Uninformed employees a grave security threat, expert says

All it takes is one employee to unknowingly compromise a network’s hard outer shell.

And when that happens, all other security measures could simply melt away, according to the founder of the Hacker Research Lab at Oshawa, Ont.-based University of Ontario Institute of Technology (UOIT).

“The reality is many businesses are operating under a false sense of security,” said Clemens Martin, who is also director of IT Programs at UOIT. “All too often we see corporate networks that become compromised by an ‘igloo effect’ of sorts.”

The good news is many corporate executives are becoming increasingly aware of this risk.

Most business leaders polled as part of a recent Fusepoint/Sun Microsystems/Leger Marketing survey stated that the greatest threat to their data security was not likely to come from a malicious external attack, but rather from the hands of an uninformed employee.

Martin also believes the private and public sectors have similar security concerns.

He said in both sectors the infrastructure used is similar, and malicious attackers are keen to infiltrate both.

There is a common interest in the “bad guy community” to get inside networks in both sectors, and attacks designed to fool uninformed or undereducated employees and public servants are becoming more sophisticated, according to Martin.

Depending on an individual’s e-mail settings, and security products in use, an e-mail may just have to be clicked on – without any attachments whatsoever being opened – for the attacker to get in, he said.

“If you look at HTML-formatted e-mails, just like a Web page, there can be embedded code that can download,” Martin said. “There is a risk, but there is also protection.”

Martin pointed to products from Cupertino, Calif.-based Symantec, but also noted that security software and conventional insurance are two different things.

“You can buy an insurance policy for almost anything,” Martin said. “But you can’t buy insurance to hedge against IT security risks because the problems are not understood as well as earthquakes or fires or car theft. Those (problems) have been well studied over years and years.”

Most IT security problems are studied in computer science departments, he said.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Brian Eaton
Brian Eaton
My list of accomplishments includes ideating, concepting, writing, developing and reworking copy for top-tier international clients. I delivered an aggressive small-to-medium business (SMB) strategy for Sony VAIO laptop computers; integrated print and broadcast resources with my own savvy to architect Chrysler LLC’s online identity; and created the voice that The City of Toronto wanted to show-off to immigrants and investors.

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now