Report Shows Internal IT Attacks Rising
Internal attacks on computer systems are overtaking external attacks at the worldâ€™s largest financial institutions.Â
Thatâ€™s a key finding from the 2005 Global Security Survey conducted by Deloitte Touche Tohmatsu.Â In the annual survey, 35% respondents said that in the past 12 months, theyâ€™ve suffered attacks that originated inside the organization.Â Thatâ€™s a massive increase over the previous yearâ€™s 14%.
By comparison, 26% said they were attacked by outside sources, up from 23% the prior year.
Why the shift?Â Experts say the growth in external attacks has slowed because financial institutions have become more effective at deploying technological defenses that fend off outsiders, such as intrusion-detection systems, anti-virus software, and content filtering and monitoring.
The result is that criminals spend less energy directly attacking banksâ€™ IT systems.Â Instead, they search for the traditional weak link in any security system: a human being.Â
Disgruntled employees and former employees, or workers in desperate financial need, are highly sought after by â€œsocial engineersâ€ who view such people as their key to the bank vault.Â These workers â€“ especially those familiar with the enterpriseâ€™s computer and network operations â€“ are convinced to help criminals steal customersâ€™ personal information, proprietary competitive data, and other vitally important information.
Part of the problem according to the survey, is that only 65% of companies have trained staffers to spot suspicious behavior in co-workers.Â Experts say that employees with sudden newfound (and unexplained) money, or those embittered by a missed promotion, are likely candidates to steal data from the company, or help others do so.
Â© National Security Institute, Inc. â€“ This article is the property of the National Security Institute and my not be copied or redistributed in any fashion without an appropriate licensing agreement.Â For more information and FREE samples, visit http://nsi.org/SECURITYsense2.html.