
Optimized Back-up and Recovery for VMWare for VMWare Infrastructure with EMC Avamar
Why Security SaaS Makes Sense Today
Email Archiving 101—Customer Case Study
Wireless LANs: Is my enterprise at risk?
Improving Sales Productivity: An Opportunity for Sales and IT Leadership
Solve Exchange Storage Problems Once and For All: A New Approach without Stubs or Links
Zones provide focussed content from Computerworld and leading technology partners.Newsletter Subscription
Corporations are woefully unprepared to counter attempts at corporate espionage, say experts who perform vulnerability assessments designed to uncover security weaknesses. US corporations lose as much as US$300 billion a year to hacking, cracking, physical security breaches and other criminal activity, according to Ira Winkler, author of Spies Among Us (Wiley, 2005) and president of the Internet Security Advisors Group, which performs espionage simulations and provides other services.
Although espionage is usually associated with high-tech approaches involving wireless security breaches and zombified PCs, low-tech tactics such as walking into a building are common, says Johnny Long, a security researcher at Computer Sciences Corporation and author of No-Tech Hacking (Syngress, 2008).
"To me, computers are irrelevant," Winkler says. "It's about what data do I want, what form does it take, and how can I steal it?"
Any company can be a target, says Peter Wood, chief of operations at First Base Technologies, a UK-based consultancy that performs ethical hacking services. Spies are interested in anything from financial data to intellectual property and customer data. They might steal information for blackmail purposes, but "the most common motive for physical intrusion is industrial espionage," he says.
Here are several of the most common ploys and the countermeasures you can put into place to spot -- and possibly even stop -- the work of a spy.
Tailgating
One of the most disturbingly successful ways for outsiders to infiltrate an organization is also the least high-tech: following an authorized employee through the front door. "In 90 per cent of the companies I've worked with, it's so simple to get in, it's pathetic," Winkler says. To blend in, the spy might hold a cup of coffee or a sandwich, dress in a suit minus the jacket or even wear a counterfeit badge.
Antismoking regulations have also made it simple to sneak into buildings through the back door, where smokers tend to huddle, Wood adds. And Long claims to have walked right through delivery or loading dock doors.
Once they're inside, spies have lots of ways to access sensitive information. They can pose as IT support personnel, photocopying papers they find on unattended desks or at printers. Or they can just walk into an empty meeting room, plug in a laptop and pull data off the network. In that scenario, a convincing ploy is for spies to work in pairs, with one posing as a consultant and the other as an employee, says Wood, who has used that tactic. If someone enters the room, Wood says he apologizes for the "double-booking" and moves on. "It's just a matter of having the right attitude and being confident," he says.
How to stop them: According to Winkler, you can't just establish policies; you must also enforce the rules that prohibit security guards, receptionists and other workers from letting people into the building if they can't prove that they're employees. Companies also need to set clear procedures for reporting suspicious people. No one wants a vigilante culture, "but if you see someone acting unusually, you should make note of what that person is doing," Winkler says.
Computerworld Member Login
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
Computerworld Live Podcast #97: The Future of Enterprise Networking 25/07/2008 09:45:36
This week CW Live chats with Mark Thompson, global sales and marketing manager for HP ProCurve, on the future of the enterprise networking. Mark discusses the trends we can expect to see in the near future and how the right infrastructure can ensure your enterprise network is secure. - +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future.
Sound Alliance Group expands with acquisition of Mess+Noise 2008-10-14 08:48:00+10
Sterling Commerce Introduces New Managed File Transfer Capabilities That Cuts Server Change Management Time in Half 2008-10-14 08:41:00+10
Simms Exclusive Distributor of Cygnett MP3 Accessories 2008-10-14 08:10:00+10
Acronis True Image 2009 makes protecting home computers easier than ever 2008-10-13 14:10:00+10
NetStar Networks Calls Brisbane Home 2008-10-13 12:01:00+10
Still Sneaking In: The Threats Your Security Tools Aren't Telling You About
Web 2.0 applications are all the rage, offering us tremendous value when it comes to collaboration and communication. They also open us up to new kinds of attacks however, and can cause problems in keeping systems and data secure. Read on to learn about the new attack methods and how you can defend yourself and your business.
