Targeted attacks on IT security have thus replaced human error as the main cause of system faults. The attacks are not only annoying, they also cause significant damage, as Informationweek’s 2005 study “IT-Security 2005” identified. In Germany only a minority of around 20 percent of IT managers responded that they had not suffered any financial loss as a result of attacks on data security. In the previous year this figure was over 30 percent. Over 35 percent were faced with losses of up to 10,000 Euro, an increase of around three percent. These results, which were evaluated in conjunction with Steria Mummert Consulting, are reflected across Europe. According to current figures from the Department of Trade and Industry (DTI), the average loss of profits suffered by British companies as a result of IT security breaches amounts to the equivalent of 14,000 Euro.
In all countries the careless behavior of employees is responsible for many of the security breaches. One example of this is the careless handling of passwords. Another way that sensitive information can fall into the wrong hands is by imprudent copying of data, for instance into the recycle bin of a publicly accessible computer.
German companies have launched a comprehensive awareness campaign targeted at their employees in an attempt to counter this state of affairs. This year a third of IT decision makers are intending to train their staff in the safe handling of information technology. That is three times as many as in the previous year. The main aim of this measure is to sensitize employees to the issue of data security. The task facing IT experts is similar across the globe. For instance, one in three British companies has in place a new security strategy for employees. Here the focus is on more rigorous checks of work processes. Globally 88 percent of all international companies are planning to improve employee training and set up a more efficient system of IT monitoring.
Risks lurk in spam mails
After computer viruses, worms, and Trojan horses, the respondents regard spamming to be one of the biggest risks. The mass sending of unsolicited commercial e-mails that clog up servers and desktops, thus lowering companies’ productivity, takes second place on the list of dangers specified by 62 percent of IT managers surveyed in Germany.
Hacker activity is on the decline as compared to 2004. Instead of 66 percent, now just around 56 percent of IT managers suspect hackers of being the probable originators of disruptions or spying attempts. However, since the number of disruptions actually increased at the same time, it is becoming increasingly difficult for IT experts to pinpoint the originators of attacks on data security. More than 29 percent of managers are unable to identify the persons attacking their IT systems. In the previous year this figure was only around 19 percent. In Great Britain the number of hacker attacks rose slightly by three percent. It was mainly large companies who were affected by data theft or fraud. This risk scenario is also reflected in the USA. 31 percent of companies hold what is known as malware to be the greatest threat to IT security.
Wireless networks open the floodgates to intruders
Outside the companies, the risks posed by wireless computer networks are an increasing cause for concern. Today’s widespread radio-based systems, which are used by 54 percent of those surveyed in Germany and around 33 percent in Great Britain, transmit the data in a circular fashion via a transmitter. However, radio waves do not stop at the boundaries of buildings. In practice this means that unauthorized parties can also log on to the network’s wireless communication. In many cases this provides a means of bypassing a firewall and obtaining access to the internal company network.
This “drive-by hacking” can generally be achieved via a simple modification of the network software. The potential for abuse is manifold. The unauthorized party can access a third party’s Internet connection and use chargeable services that are then invoiced to the subscriber. The door is also open to the theft of data and manipulation of confidential content. According to the DTI, only around half of the wireless networks in Great Britain have protective security measures in place. Similar studies in Germany arrive at the same result. In view of this risk, around 22 percent of those surveyed in Germany want to increase the security of their wireless networks. That represents a seven-fold increase in numbers as compared to the previous year.
Beware public computers!
Alongside wireless networks, computers with public access, for instance at international airports, pose considerable risks for data security. For instance, e-mails containing sensitive company data can find their way into the outboxes of the pre-installed programs or are copied into the software’s recycle bin and forgotten about, available for everyone to see.
In this area, too, the awareness of IT experts to tactical security has increased considerably. In Germany around 30 percent want to improve monitoring – which corresponds to an almost tenfold increase. According to the experts, the situation can be considerably improved by increasing awareness among employees about handling sensitive data and introducing technical security settings on the devices.
In many cases, these processes entail investments that are not provided for in the budgets of international companies. In Great Britain, for example, companies invest just three percent of their total IT budget in necessary security measures. However, experts recommend a proportion of five to ten percent.