there are couples who would prefer a small family, there are also couples that would prefer medium size families however, there are also ...
27 minutes ago by masoncrumac on Philippine antipiracy drive focuses on enterprises
We have relaunched: What's new at ZDNet Asia?
ZDNet / News / Security / Story
Companies must take heed of the insider threat
Summary
Increased vulnerabilities on the user side undermine many investments in network security, say experts.
Topics
asset, barrier, enterprise security, insider threat, security, trend micro inc., vp
Events
Microsoft MSDN/Developer Event
25 Mar 2010
One Marina Boulevard, Microsoft Singapore
IT Architect Regional Conference Singapore 2010
20 - 21 Apr 2010
Singapore Management University, Singapore
The Internet Show 2010
21-22 Apr 2010
Suntec Singapore
Don't forget to keep an eye on internal threats when you're securing your enterprise.
That was the overarching theme for several speakers at IDC Asia-Pacific's SecurityVision 2008 conference Tuesday.
Song Hai Yan, vice president of engineering at ArcSight, quoted figures from a 2006 InfoPro survey, saying 72 percent of Fortune 1000 organizations worry equally or more about insider threats than they do external security breaches.
Increasingly, security issues revolve around employee activity, she said, noting a trend for many enterprises in attempting to buy a broad portfolio of security products, but with little direction toward focusing on weak security areas.
"Don't buy too much. Start with a good foundation around your [existing security] assets" before patching weak spots, she advised.
 |
| Don't buy too much, start with a good foundation around your assets. |
 |
| Song Hai Yan, ArcSight engineering VP |
Another vulnerable spot where users are concerned is the advent of Web applications, said Citrix Systems' Asean area vice president, Yaj Malik.
According to Malik, most targeted hacker activity today focuses on customized Web applications which include internally-developed and customized package applications, which are "extremely hard to write securely", and lack signatures or patches, causing the "traditional security paradigm [to] fall apart".
Elaborating, he said this "traditional paradigm" is a reactive one, where patches and signatures are issued only after a hole is discovered. With no signature or patch management cycle for many of these applications, Web applications offer "untraceable access to sensitive data".
Yet, with the vulnerabilities associated with users and applications, 75 percent of most enterprise security investments are focused at the network level, while conversely, 75 percent of attacks are focused at the application level, said Malik.
Malik said in an ideal situation, securing the endpoint assumes programmers write perfect software, free of security leaks. Of course, he said, bugs exist in all software, and it is from these numerous and varied scenarios that data breaches will occur.
Ieta Chi, director of business development, Asia-Pacific, at Trend Micro, echoed the thoughts of the previous speakers.
Quoting research from Market Research International, he said the top three enterprise security leaks in descending order are employees copying files out of office systems, corporate e-mail breaches and leaks from e-mail accessed on public Internet terminals.
Chi noted that all three breaches are employee-related, which negates the efficacy of data encryption, since encryption protects against unauthorized access, and does not pose a barrier for authorized employees.
Quoting a 2006 study by U.S. research firm, Ponemon Institute, Chi said: "78 percent of data breaches come from authorized insiders."
Transform your business interactions with real-time voice, video and telepresence solutions.
Tech Vendor: Cisco
Tech Vendor: Cisco
ZDNet Asia Live
We have no plans to attack anyone. But we consider it necessary for all our partners in the world community to clearly understand that to...
29 minutes ago by masoncrumac on ZDNet Asia goes global on localWe have no plans to attack anyone. But we consider it necessary for all our partners in the world community to clearly understand that to...
29 minutes ago by masoncrumac on ZDNet Asia goes global on localZDNet Asia features IBM collaboration roadmap story from LCTY Singapore - http://bit.ly/9CuSbZ #lotusknows
46 minutes ago by lotusknows on topsyInternet Jobs in Malaysia - ZDNet Asia http://bit.ly/d0o8Ce
1 hour 30 minutes ago by jamesmt39 on topsyBTW blog by Eileen Yu: ZDNet Asia goes global on local. http://tinyurl.com/yd554ql
2 hours 36 minutes ago by zdnetasia on topsyHEADLINE: IT Management - IT Infrastructure - Service Level Management ... - http://bit.ly/bW1rqY
3 hours 19 minutes ago by itilpedia on topsyRT @charlesmok: Caller ID spoofing more damaging than e-mail http://ping.fm/0D77z
4 hours 8 minutes ago by makechoice on topsy
[TECH] URL Shorteners slow Web redirection. - http://bit.ly/bySnWK @zdnetasia
22 hours 27 minutes ago by danielcktan on twitter
URL shorteners are great but they can slow web redirection & you pray it would never go down http://bit.ly/bySnWK via @zdnetasia
22 hours 55 minutes ago by angahsin on twitter
Temasek Holdings eyeing tech stocks, indicating optimistic outlook on IT sector. http://bit.ly/aM7VwU
23 hours 24 minutes ago by zdnetasia on twitterURL shorteners slow Web redirection. http://bit.ly/bySnWK
23 hours 24 minutes ago by zdnetasia on twitterChinese agencies cry foul over Google. http://bit.ly/by6rwV
23 hours 30 minutes ago by zdnetasia on twitterPhilippine antipiracy drive focuses on enterprises. http://bit.ly/aWryDC
23 hours 51 minutes ago by zdnetasia on twitterGartner: China to become world's fastest-growing enterprise software market. http://bit.ly/bqJTtb
23 hours 52 minutes ago by zdnetasia on twitterall of sg's isps have been practising compulsory invisible proxy for all home subscribers at their backend since many years back alre...
1 day 48 minutes ago by melvinchia on Web filters mean bad news for businessit is not to good for china.
Proactol
RT @zdnetasia: HP touts new products and management and productivity tools to address business computing pain points. http://bit.ly/dudgA6
1 day 3 minutes ago by LiruChan on twitterFor those with a computer science background, or interested in the high performance computing scene: http://bit.ly/9vFC3i
1 day 28 minutes ago by zdnetasia on twitterHP touts new products and management and productivity tools to address business computing pain points. http://bit.ly/dudgA6
1 day 36 minutes ago by zdnetasia on twitter
** S'pore govt launches traffic Web app. http://www.zdnetasia.com/s-pore-...
1 day 14 minutes ago by juiceliving on twitter
Big up to my peeps at www.ZDNet.com.au (and www.ZDNetasia.com and www.ZDNet.com.uk). Loving the redesign!
1 day 8 minutes ago by randolphramsay on twitter
McAfee steps up cloud assurance - Zd Net Asia.com
http://www.zdnetasia.com/mcafee-...
Interesting take on social analystics. http://www.zdnetasia.com/blogs/w...
1 day 34 minutes ago by zatso on twitterVery good explanation of JMX
2 days 38 minutes ago by Babith B on Managing applications with JMXThe reaction to a report issued Tuesday by Flurry Analytics managed to completely overlook some interesting news--the Android-based Motorola Droid outsold the original iPhone over the same period of time following their respective launches--to focus instead on the sales numbers for the Nexus One.
2 days 41 minutes ago by lonemavericks on diggsAnother ZTE story....
2 days 43 minutes ago by Moderate Your Greed on Philippines opens bid for final 3G licenseWe at www.fifosys.com have also seen a growth in IT outsourcing and anticipate it as a growing field.
2 days 17 minutes ago by sarah Jane on Companies' outsourcing spend to increaseI agree with you. The iSiVaL is super portable and TVs can't expand their image size. I recorded a video that might bring some ideas to...
2 days 47 minutes ago by Jesse B Andersen on Buying a projector? Try an LED TV insteadhermm... he deserved it.. he shud not talk abt sensitive things like tat, well, he shud think twice before saying all those things, event...
2 days 25 minutes ago by ... on Facebook user charged in MalaysiaPassword manager tools are potential security threat. Criminals who hack into the computer can use the password manager to log onto any s...
3 days 25 minutes ago by ohanae on What defaults should random password generators use?I've found the cross platform utility unetbootin to be rather handy for this kind of thing as well.
3 days 59 minutes ago by Jim on Use Live USB Creator to install Fedora 12 from a USB stickThanks for the article. I think the debug command has an "\" after "C:" it should say w32tm /debug /enable /file:C:\l...
3 days 266410 seconds ago by Roger Biefer on Manage time accuracy with W32Tmavailable in singapore now
http://www.portablemall.com.sg/goods-71-Microsoft+Zune+HD+32GB+-+Platinum.html
How about just using http://www.random.org/strings/? It is very configurable, satisfies all of the flexibility requirements you have ment...
3 days 42 minutes ago by Varun V Nair on What defaults should random password generators use?Keep up with ZDNet Asia
Linkedin 
RSS Feeds 
Newsletters 
Twitter Inside ZDNet Asia
Sponsored
The Desktop Virtualization Revolution is here!
Find our more with Citrix Simplicity is Power
2010 IT Salary & Skills Report
Find out the salary range of IT professionals. Join activeTechPros for free access to the report.
The Internet Show 2010, 21-22 Apr 2010, Singapore
FREE admission for visitors who pre-register online. Register Today!
