Crime gangs target internet
The National High Tech Crime Unit has warned of 'incontrovertible evidence' of organised crime moving in on electronic commerce.
Speaking at last week’s InfoSecurity Show Europe, detective superintendent Les Hynds said it was vital for UK corporations to take the threat of cybercrime more seriously than they currently do. ‘We have incontrovertible evidence that organised crime is going online,’ said Hynds.
‘Almost any real-world crime can be committed online. Extortion is going on and it’s sometimes information we can’t see because companies like to deal with these types of problems inhouse,’ he said.
Hynds said internal sabotage or financial fraud are still most likely to come from existing employees. Despite this, one in five firms fail to conduct regular security audits.
‘Cybercrime is a barrier to electronic commerce,’ said Dr Jeremy Beale, head of the e-business policy group at the Confederation of British Industry. ‘It has detrimental effects on businesses and their brands. The fear that cybercrime could discredit electronic commerce is a major concern to the CBI.’
But according to a survey carried out by respected security analyst NTA Monitor, UK businesses are still not getting the message. A third of UK businesses leave themselves exposed to threats because they fail to crack down on medium and low-level security flaws.
The survey found that, despite tackling major security vulnerabilities, UK companies are still failing to address smaller flaws. The audit examined the data from more than 600 security tests carried out by NTA Monitor at client sites during 2002. One third of corporate networks tested were found to have at least 10 flaws.
‘A third of companies we examined were guilty of bad security housekeeping, with unacceptably high levels of basic flaws found,’ said Roy Hills, technical director at NTA Monitor.
‘Although corporates are clearly prioritising security vulnerabilities and addressing high-profile issues, this is at the expense of a much larger number of lower profile vulnerabilities that are being ignored.
The net result is that corporate networks remain exposed to external attack,’ claims Hills.
Just 6% of businesses had a high-risk vulnerability, which could allow hackers to access and take control of computer systems – down from 19% the previous year.
But medium-profile vulnerabilities were found in 73% of tests, and low-profile vulnerabilities were found in every test instance.