Companies at risk from cyber-crime
Global Office wants to hear from you. E-mail
your questions and suggestions and we will read the best on air.
ON CNNI TV
for Global Office show times on CNN International.
LONDON, England (CNN) -- Bank robbery has come a long way since the days of Bonnie and Clyde.
Last week British police revealed they had foiled a cyber-crime gang's bid to steal $412 million from the London offices of the Japanese bank Sumitomo.
The gang hacked into the bank's systems using "keylogging" software, which records all keystrokes entered into a computer to gather secret information such as account numbers and passwords.
But while the thieves were thwarted before they were able to transfer any money, new research suggests many companies are still unaware of -- and ill-equipped to deal with -- the threat from cyber-criminals or malicious hackers.
Keylogging is an example of "spyware;" software which is covertly installed remotely on computers and then used to send information from the host computer to an external source.
"Spyware is by no means a new threat and has been around in various forms for a number of years, but the difference now is that the criminal community is now starting to exploit it to its advantage," Steve Purdham, CEO of Web security company SurfControl, told the Associated Press.
In a survey compiled by Web company WebSense, most European IT managers claimed they had adequate protection for their company's computer systems.
Yet only around a third had considered some of the commonest threats beyond those dealt with by anti-virus and firewall software.
As well as spyware, other common threats to IT security derive from "phishing" -- a scamming technique which tricks computer users into entering secret information on fake Web sites -- non-regulated Internet use, instant messaging programs, peer-to-peer file sharing software and from internal hackers.
The survey, based on interviews with 500 IT managers in the UK, Germany, France, Italy and the Netherlands, found that a little more than a third of companies had adequate protection against three or more threats while a quarter were protected against just one.
Over half of companies were unable to detect internal hackers or block phishing sites while a third had no protection whatsoever against spyware.
More than three-quarters of IT managers admitted their job would be at risk if they failed to prevent a major system breach, and one in five described their work as more stressful than moving house, getting divorced or starting a new job.
Yet many of them seemed content to leave employees to manage and implement their own security.
Only 40 percent of companies regulated Internet usage, leaving most staff free to surf the Web and download unknown attachments or software.
Among companies that allowed staff to log in remotely from outside the office a mere 21 percent of IT managers believed laptop protection should be the responsibility of the IT department.
Yet almost three-quarters of them recognized that laptops taken out of the office and then re-connected to the network posed a major security risk.
"Businesses can no longer rely only on antivirus software and firewalls as a safety net," said Websense vice-president Geoff Haggart.
"New Web security threats such as spyware and phishing scams escalate each week, as employees' personal and business usage of the Internet increases. By protecting employees from the potential threats that are available today on the Internet, businesses are protecting themselves."