What can be the consequences for employees who are voluntary or involuntary responsible for data lost or for having let something wrong happen?

Today, employees represent the single biggest security threat for the simple reason that we haven’t addressed the problem. That’s because IT designed to prevent intrusion from the outside cannot handle the task of keeping confidential data inside the organization. According to Gartner, 84% of high-cost security incidents occur when employees send confidential data outside the company.

 

It’s easy to see why employees, not hackers, now pose the greater threat. To violate information security, an intruder has to figure out how to break into the network, then locate, obtain and distribute the desired data – all without being detected by today’s highly effective firewall, network security and intrusion-detection systems.

On the other hand, think of all the people inside the company who have already access to customer, employee, product and financial data. These same people also have instant access to the Internet. How easy is it for a call center representative to e-mail confidential customer data to a competitor? Or for a software engineer to send source code out along with his résumé? And what’s to stop an administrative employee from leaking quarterly earnings via instant messaging?

Common sense tells us the employee threat is huge, and industry research confirms it. Vontu’s risk assessment studies reveal that one out of every 500 outbound e-mails contains confidential customer, employee or financial data, intellectual property or competitive information. Our research  indicates that 95% of data loss incidents are unintentional.

Today’s network security systems are mostly designed to prevent intrusion from outside the network. To stop an insider threat, software has to meet entirely different requirements.

Derniers commentaires

Articles récents

Is it compulsory for companies to protect their data ? What are the responsibilities of the company regarding the law ?

 

Yes it is compulsory to protect at least the data coming from the customers :

 Law 2004-801  : companies are responsible of how they will protect data and what they do with it. Companies have to protect all personal datas which allows you to identify someone (names, adresses, mail address  credit card number). The time of conservation of these data depends on the type of its.

 

 


What is the IT security ? How is this important for an organization ?

Image de prévisualisation YouTube

 1. What is information security ?

 

It is the fact to protect data from your business. What kind of information would you like to cover, would you like strong/short security ? This is also the fact to determine who can access at what kind of information.

Let’s take the exemple of C.I.A :

C for confidentiality : protecting information from being disclosed to unauthorized parties. For example you don’t want everybody to access your sales figures.

I for integrity : protecting information from being changed by unauthorized parties. For example : Important document, contract.

A for availability : to the availability of information to authorized parties only when requested. For example a manager gets it when he needs it, customer gets it when he requests it.

 

2) How is this important for the organization ?

 

Information helps to forecast, to analyse, to do diagnostic. It gives a lot of information about the current situation. It could be a strategic key of actions for competitors. Information security has to be able to reproduce lost datas, or better, to not let them be opt-out/hacked.

 

  Consequences of a failure in IT security 

 The consequences are the following ones :

  • Fall behind competitors
  • stop of the activity during an undefined time
  • make bad forecast if datas were damaged
  • definitive stop of the company
  • a competitor sees your weaknesses
  • Be sued by a company or customer

 

Case Studies

 Playstation :

 One of the most recent hacker attacks that made the headlines in 2011 was perpetrated on Sony’s Playstation Network database.

More than 100 million Sony customers were affected last year when an unknown group of hackers breached into the network and scooped up data on their names, addresses, emails, login IDs, passwords, and credit-card numbers.

Nobody to date knows who was behind the massive attack, even though many pointed fingers at one of the biggest hacker groups in the last few years.

 Kevin Mitcnick :

 Described as “the most wanted computer criminal in United States history”,  Kevin Mitcnick started exploiting the Los Angeles bus card system to get free rides, then dabbled in phone hacking.

Mitnick’s mischief got serious when he went on targeting Motorola, NEC, Nokia, and Fujitsu Siemens systems, stealing corporate secrets, scrambling phone networks and infiltrating the national defense warning system.

Articles plus anciens

What is the link between IT and organization ?

What is the value of data in an organization ?

What is an information system ? What is its role ?

Bonjour tout le monde !

Serviceinfolasalle84 |
Victor |
We Are Wearable Devices |
Unblog.fr | Annuaire | Signaler un abus | Elkydesign
| It4b
| 4uranus