When it comes to security most of the time we always think
about keeping an unauthorized user out of the system. We never really think about the internal
threats to networks. These threats
consist of employees writing their passwords on their desk calendar or putting
it on a sticky not and placing it under their keyboard. They also consist of an employee or employees
banding together to steal money, customer data, products, etc. We also never think about employees bring in
infected media and running it on company computers or the IT department cutting
corners in security. All these things
can be damaging to a companies’ system. I
found this article titled “Security is not just external- Don’t Forget the “Other”
Security”. This article talks about a
few security incidents that took place internally and not externally. Most of the incidents noted in this article can
be contributed to lack of awareness, bad judgment, and stupidity. I must say that I agree with his article. Most external hackers are usually after
money. What’s the different between them
stealing data to commit fraud or to sell on the black market for money and an
employee or employees banding together to steal thousands to millions of
dollars from business. Employees steal from companies by taking products,
customer records and company secrets to sell on the streets. They also take from companies when they
introduce infected e-mails or files to the organizations network. Depending upon how bad the situation is, the
company can lose money in downtime while the situation is being contained and
cleaned-up. I considered this to be bad
judgment especially if your company has information awareness training and you
choose to ignore it. The article can be
found at: http://www.securityweek.com/security-not-just-external-dont-forget-other-security
No comments:
Post a Comment