Hackers face firewalls and intrusion monitoring on well-protected sites
A conference on computer security in London has been warned that companies face a bigger threat to their networks from their own employees than from hackers.
The organisers, Diligence Information Security, say about 70% of security breaches are committed by staff. Many are disgruntled workers who fear redundancy.
In a recent case, a member of staff who feared he was about to lose his job used a hacking program to wipe out his company's central database after his name was removed from the payroll list.
The conference was given demonstrations of hacking and e-mail forgery and virus attacks on systems. Stephen Cobb, a leading information security specialist, said his own company had been asked to test security on 50 sites in the past 18 months and had been 100% successful in breaking in with fairly simple hacking techniques
This 'ethical hacking' is a booming industry and many hackers themselves maintain that they are acting ethically in exposing security holes in networks. One delegate at the conference said there was a skills shortage and ex-hackers were readily employed by security firms, even to the extent of those with criminal records.
Scanning for security
Methods to counter security breaches are becoming increasingly sophisticated. The Atlanta-based Internet Security Systems (ISS) has grabbed a significant share of the market with its adaptive network security product suite.
Software scanners find and fix any vulnerabilities in a network while a real-time intrusion detection system analyses traffic for any signs of suspicious activity.
{ image 2 }ISS was founded by 25-years-old Chris Klaus, who developed the basic scanning software in 1992, working on the product as a student at Georgia Tech and then working out of his grandmother¿s home after he left college in his first year.
The effort paid off in a big way in March this year when ISS went public and Chris found himself worth $180m almost overnight.
The company now employs around 160 people including a research and development group known as the X-force, which has consulted for the FBI on security issues.
Other blue chip clients include Microsoft, EDS, Lockheed Martin, major commercial banks and the US army and airforce. Chris says the armed forces are becoming increasingly aware of how information warfare can be waged over networks.
ISS¿s headquarters is stacked with networked computers in every conceivable configuration to check for possible weaknesses. A school for cyber security guards instructs workers on the latest techniques.
While ISS has turned network security monitoring into a science, there is still some tongue-in-cheek reliance on less conventional methods. Gargoyles hang from the walls of the modern offices to ward off evil spirits, high-powered water pistols are in evidence and there is even a pet tarantula spider called Calica if all else fails to scare the hackers away.