Accounting Software, CRM Software, Business Management Construction software, Accounting, Estimating, Project Management, CRM, BOQ's, Specifications, Document Management Manufacturing software for ERP, MRP, APS, Distribution and Warehouse management Retail software solutions, EPOS, Chip & PIN, Loyalty etc.
Home
Register for iTSHOWCASELIVE
Need Help? Let us help you find the perfect iT supplier
Learn about iTSHOWCASE
Privacy Policy
View Glossary
spacer
spacerNews
spacer
Caught out by "Party of a Lifetime" invite
Half of UK's plcs risking network security

More than 47% of publicly listed companies have risked the security of their business and customers by inserting an unidentified memory stick into their computers, according to research by IT security consultancy NCC Group.

The awareness campaign targeted finance directors from 500 of the UK's plcs with a completely anonymous 'invitation', in the form of a USB memory stick, with less than 53% either thinking twice and rejecting the temptation to find out more about the 'exclusive' party or not receiving or opening the invitation.

Paul Vlissidis, Head of Penetration Testing at NCC Group, comments: "These findings are extremely concerning and reflect the need for us to continue raising awareness of network security in the UK. The campaign was launched to highlight the potential dangers to organisations' network security caused by inserting media received from an unidentified source.

"The first invitations landed on desks at 8am and by 11.30, 70 people had inserted the sticks, despite many needing to bypass a warning message asking them if they wanted to run the application! This demonstrates that a fundamental lack of healthy suspicion by IT users remains, even at a senior level. The need for real security awareness has never been greater - this is a serious issue amongst today's businesses and something that everyone should have in the forefront of their minds."

Broadcasters, utility companies, retailers, banks and telecoms businesses were amongst the 500 plcs targeted through the campaign, all of which contain confidential and sensitive customer information, such as personal financial details.

Vlissidis continues: "All of the companies that responded hold information they would not want in the hands of a third party, such as personal details of customer and employees and confidential corporate financial data. This kind of technique could easily be adopted by genuine hackers and if repeated, these directors could have seriously jeopardised the security of their company's networks.  Not only could fraudsters have customers' or employees personal details to steal their identities, but they could also have gained full control of an FD's email, account allowing them to access information regarding forthcoming unreleased trading statements or even results which they could then use to influence share dealing. The possibilities really are endless for a hacker with criminal intent and minimal technological knowledge.

"A real hacker could target the user's credentials using 'Trojan Horse' technology and plant keystroke loggers which could then capture the user's password.  Armed with this the hacker could simply log in remotely, unless the remote access is protected by adequate additional security measures, and extract whatever they wanted unbeknown to the company.  Equally the Trojan could possibly connect outwards to the hacker's machine and set up a full connection thereby allowing the hacker into the network to start a full attack against the corporate systems. "

NCC Group plans to educate existing and potential customers about the real risks of network security, which are affecting their organisations today and highlight the importance of developing a secure information security culture both in practise and theory.

NCC Group issued every company with USB memory sticks each with a unique code which, once inserted into a computer, were identified to NCC Group through a unique web file.  The respondents were then able to view a HTML web page, which explained the campaign, reassuring the user that no harm has been caused to their system.

The USB sticks were issued anonymously and no scripts were run on the respondents' computers, to avoid breaking the Computer Misuse Act. No information was extracted from respondents' computers.

The sample was chosen at random and sourced from a list of main market and AIM listed companies from the London Stock Exchange website.  Only companies based in the UK with ordinary shares were selected.

47% of companies inserted the unidentified source, hidden as a party invite
55% of companies in the North West responded by inserting the USB sticks
45% of the main market companies targeted responded
49% of the AIM listed companies targeted responded
54% of Manufacturing companies responded
Media companies the worst offenders
Security awareness lacking at most senior level
Welsh based companies are worst offenders
North less security aware than South

spacer

General software latest...
Ten top tips for controlling costs in the current climate from BT Business...

Security software latest...
Rising adoption of Open Source Software is putting businesses at greater risk...

General software latest...
Government calls for carbon neutral computer systems while DMW Group urges common sense...

General software latest...
Online video is now the most popular online media activity...


Browse By Category  

spacer
spacer
spacerFeatures
spacer
Supply chain planning can weather the economic storm
Can a new breed of supply chain professionals lead companies out of the worst effects of the economi...
Do you speak Geek?
The Boss' guide to Geek Speak by Peter Mitteregger, European Vice President CREDANT Technologies...
Leading causes of technology project failure
...
Enterprise IT departments to halve or more within 10 years
...

 
Browse By Category  

Register