Security

Human error and complacency biggest IT security threats

  • Email a Friend
  • Print Page
Human error and complacency biggest IT security threats
Related Articles
Breaking Stories
By Lilia Guan
May 6, 2008 2:17 PM
Tags: Human | error | and | complacency | biggest | IT | security | threats

Human error and complacency remain the biggest threats to an organisation's IT security.

According to security service providers, organisations can spend a million dollars on a solution but it won’t protect the business from threats often caused by lack of staff education.

A recent survey conducted by Galaxy Research has found that only 33 percent of IT managers believe converging online threats are a major problem to their company’s security systems.

Despite their lack of concern, in the month of March alone, security software vendor MessageLabs found 2.9 million spam emails with links to Storm malware were received, proving that these converging security threats are both real and widespread.

Frank T. Windoloski, general manager Commercial Security Solutions at Verizon Business said the survey certainly rings true for him. Feedback he is receiving in the managed security field is that hackers are constantly inventing new ways to try and break into organisations.

“These people are strides ahead of everyone else. In a typical working environment most people believe that technology alone will deter hackers into breaking into an organisation’s network,” he said.

On the other hand, when an organisation does incorporate a security policy, Windoloski said these company policies are a blanket policy of denial. He argued these businesses believe if they deny access to social Internet sites to their employees, then they are safe from harm.

“Just because they are not seeing someone steal the mail doesn’t mean it’s not happening. Some of the employees, especially those just out of University, can easily get around those types of security policies,” he said.

Most organisations believe a blanket approach to disallowing user’s access to social networking sites will stop potential virus outbreaks. According to security resellers, businesses become complacent once a security product is installed and rely solely on the product to protect the organisation.

According to Lee Curtis, business development manager for security service provider Ice Systems, many organisations aren’t clued up on security issues and turn up the paranoia level or they put all their trust into technology and their staff.

“All it takes is someone from the inside of an organisation to make a mistake and let the bad guys in. That is why a lot of these hackers are targeting social networking sites, because they realise it’s the humans that make an organisation vulnerable. These days you can find out everything about an organisation very easily, including their weak spots,” he said.

With that in mind companies can’t be complacent when it comes to IT security said Curtis. They must be able to take the technology they have and make sure all of their staff are well educated on the security vulnerabilities of an organisation.

“It is so easy to buy a million dollar security solution, and expect the high price tag to protect an organisation. In most cases it has been human error and not technology that’s the problem. At least 80 percent of people are forcing the bad guys to go through the human route, because that is the easiest way to attack an organisation. It would be simpler and cost effective for an organisation to look after its staff then to implement a crack a security system,” he said.

Curtis recalled a story he recently heard from a security expert working at a national bank in Australia. The security experts job was to conduct ‘penetration tests’, so according to Curtis this person put on a Telstra shirt, walked into the bank’s building and said the organisation’s switch was down. He created a lot of huff and puff; so the building’s security agents let him walk through to the switch room.

“It was very rare for an organisation to pass this ‘penetration test’. It wasn’t technology that failed the bank, it was the human element. I believe that a combination of processes, policy, technology and staff education will keep the bad guys out of an organisation,” Curtis said.

There is no great panacea to securing a business, the challenge is for an organisation – at a managerial level – to let go of their paranoia and/or security blanket (technology) and implement a well rounded process to ensuring the IT security of an organisation isn’t compromised.
 
 


Comments

Be the first to comment on this article.
Thoughts on this article? Add a comment below.
Comment:
Want to participate in the discussion?
Or log in now to comment


Top Stories
HP's rap by ACCC forces changes
HP's rap by ACCC forces changes
HP Australia has moved to Crossmark, for the management of reward fulfillment and developed an online claim process.

 
Education VARs: the next killer app for K-12?
Education VARs: the next killer app for K-12?
Smartboards and stimulus were hot topics at this week's National Educational Computing Conference in Washington DC.
 
Channelweb.com News Quiz -- June 2009
Channelweb.com News Quiz -- June 2009
How well do you know the IT channel?
 

Shortcutsall you need to know on...

  • NBN 
  • Windows 7 
  • Unified Communications 
  • Twitter 
  • Virtualisation 

Latest Comments

"Hi Cecil, Tony Lagan from Sony made it clear that is the very case. Thanks for your input. "
on Sony secures surveillance for resellers
by lguan Jul 1, 2009 6:33 PM
 
"Cool, I shall jump in my DeLorean right away, and head off to the Google developer day :-) Back ..."
on Google opens six-star Sydney ‘Googleplex’
by jgcertified Jun 30, 2009 10:11 PM
 
"A key issue for organisations is the complexity of licensing, particularly with the wide range ..."
on How resellers benefit from SAM
by easysam Jun 30, 2009 6:50 PM
 
"All these $150-$200 predictions assume that $40 million will be paid by home and small business ..."
on NBN keeps industry guessing
by peterh_oz Jun 30, 2009 5:06 PM
 
"I read eon below link unencrypting takes along time and another limitation appears to be if ..."
on First look at Windows 7 security
by kWAT Jun 30, 2009 9:56 AM
 

Polls

Has dealing with email security become easier?
   |   View results
The war on junk viruses is never ending, just when one thing is fixed another pops up
  37%
 
Hardware and software has become better at dealing with spam, fake email and virus attachments
  40%
 
Users are the key to dealing with email deluge they just need to be smarter about it
  23%
TOTAL VOTES: 57

Vote now
view previous polls »

CRN Magazine

Issue: 268 | June, 2009

CRN Magazine looks in-depth at the emerging issues and developments for the Channel, and provides insight, analysis and strategic information to help resellers better run their businesses.

Popular Tags

biggest business cloud complacency computing data email human internet microsoft network resellers secure security service software symantec threats web windows