Firms ‘don’t take cyber espionage threat seriously’
March 10, 2011
Urged to restrict access to sensitive data
Firms don’t take the threat of cyber espionage seriously enough, says Ovum.
A report by the research firm urged businesses to address the issue as it’s “as relevant to them as it is to national security organisations”.
“Cyber criminals are graduating from stealing credit cards and banking credentials to targeting corporate plans and proprietary information. They want valuable information such as product and technology blueprints, customer lists, or information that can be used to embarrass or disadvantage a victim,” said Graham Titterington, Ovum’s principal analyst.
“Almost every organisation has sensitive information that would damage it if it were to be leaked out; however, many have overlooked cyber espionage in their preoccupation with preventing the theft of financial data. This needs to change, and enterprises need to wake up to the danger posed or risk losing valuable information and having to deal with the consequences.”
Titterington said employees that work from home are the weakest link in corporate security defences. He urged firms to restrict the number of staff that have access to sensitive data, as well as conducting a risk analysis of all devices that access the network including removeable media.
Alex Donnelly, portfolio manager of Damovo UK, said it was “extremely worrying” that companies are turning a blind eye to cyber espionage.
“Even more worrying is the suggestion that home and remote workers are a possible weak link. If you have the right technology in place and your remote workers are sticking to the rules then there is absolutely no reason for there to be any risk to them or the company,” he said.
“Businesses must therefore take every opportunity to ensure policies can be enforced and that mobile devices are within the control of the IT department, to minimise risk and the threat of cyber espionage.”