|
FROM: PR NEWSWIRE Wednesday July 17, 1985 Update: 16 CGA SOFTWARE PRODUCTS GROUP ON COMPUTER CRIME INTERNAL COMPUTER CRIME PROVES GREATER THREAT THAN 'HACKERS' NEW YORK, July 17 /PRNewswire/ -- For every outsider who accesses Pentagon telephone numbers or makes fraudulent credit card purchases, like the seven New Jersey teenagers arrested re- cently, it is estimated that far greater numbers of disgruntled or dishonest employees damage their employers' computer systems internally every day. "Teenage 'hackers' are just the tip of the computer crime iceberg," says Carol Molloy, a computer security specialist with CGA Software Products Group, Holmdel, N.J. "These computer crimes get the spotlight because the perpetrators get caught and the victims are willing to prosecute." More insidious data fraud and malicious damage occurs inside corporations than any hacker ever committed, Molloy continues. "Employees have far greater access to sensitive information, and many times are so well acquainted with procedures and security features that they leave no trail at all," she adds. "Unhappy employees can leave a programming 'time bomb' in a computer that causes trouble long after they are fired or leave for another job." Carelessness, rather than malice, often causes even more problems, according to Molloy. "Many computer security systems are based on passwords, and people can be very lax about protect- ing them." Employee computer crimes, however, receive far less attention than outside break-ins, Molloy says, because victimized organiza- tions are unwilling to publicize the matter through arrest and prosecution. "Revealing damage from internal sources doesn't do much for a company's image," she says. "Customers, corporations feel, will start to wonder about just how secure relevant information may be and may decide to go elsewhere. Also, insurance premiums often go up after a theft is revealed." The question facing data processing and information managers is not whether a security system should be installed, but how to go about it, says Molloy. "Many organizations believe that secu- rity is solely the concern of the managers," she says. "They don't realize that implementing security requires extensive internal support." Security systems also demand ongoing maintenance, she says. "Just installing the system doesn't mean data is secure from then on," she points out. "Our experience at CGA has shown that installing security is an organization-wide effort," she says. "Many corporations con- sider compliance with security procedures part of regular perfor- mance reviews, and adhering to regulations is routinely included in job descriptions. This usually results in active, widespread employee support for security procedures, especially when it's obvious that the company takes security seriously." Molloy is product manager for Top Secret, a security software package from CGA, and is a recognized authority on planning and implementing computer security systems. Provided by Elric of Imrryr & Lunatic Labs& UnLtd.