Companies that just use firewalls to protect their e-commerce systems from outside intruders risk "locking the lodger in with their daughter", muses local security exec Ian Fewtrell.
According to the local MD of Cabletron enterprise arm Enterasys, around 70 percent of corporate e-security disruption is traced back to internal, not external forces.
What's more, he said companies were often reluctant to publicly admit the possibility of internal "cyber-sabotage" due to a perceived threat to public image.
"We're only hearing a fraction of what goes on. We're only seeing the tip of the iceberg," he said.
Fewtrell stressed that a high incidence of internal "cyber-sabotage" did not necessarily reflect a high level of malicious intent from employees. In many cases, internal cyber-sabotage was committed purely by accident, he said.
And firewalls that screen a company's IT system from outside forces do little or nothing to prevent internal cyber-sabotage, deliberate or not, he said.
Fewtrell supports a "holistic" approach to corporate e-security. Ideally, he said, a firewall should be accompanied by inward-looking e-security systems, as well as clearly defined company e-security policies and practices - "as simple as not having your password stuck to the side of your computer".
A single interface reporting on multiple systems provided the most secure multi-level e-commerce environment, he said.
He said companies with "multi-layered" security systems in place reported 30 percent higher instance of sabotage attempt. But this did not mean more security layers meant more security holes. Rather, multi-layered security systems were able to detect more attempts at sabotage, he said.
Fewtrell was talking at the Australian launch of the vendor's revamped security architecture, Safe Harbour. No local customers have been announced.
