While companies spend millions to erect firewalls and to protect themselves from external attacks, there seems to be a lack of attention...
After about 10 years of unsuccessfully trying to take Troy, the Achaeans (Greeks) finally overcame the city from within, hiding inside a wooden horse which the Trojans (believing they had won) happily dragged into the city as a trophy. Therein lies a lesson for companies scrambling to protect their computer systems from outside threats.
Today, companies are under siege from hackers who steal everything from passwords, credit card numbers, confidential personal information and corporate data. Even government agencies, embassies and financial institutions have become prey to hackers who go by ominous sounding names like Anonymous, LulzSec, Honker Union and NCPH.
The impact of hacking on corporate security and survival has given rise to IT security companies all over the world dedicated to protecting corporate information and preventing unauthorized use of computers. These companies are headquartered in the USA, Mexico, China, South Korea, Japan, Israel and many countries in Europe like Germany, the UK, and Poland.
It's a Huge Global Market
The overall cyber security market was expected to reach US$60 billion in 2011, according to a report from Price Waterhouse Coopers. The market is expected to grow by 10% every year for the next three to five years. The private sector spends more on cyber security globally, except for the USA where the government spends as much as the private sector does. The major drivers of cyber security spending listed by pwc are:
- Increase in cyber threats from new players and new modes of attack
- More vulnerability especially because of mobile devices and cloud computing
- Increased awareness of cyber threats
- Technology changes calling for new solutions
- More regulation requiring personal data security
- Increase in the outsourcing of security services
The threat of online security attacks has produced companies like Symantec, Trend Micro, McAfee, Kaspersky and many more that create software designed to protect companies from internet hackers. Reports by the Top 100 Research Foundation show that the security software market was valued in 2009 at US$16 billion, growing by 17% to US$21 billion in 2010. The market for the antivirus software segment is growing faster than that for firewalls and intrusion detection.
Remember the Trojan Horse
While companies struggle and spend millions to erect firewalls and detection systems in order to protect themselves from external attacks, there seems to be a lack of attention paid to an even bigger threat lurking within their own organizations.
Research by KPMG shows that insiders are the biggest perpetrators of fraud. Over 1,300 audit committee members polled by KPMG around the world revealed that more than 30% are not satisfied with the attention given to IT security risks. A poll conducted by Deloitte & Touche showed that almost one-third of security breaches in financial services companies were traceable to employees. More than 90 % of the institutions claimed that the risks would come from internal sources.
The information management firm Iron Mountain surveyed 2,000 office workers across Europe. About 30 % admitted to having taken confidential information out of the office and 50 % would have no qualms about taking information with them when they transfer jobs.
What's at Risk?
All sorts of confidential information are at risk from employees, even when a company has specific policies that prohibit employees from taking out company data. The main targets and the percentage of employees who take them out are:
- Customer databases especially when employees switch jobs (51%)
- Corporate presentations (46%)
- Company proposals (21%)
- Strategic plans (18%)
- Product development roadmaps (18%)
It Isn't Always Malicious
As far back as 1988, the 60,000 computers connected to the internet started to slow down. The culprit was a malicious code that spread itself between computers. Traced to a graduate student of Cornell University, he claimed that all he wanted to do was "count how many machines were connected to the internet." Employees who take out company information don't always do so out of malice or intent to hurt the company.
More than 65 % of employees who take out information believe that they have a right to information which they created or developed. 75 % do so because they think the information will help them in their new jobs. But 30 % of employees say they would deliberately take away and share confidential information if they are fired.
It isn't always clear either
Much of the blame for information pilferage by employees can be traced to inadequate information security procedures. The Deloitte survey showed that 25 % of the financial organizations quizzed did not have any information security training for employees in over a year, while only 30 % said that their staff was qualified to respond to security needs.
The Iron Mountain study confirmed this lack of security systems and procedures as a major contributing factor in information loss attributable to employees. Almost 30 % of those surveyed said they didn't know about any company guidelines regarding which information they could or could not take out of the office.
The lessons from the Trojan War are worth remembering where computer security is concerned. If a business doesn't let its guard down, the way the Trojans did, it would be a lot less vulnerable to being overwhelmed by the enemy within.
Photo credit: malware-news.com
Lewis Edward is one of the owners of TheOfficeProviders. He is a real estate investor with many interests in other sectors. Lewis researches and contributes various written features for TheOfficeProviders in areas regarding real estate, including serviced offices and Office Space for Rentand general business and economy matters. Lewis is experienced in the inner workings of both the traditional and flexible workspace industries and has developed close links with various figures in real estate circles, as well other circles.