The latest FBI/computer security institute survey has a bit of good news for a change. According to the 503 security practitioners who responded, 90 percent of enterprises are using anti-virus software to protect their networks.
At the same time, however, far too many companies continue to suffer from expensive security breaches. Eighty percent said they had sustained financial losses as a result of security lapses. And among those that were willing to quantify losses, the average was more than $2 million.
So, if the vast majority of enterprises are beefing up technology to secure networks, why are costly break-ins still so common? One possible answer is that, while most companies are fortifying their perimeters against intruder attacks, they arent doing a very good job at controlling whom they let in the front door.
Want some scary examples? Business Layers, a maker of employee provisioning software, recently asked visitors to its Web site to share security horror stories. One correspondent, an investment adviser, said he was allowed to keep his office keys, security card and e-mail account when he left his former employer to work for a competitor. He was able to tap into e-mail discussions among ex-colleagues who were plotting how to steal back clients from their departed co-worker.
In another case, a salesman at a large Wall Street brokerage was able to continue using his old e-mail account after changing companies. He was able to convince clients that the old company had been sold and that they needed to transfer their accounts to the new company—his new employer. I wish I could say that these stories were apocryphal. But officials at Business Layers said they have checked them out.
The lesson: Besides technology guarding the perimeter, strong security also requires information and procedures guaranteeing that only the right people are let in the front door.
Seen similar woes? Write to me at jeff_moad@ziffdavis.com.
