IT security jeopardised by human failure, vendors say

Marina Freri
Tuesday, 27 September 2011 17:46

Business IT - Security

There is no good news for the state of IT security in Australia: security issues still boil down to human failure and social media - mirroring human interactions - which increase the risk of security breaches, vendors say.

At a lunch held today in Sydney's Circular Quay, a panel of vendors briefed the media on how IT security services were changing to respond to more sophisticated cyber threats. According to the panel, the three most challenging areas for modern IT security are: virtualisation, mobility and BYO devices.

John Reeman, CTO for virtualisation security provider VMinformer, said human failure was at the heart of every security breach. 'Human traits, whether they be oversight, ignorance, a laissez faire attitude, lack of visibility, lack of responsibility '¦are attitudes that will be the fundamental cause and systematic failure of security in virtualisation,' he said.

He said cloud providers did not consider security to be their job and organisations were somehow not aware of the risks they were exposed to. 'I believe that those organisations that choose to be complacent will be part of the most catastrophic system failures we have ever seen,' he concluded.

Security services provider Watchguard's vice president for Asia Pacific, Scott Robertson, said ten years ago email was the number one method for attackers to get into a corporate network. He said these days most users were aware of the threat represented by an executable file attachment, but were still largely ignorant of other areas of risk, particularly social media.

'The world is changing, the world is adopting social media very quickly and so we see this is the number one threat, or one of the top threats, certainly for 2011 and moving forward,' Robertson said. Robertson said social media were first of all hugely popular, second they created what he called 'a culture of trust' and third they had insecure codes.

'You really have got the elements of the perfect storm,' he said, adding that companies should rewrite their 'acceptable use policy' in order to safeguard their IT security and their employees' productivity.

Handing out a study titled 'Advanced persistent threats and other advanced attacks', security services provider Websense ANZ Managing Director, Adam Bradley, highlighted the rising risk of advanced persistent threats (APT). 'APT is the modern malware,' Bradley said, adding that people responsible for cyber attacks were more and more practicing spear-phishing,targeting specific individuals within an organisation to steal valuable data.

He also said that once attacks were performed they were likely to be repeated. 'APTs are the result of well-funded, technically advanced, focussed criminal groups,' he said. 'They are willing to spend time and money to steal valuable data."