Don't overlook possible inside threats

INFORMATION TECHNOLOGY
Likely sources of attacks


Ranked in descending order


1. Independent hackers

2. Disgruntled employees

3. U.S. competitors

4. Foreign corporations

5. Foreign governments


Source: 2001 Computer Security Institute/FBI Computer Crime and Security Survey

While cyberterrorism is considered a possibility, the auto industry also needs to protect itself from a threat closer to home, IT security experts warn.

The threat: Employees and former employees who try to hack into company computer systems.

The 2001 Computer Crime and Security Survey - conducted annually by the Computer Security Institute () and the FBI - says disgruntled and dishonest employees are responsible for most attacks on IT systems. Independent hackers came in second place.

Employees were identified as the greatest security threat by 35 percent of respondents in a separate study conducted by consulting firm KPMG LLP (). Hackers followed at 34 percent. But that study specifically concerned the auto industry.

Security experts say layoffs this year by automakers and suppliers only make the threat more real. The last time the industry was in a downturn - in the early 1990s - few people outside of government or academia had access to the Internet.

In the past, there was an implied level of trust among automakers, suppliers and employees when it came to network connections, said Jose Granado, a partner at Ernst & Young's () security and technology solutions office in Detroit.

That no longer exists, he said.

"Everybody's worst nightmare with hacking is a little different," said Fred Rica, a partner in PricewaterhouseCoopers' () threat and vulnerability assessment practice in Florham Park, N.J. "Or maybe it's when your database gets disclosed and your customer's credit information is revealed."

Rica leads a team of specialists who simulate hacker attacks to show clients where their systems have vulnerabilities.

"Our clients' first reaction, when we tell them that we got something, is that they get very defensive and don't believe we did it - especially the system guys who take a lot of pride in what they do," Rica said.

But David Miller, information security officer at the Covisint automotive industry exchange, said employees could be helpful in enhancing network security.

"I have seen that people are much more willing now to take security seriously by changing their passwords and creating good passwords that are uncrackable," Miller said. "Security is only 49 percent technology. Fifty-one percent of it is the internal users."

0

Shares

ATTENTION COMMENTERS: Over the last few months, Automotive News has monitored a significant increase in the number of personal attacks and abusive comments on our site. We encourage our readers to voice their opinions and argue their points. We expect disagreement. We do not expect our readers to turn on each other. We will be aggressively deleting all comments that personally attack another poster, or an article author, even if the comment is otherwise a well-argued observation. If we see repeated behavior, we will ban the commenter. Please help us maintain a civil level of discourse.

Newsletters