As with most crime, cyber-crime is on the increase and shifting in focus. Generally, the emphasis has been on protecting your e-security infrastructure from internal attacks. Until recently that is.
"Interestingly, while internal attacks continue to remain top of mind, the Computer Crime and Security Survey conducted by the Federal Bureau of Investigation and the Computer Security Institute, revealed that external attacks outnumbered internal threats for the first time. One of the reasons for this trend could just be that more and more companies are reporting external hacks. Previously there was an element of secrecy around these attacks, organisations were reluctant to jeopardise client confidence by admitting their systems were not as secure as they should be," explains Maeson Maherry, general manager of NamITrust, the Enterprise Security Solutions Provider (ESSP) within NamITech.
Maeson Maherry, general manager of NamITrust, the Enterprise Security Solutions Provider (ESSP) within NamITech
"Another factor is that as systems become more and more complicated, with new features being added all the time, extra avenues of entry into the organisation are opened up with the most frequent point of attack being the Internet connection," he continues.
While external attacks may become the No. 1 threat of the future, attacks from within the organisation should not be underestimated. External breaches are often easier to defend against than internal breaches. With internal intrusions, the attacker knows where to go for the information and how best to cover his tracks.
Research has shown that 60% to 70% of corporate e-security breaches originate internally. A dissatisfied employee - or an ex-employee with a grudge - can often determine where confidential company data is stored and then access it in order to use it against the company. These attacks are generally more deliberate than external hacks, and harder to trace. International venture capitalist company 3i recently ran an e-security survey, in which the two current primary risks to e-security cited by the respondents are white-collar crime and internal sabotage. The predicted primary risks in three years time will be corporate espionage and internal sabotage.
It is a people problem
"Internal sabotage is clearly an area of concern that will not go away. While physical measures such as biometric identification, the use of smartcards and protection of the network infrastructure are fundamental to a defence against internal attacks, the threat is also a people problem," says Maherry. "Corporates need to create a culture of loyalty among employees, and this responsibility falls to departments outside of IT such as HR."
However, whether attacks are internal or external, they need to be addressed and the increase of these threats creates opportunities for security providers. "The current trend is towards outsourcing corporate e-security. Managed Security Services (MSS) involves the management and monitoring of an organisation's e-security by an external company specialising in this field," says Maherry. "The spend on MSS is predicted to increase by some 8% in 2002. Managing e-security is a process, a holistic approach to the issue bringing in all elements of security including managed PKI, biometrics and intrusion detection."
NamITrust incorporates SACA, experts in the field of PKI and encryption technology. The company was acquired last year by NamITech, enhancing its already comprehensive security offering. Now NamITech, through NamITrust, is primed to capitalise on these MSS opportunities.
"We are a strong local affiliate of VeriSign, the world's largest provider of Internet trust services; we operate out of our own 7-tier secure trust centre (the only such facility in Africa) where we continue to securely issue digital certificates and we are already providing managed PKI solutions," Maherry points out. "Over the last five years SACA secured 80% of local PKI projects and we aim to continue and improve on this track record. NamITech offers a comprehensive range of security solutions and becoming an ESSP is a natural progression for the company."
NamITech, 011 458-0000