A far cry from today’s highly organised and sophisticated bandits, with high performance computers, network sniffers, switched on hackers, infiltrating software and highly motivated planted operatives.
While the former makes for exciting cinema viewing the latter makes for big time computer fraud.
There is no doubt that computer crime is not only on the increase but the perpetrators are also becoming more and more imaginative, with an increased emphasis on direct infiltration (according to a study commissioned by the National Hi-Tech Crime Unit (NHTCU) 68% of information stolen was done by insiders). What can the potential victims do to stop this ever increasing treat?
The simple answer is – look out for everything; and then look again. There is no simple solution. The most effective answer, already adopted by many of our major and more progressive companies, is to establish a dedicated security department reporting directly to the main board and having the authority to impose those standards and procedures necessary to close the gaps in the system.
With a well structured security department in place the most effective plan must be to formulate a hit list which will address each of the security components that most affect the particular nature of the business. Every business will have its own view of what elements constitute the greatest risk to its data security and consequently it’s vulnerability to fraudulent attack but there are some common basics that should be addressed by all. These basics would include the effective use of Anti-Virus software, preferably a version that automatically updates itself to the latest level, a very solid hardware Firewall also maintained to the latest specification and of great importance a very effective email control system (DMZ) kept under very tight control.
So much for the basics, what else can be done to make a significant impact on overall data security? For companies where there is a tangible value to their data (banks, commercial lawyers, government, military etc,) one of the first priorities must be the implementation of a solid Network Data Encryption system, ideally a hardware based system, which is both immune to unwelcome infiltration and provides far greater performance than is available by using software encryption.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.