« Cool tool for packed executables | Main | Rootkit Webcast »
January 24, 2006
Non corporate use of corporate machines
In a recent survey of computer use in Europe , there are some interesting statistics about the lack of perimeter around corporate machines.
21% of workers allow family and friends to access the internet.
51% of workers connect their own gadgets to their computers.
McAfee also identified 4 sterotypical types of employee that put organizations at risk
- The Security Softie – This group comprises the vast majority of employees. They have a very limited knowledge of security and put their business at risk through using their work computer at home or letting family members surf the internet on their work PC.
- The Gadget Geek – Those that come to work armed with a variety of devices/gadgets, all of which get plugged into their PC.
- The Squatter – Those who use the company IT resources in ways they shouldn’t (i.e. by storing content or playing games).
- The Saboteur – A very small minority of employees. This group will maliciously hack into areas of the IT system to which they shouldn’t have access or infect the network purposely from within
What is often lost in these types of analysis is the business benefits of more freedom, as opposed to the business losses due to security issues. There is often a knee jerk reaction to clamp down, while a bigger picture view might swallow the risk of attack in the face of happier and more productive employees.
See also Bruce Schneier's blog entry on this