Data leakage the top security threat

Stephen Withers
Tuesday, 22 November 2011 16:33

Business IT - Security

Information security consultancy Pure Hacking reckons Australian organisations are underestimating the risk of data leakage when employees connect personal devices to corporate networks.

"Corporate data leakage from internal sources is the single major security factor affecting Australian organisations today," said Ty Miller, CTO, Pure Hacking. "This is because IT and management teams have underestimated the issues that arise when you connect more personal devices to the network and allow these personal devices to travel without restriction. This all contributes to a modern form of internal corporate espionage."

But Mr Miller and his colleagues failed to offer any general advice about how organisations can minimise or mitigate such issues.

A recent survey conducted on behalf of Citrix found security was the number one issue around the use of employee-owned devices for business purposes.

Other problems highlighted by Pure Hacking included industrial espionage with commercial or criminal motivation, a resurgence of wireless attacks thanks to the lack of support for more complex authentication mechanisms on mobile devices, SMS-based phishing, attacks on lost or stolen devices even if they are encrypted, and complex attacks following in the footsteps of Aurora.

Mr Miller also suggested organisations should ensure their suppliers and service providers really do comply with relevant standards such as PCI DSS rather than taking their claims at face value.