For too many years companies have relied too heavily on their IT departments to protect them from harm, and have been lulled into a false sense of security. From 2008 things are about to get a whole lot worse.
Delegates attending this week's ASIS International Asia Pacific Security Conference in Singapore listened to IT security expert and Vice Chairman of the ASIS Economic Crime Forum, Jon McDowall, explain how, with just a simple click onto a MS Word file attached to an email from an unknown source, the contents of an entire C drive, or worse still a network drive, can be remotely copied by an internet user thousands of miles away.
Not only will this intrusion not be stopped by a firewall, anti-virus software or anti-spyware software, but the data transfer activity will most likely not flag up as abnormal activity, and you will never know that your most secret or personal data is in the hands of an adversary, competitor, fraudster or ID thief.
How do your adversaries get hold of this spying software? It’s freely available on the internet, and no special skills are required in order to use it.
A cause for concern? An understatement, suggests McDowall!
The solution? 2008 must see companies intensify their education of all IT users against social-engineering threats such as these. If you are holding another company’s sensitive data and one of your employees is tricked into opening a “malware-seeded” MS word file from an unknown source – and the sensitive data is compromised – you should prepare to be sued, and possibly named and shamed.
By attending programmes such as ARC’s Information and IT Security Seminars, you will be made aware of threats such as these, and many others. Ignorance is no defence if the worst happens!
Seminar dates for 2008 are:
7 April, 11 August, 24 November
Seminars are also available in-house, on request.