Walk In Data Attacks Biggest Company Security Threat

By Alan Harten

It’s hard to believe that all the highly educated and over-paid executives at major corporations would not be able to spot the tell-tale signs of large mounds of freshly dug earth, located on the grass just outside their corporate headquarters.

But apparently not, as many companies are failing totally to spot the presence of moles in their organisations, at least according to a new podcast interview from ISACA Conference Committee member Peter Wood.

In the podcast he shows how criminals are able to quite simply walk into company offices and walk out with freshly dug heaps of raw data.

He actually proved this is the case when he and one of his associates ambled into a company facility and seemingly without a care in the world walked away with a big slice of an insurance company’s computer data.

Mr Wood goes on to reveal that in conversations with high ranking financial execs, he has been told that some companies are aware of employees who have been deliberately sent for interviews and gained positions in a finance company, while all the time these people are employed by large scale criminal organisations.

These moles may have access to all kinds of highly sensitive and valuable information.

With a company ID and armed with passwords they can often wander around the company’s computer data unchallenged.

Mr Wood believes one of the big mistakes companies make is to keep all their important data in one place, making it a one stop shop for thieves.

He has identified two main targets, Credit Card Data and intellectual property.

He was told by one intellectual property company that all that separates them from their competitors could easily be stored on a thumb drive.

So it’s easy to see how one mole could download that information onto a portable device and just walk out of the door.

He also believes that companies’ emphasis on clever computer security has led to them completely forgetting about basic, guard stood outside the door, human security.

He goes on to say that he sees the future of criminal data attacks lies in walking through the front door, not breaching firewalls.

He sees a big gap in companies’ emphasis when it comes to security, and says that all the effort is put into IT, when training of employees to spot suspicious colleague activity would be just as vital.

He goes on to say that there are three simple key elements that can assist a company to avoid these attacks.

• Good quality vetting of staff and third parties

• An awareness campaign that is intelligently designed and has a strong focus to encourage and inform people

• Conducting regular meetings with HR, physical security, IT security and the business to provide a holistic defence against an attack.

He believes that this is all that is needed to avoid those irritating piles of earth in the middle of company lawns.