Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Wednesday, May 11, 2005

Security concerns outweigh all other IT headache

Security is by far the biggest technology headache for accountants, more so than the implications of IFRS, compliance or systems upgrades, a new survey has revealed.  An online poll of 270 accountants conducted by Accountancy Age, found that one in three respondents believe security to be the biggest IT issue their organisation faces.

Other important IT issues, such as systems integration, compliance,IFRS or upgrading IT, each received less than 20% of the votes in the poll, conducted with Datawatch.

Paul Durkin, a partner at Ernst & Young, said that the internal controls requirements of Sarbanes-Oxley have driven accountants to consider IT security even more seriously than before, with auditors warning businesses that their systems security is often too ‘informal’.  ‘A new employee will have certain access rights to systems, for example, but as they move into new departments they accumulate these rights.  And when they leave the company, these controls can remain active for a long time,’ Durkin said.

Richard Anning, product marketing director at financial software company Systems Union, said: ‘Financial data must be secure, with good IT controls ð that’s what Sarbox section 404 is all about.’

During the recent InfoSecurity Europe conference, the Metropolitan Police said that the vast majority of computer hacking was carried out by current or former employees.  Detective inspector Chris Simpson, of the Metropolitan Police computer crime unit, told delegates that one of the first steps in any investigation is to check employee details.  ‘In the vast majority of cases we investigate whether the culprits are current or former employees,’ he said.  ‘They’re not hacking into systems using flaws in software.  Instead they are using flaws in the security procedures of the company to carry out their attack.’

Most recently the national high-tech crime unit foiled a gang of hackers attempting to steal £220m from a Japanese bank in London.  After gaining access to the IT systems of Sumitomo Corporation’s London offices in October, the gang installed key-logging software to record log-in codes and company documents.  They had been planning to transfer the money to 10 bank accounts around the world.

Posted on 05/11