• silicon.com
• Technology
• Security

By Graham Hayday, 29 August 2000 00:30

COMMENT UK police last week confirmed online bank egg had been targeted by fraudsters. It's easy to spin this as another hacking scare, another example of the inherent insecurity of the internet. Not so. This was simply an old-school crime perpetrated in the brave new world of the net. All the perpetrators did was set up multiple accounts to attempt to get credit cards and multiple loans transferred into them. No hacking tricks to be seen. The story provoked reaction from security experts who are concerned about the rising levels of organised crime on the internet. We had discussions with several well-respected figures in the field, all of whom agreed banks are likely to fall pray to the unsavoury attention of the criminal fraternity - largely because their security policies are poor, and become exposed as such when they go online. But this isn't a straight technology matter - the criminals were not really exploiting a technical weakness. They were simply taking advantage of a perceived weakness in the bank's business processes. The egg incident proves that banks - and every other company - must look at security as an all-embracing issue. So too with ISP Demon a few weeks back, which suffered a break-in during which a PC was stolen. The PC happened to have some sensitive data on it. This illustrates that physical security is just as important as IT security, and the person responsible for one has to understand the other. A PC which holds no sensitive data does not need to be kept overnight in Fort Knox. As technology continues its inexorable path towards the heart of every business, the phrase 'IT security' should become redundant. Storing data miles away from a public network on a standalone PC is ridiculous if it could get stolen. Going online with the best firewall in the world in place is useless if there are other ways to fool the system. Information security is dead. Security is security is security.