Security News > 2003 > June > Business security depends on people
Forwarded from: William Knowles http://www.santacruzsentinel.com/archive/2003/June/12/biz/stories/01biz.htm By JENNIFER PITTMAN Sentinel correspondent June 12, 2003 SCOTTS VALLEY - Patents and copyrights aren't enough to safeguard a company's treasures, according to Curtis Coleman. The director of worldwide electronic security for Seagate Technology touts the need for an increasing holistic view of corporate security in a competitive world. Coleman's job is to look for trouble, preferably before it happens by scoping out potential vulnerabilities that could put his employer's business in danger. He is charged with safeguarding the international company's proprietary information, which includes technology the company develops and uses as well as data and business systems. As the main speaker today at the Santa Cruz-based Intellectual Property Society luncheon, Coleman aims to link high-tech security issues pertinent to business with the everyday security issues that companies often overlook. "Most people think corporate espionage is only in the movies and has nothing to do with the ordinary company that might just be getting formed, but what we've discovered in the last three to five years is that there's an increase in five areas in how intellectual property is getting out of companies," Coleman said. "People are very lax about security. They think they donÂt have to secure anything." Coleman, a former U.S. Air Force commander specializing in computer security systems, helps train law enforcement in computer forensic techniques as well as security management courses. He will cover the five problem areas, as well as corporate espionage, and the bridge between high-tech and no-tech security solutions. "Usually we talk about legal rights," said Patrick Reilly, founder and president of the Intellectual Property Society. "But there is a pragmatic issue of how physically you protect your property." Intellectual property security isn't just important for tech-development companies, Reilly said. It's important for artists and small businesses of all kinds that need to protect their competitive secrets about how they win business. While many smaller and midsize companies may not think they need to protect their intellectual property, or only need to protect information about a specific design or product, Coleman says that companies of all types and sizes are relatively ill-equipped to protect themselves. Hired investigators in a growing market for competitive intelligence can learn a lot about a company simply by collecting pieces of information that is often considered innocuous, such as how late people stay at an office or how behind in bill payments they are. The fact that engineers suddenly stop publishing reports on new technologies may indicate a startup is under way. Coleman is especially wary of friendly little phone conversations involving seemingly innocuous details about a company's routine business that reveal information a company might not normally want to share. "Most people think getting something that's high technology is going to protect them," Coleman said. "But the human firewall is key to protecting intellectual property." According to the Eighth Annual Computer Crime and Security Survey released this month by the FBI and the Computer Security Institute, theft of proprietary information caused the greatest financial loss - about $70.2 million - among 251 organizations interviewed this year. The second most expensive computer crime among survey respondents was denial of service, at $65.64 million, according to the survey. Computer viruses and insider abuse of network access were the most commonly cited forms of attack or abuse. On the brighter side, financial fraud was only about $10.18 million compared to almost $116 million reported last year, and while there were about the same amount of unauthorized computer use at organizations, resulting annual losses were down from 2002, to 2001 figures. The survey included business, government, education and legal respondents. The authors noted that most respondents said they don't report intrusions to law enforcement for fear of negative publicity and competition. According to the FBI/CSI report, only 30 percent of the respondents reported computer intrusions in the last 12 months. Scotts Valley Police Detective Sergeant Donna Lind, who heads the Santa Cruz County High Tech Crime Investigators Association, said identity theft is the largest growing crime nationwide and is costing individuals and businesses more each year. "We have had businesses where their records have been taken," Lind said. "They've obtained personal records, PIN numbers and passwords. The crooks that we're dealing with are becoming more high tech." *==============================================================* "Communications without intelligence is noise; Intelligence without communications is irrelevant." Gen Alfred. M. Gray, USMC ================================================================ C4I.org - Computer Security, & Intelligence - http://www.c4i.org *==============================================================* - ISN is currently hosted by Attrition.org To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY of the mail.
News URL
http://www.santacruzsentinel.com/archive/2003/June/12/biz/stories/01biz.htm