Security Conference Highlights Modern-Day Threats

Chicago recently hosted the Security Standard conference, in which representatives from across the Security Industry discussed the factors affecting it in 2007. Covering the wide panorama of security threats, older subjects such as corrupt software/malware, viruses and hackers were revealed as still significant, while newer fears, such as internally-launched corporate breaches, also received coverage.

As detailed by the Corporate Vice President of Microsoft's trustworthy computing venture, Scott Charney, varying forms of threat could affect various types of firms. "There are certainly a lot of large companies and government agencies who are very worried about the escalation of nation-state activity in cyberspace," he stated. "The threats related to financial crimes and identity theft, for a lot of companies, are not just about the threat but compliance: making sure you're in compliance ... and how to prove it."

In spite of figures, unveiled at Security Standard, which highlighted how external security breaches were still more commonplace than those on the inside, the notion of data leakage came under a significant spotlight. Data leakage refers to internal employees of a firm transmitting sensitive information to sources outside the corporate network - either accidently or maliciously. It has now taken on such form within Security that dedicated anti-data leak firms have begun to spring up.

At the conference, one industry expert focused on the performance aspects of the products developed by these firms. He, The 451 Group's Nick Selby, informed those gathered there that, although anti-data leak (ADL) tools were adept at identifying instances where company data was accidentally exposed, no software existed that could ultimately safeguard against intentional acts of leakage. Said Mr Selby: "My advice to vendors is to stop saying you're going to fix [the data-leak problem] when you can't; concentrate on mistake avoidance and compliance".

He added that, in 98 per cent of circumstances, data leaks occurred due to "stupidity or accident". "While ADL tools can pick up these leaks, they have "no chance...with skilled professionals who have a reason to take something", he stressed.

Another area focused on was that where data is altered, rather than stolen. "In some circles [the biggest threat] is data integrity, which gets less attention, but there are concerns about people altering the data upon which we're reliant", said Mr Charney.

A further opinion offered came from another security expert, who highlighted the need to take threats into account that are not directly associated with the networks in question. "I think the biggest threat is the IT security mentality; the idea that risks are IT risks and security is about IT security, when tons of bad things can happen through breaches in physical security or even something as simple as dumpster diving", said 4A International's Steve Hunt. He added: "People talk about data-leak prevention, just jump into anybody's dumpster and you could tear down a whole company with what you find in the recycling bin."

Source - Security International's US Correspondent

Recent data-related News Items:

Chinese Pentagon Cyber-Attack Precedes Larger Hacks

Japan Investigates Leak of US Military Data

Security News Index

© Copyright 2008 Copybook Solutions LTD

All rights reserved. Reproduction in whole or in part without permission is strictly prohibited.

Site developed and hosted by Webselect Internet Solutions

• Home
• Suppliers A-Z
• Articles
• Products and Services
• Exhibitions
• Glossary
• Associations
• Add your Company
• Subscribe to E-Zine

• Corporate Info
  • Copybook Home
  • Contact Us

• What is RSS?