Site Search :      login

IT Shortlist Business Intelligence CAD/CAM/CAE/PLM Consultancy / Services CRM Enterprise Systems Factory / Plant Systems IT & Network Infrastructure Planning / Scheduling Process Systems Product Data Management Supply Chain Systems Time & Attendance / HR Featured Vendor: Infor Case Studies Enterprise Asset Management Enterprise Resource Planning Events Finance Management Performance Management Product Lifecycle Management Supply Chain Management Whitepapers News Reference Zone Engineering Design CAD/CAM/CAE Shop Floor Systems Process Systems Enterprise Systems Lean / Agile Systems Supply Chain IT & Network Infrastructure Integration Consultancy / Services Industry Sectors Comment / Opinion Jobs Events Advertiser Services Direct Marketing services How to Advertise

Party of a lifetime scam reveals IT security nightmare 23/01/2007   More than half (54%) of manufacturing businesses contacted in an anonymous ‘come to this party’ scam risked the security of their business and customers by inserting an unidentified memory stick into their computers. That’s the word from IT security consultancy NCC Group, which conducted the test by targeting finance directors at 500 of the UK’s plcs with the USB sticks. Manufacturers, broadcasters, utility companies, retailers, banks and telecoms businesses were among the target group, all of which could have revealed sensitive customer details. Overall 47% of recipients breached their company security policies – and while broadcasters were the worst offenders, manufacturers were second. Paul Vlissidis, head of penetration testing at NCC Group, say: “These findings are extremely concerning and reflect the need for us to continue raising awareness of network security in the UK.” First invitations landed on desks at 8am and by 11.30, 70 people had inserted the USB sticks, despite many needing to bypass a warning message asking if they wanted to run the application. “This demonstrates a fundamental lack of healthy suspicion by IT users, even at a senior level. The need for real security awareness has never been greater… This kind of technique could easily be adopted by genuine hackers and these directors could have seriously jeopardised the security of their company’s networks. “Not only could fraudsters have customers’ or employees personal details to steal their identities, but they could also have gained full control of an FD’s email account, allowing them to access information regarding forthcoming unreleased trading statements or even results which they could then use to influence share dealing.” He makes the point that a real hacker could target the user’s credentials using Trojan Horse technology and plant keystroke loggers, which could then capture the user’s password. “Armed with this the hacker could simply log in remotely, unless the remote access is protected by adequate additional security measures, and extract whatever they wanted unbeknown to the company.”   Author Brian Tinham   Email this article   Bookmark this article using:   Del.icio.us digg reddit Facebook StumbleUpon   Linked Companies    NCC Group     Similar News Articles     Over one third of firms now say their IP has been stolen     Over half of IT professionals don’t encrypt mobile data     One in 10 IT professionals cheat on their audits     Patch Tuesday only resolves disclosed vulnerabilities     UK can build 100MB broadband without public subsidy     Similar Reference Zone Articles     Network practice     Wireless world     Mobile IT: for real     Unlocking business with cyber security     Netting material improvements

Contact Us  |  About Us  |  Careers @ MCS  |  Site Map  |  Terms & Conditions  |  © Findlay Media Ltd 2010  |  Login  |