By John Mark V. Tuazon
Computerworld Philippines
June 17, 2010

Firewalls offer firms security, but relying on them entirely—especially in blocking external attacks—is troublesome than most companies would like to think, according to an executive of EC Council, the international council of electronic commerce consultants.

Internal attacks are far more dangerous than external threats, so relying solely on firewalls and other security equipment may be an exercise in futility, claimed Steven Graham, senior director, EC Council.

“The original effort of companies is to block everyone, build walls, and make sure that the firm is absolutely secure from outside attacks,” Graham related.

This old methodology—which Graham dubs as “equipment-based security mentality” or EBSM—is often ineffective, because, Graham said, “if your firewall breaks, and you have insecure data, you’re done.”

This is on top of the fact that cybercrime operatives are becoming more and more organized and sophisticated over the years. “Equipment in the enterprise are very complex. There are so many places for these criminals to hide, undetected by common monitoring solutions,” he stressed.

Policing Insider Attacks
Threats to network and data coming from the inside are more commonplace than everyone things, with at least 60% of reported attacks coming from the inside, Graham shared.

Competitors, who would naturally want to take advantage, can easily cause damage to networks and steal data just by planting an employee inside. “[One] can bypass the firewall simply by getting hired,” Graham quipped. “It takes just one disgruntled employee to take revenge and compromise security.”

Age-old defense mechanisms—such as antivirus, biometrics, encryption, passwords, and physical security—also have little to offer in terms of fully securing the network, since they can easily be circumvented by human intervention or a software/hardware installation.

Graham cited the much-publicized example of Heartland Payment Systems, a firm which processes credit transactions for MasterCard and Visa holders, whose system was breached in 2009 by a simple program that monitors traffic in the network downloaded via Google.

“They invested a lot on equipment and firewalls, but the incident literally brought the multi-billion firm to its knees, with its stocks swiftly nosediving from $85 to 85 cents,” Graham said.

Graham said firms must put an end to too much dependency on equipment. “Most firms put up walls, expect everything to stay out, and stop at that,” he added.

At the end of the day, humans, according to Graham continue to be the weak link in the network security chain. “There is just no patch or remedy for human stupidity!” he quipped.

Possibly Related Posts:

• Philippine BPO industry hails Senate’s passage of cybercrime bill
• You don’t deserve more time, says judge to Facebook, Google: report
• Oracle asks for retrial against SAP in TomorrowNow case
• Microsoft opens C++ extension for other compilers
• Prepare Your Business for Facebook Mobile Ads

 Print This Post