Furthermore, he said, an increasing number of people being arrested for computer crime in the UK are computer professionals – many of them former teen hackers who have grown up and taken careers in computers.
“We have seen a change. I’ve been dealing with computer crime for the last six to seven years and we are not seeing the 15-16-year-olds any more,” Neate told delegates at the ongoing RSA conference. “The people we are now arresting are IT professionals.”
Many of those are former teenage ‘script kiddies’ that have grown up and become bolder. Some are now attacking specific systems with the intention of either stealing particularly sensitive items of data or breaking into systems so that they can blackmail their targets, he said.
Often, such attacks are perpetrated by insiders exploiting their knowledge of the systems on which they work. At the same time, “there are some extremely capable people with no previous convictions”, who are perpetrating an increasing number of attacks.
It is these people that CIOs and their IT security staff should fear most, he said.
However, IT systems administrators are often not up to the task of securing the systems on which they work, warned another speaker at the RSA event, Ira Winkler, Hewlett-Packard’s chief security strategist. “I don’t think people really understand how easy it is to break into a computer systems,” he said.
The problem is that systems administrators are only rarely given adequate security training and then, only after an attack has been successfully perpetrated, he said.
Not only that, but too few IT courses properly integrate security training, enabling students to graduate with little understanding of ‘permissions’ – giving users authority to access only those systems they need – and the importance of expiring unused accounts in a timely fashion.