[ by Melanie Gretchen ]

Firms that have spent the past 30 years building their defenses against hackers will have to focus on another vulnerable front.  In the recent round of IT woes, Sony Corp., Citigroup Inc., and other companies can thank employees for a series of high-profile breaches last year by criminals who successfully gained access to company networks.  Companies have since begun testing new tools to keep track of what's happening on their networks and rolling out employee education programs.  Is it working?

"The security gap is end users," says Kevin Mandia, chief executive of security firm Mandiant Corp.  Most corporate security breaches his firm is currently investigating involve hackers who gained access to company networks by exploiting well intentioned employees.   [C-I Note: Now think about the risk of rogue employees.]

What We Do That Makes Firms Vulnerable

• click on e-mails from hackers that download viruses, letting them bypass corporate firewalls
• circumvent company tech-support rules
• use private e-mail accounts such as Gmail and Yahoo Mail, which do not offer the same sort of protection against malware and phishing that employees get at work
• work with consumer-grade online services like Web email and cloud storage services
• posting information about ourselves and our jobs online via blogs and professional networking sites, which create a picture of corporate hierarchies
• use consumer gadges like smartphones and tablets which carry the risk of introducing unknown security holes inside corporate networks

"While this might only be one person out of a thousand, from the point of malware, all it takes is one person to fall for the trick and the damage is done," says Daimon Geopfert, the leader of the security consulting practice at RSM McGladrey Inc.

And so continues the pursuit of progress.

For further details, go to [WSJ, 9/26/11].