The cases that tend to hit the headlines in relation to breaches of computer security are those involving geeky students and former employees.
An example is the recent case of David Lennon launching an e-mail attack on his former employer, Domestic & General Group. Lennon caused chaos for Domestic & General by generating millions of hoax e-mails. The insurance company's router and mail server crashed and the cost was in the tens of thousands of pounds. This followed Lennon's dismissal from his part-time job.
Although Lennon was sentenced to a 2-month curfew and electronic tagging, companies would be ill-advised to assume that this is the type of attack which is their primary threat, dangerous that it was.
Insider frauds are proliferating. For example, a bank manager in Scotland created £21million in false loans in a five year period.
Malicious software is being used by criminal gangs as a means to extort money often through threats. Often criminal gangs do not use the internet directly to access a company's system but may infiltrate a company by becoming members of staff or by bribing or threatening a member of the company's staff or its security or cleaning service providers.
KPMG Forensics' fraud unit estimates that in the first six-months of 2006 there were cases with a value of over £600 million in the courts compared with a comparative figure of £250 million in 2005.
The anonymous and international nature of the internet makes it extremely difficult for law enforcement agencies to discover who is behind international frauds and the law and courts are being slow to recognise the value of intangible assets. This, combined with the desire of most companies to avoid any damage to reputation arising from publicity surrounding failure of security systems, means that criminal gangs recognise that some companies are soft targets. It is crucial that IT departments or external service providers are alert to the risks surrounding the business and do not assume that this sort of fraud is something that happens to other people.
This article is reproduced from Eversheds e80 service. You can find out more about Eversheds e80 and search the Eversheds e80 archive at www.eversheds80.com.
e80 is provided by Eversheds for information purposes only and should not be regarded as a substitute for taking legal advice. It is reproduced here by kind permission of and is © Eversheds.
|
