Simply Security - News, Views, and Opinions from Trend Micro

Posted on June 28th, 2012 in Current News by Simply Security | Be the first to comment | Tags: cybercrime, Privacy & Policy

The Department of the Interior is allowing its employees to access its network from phones and mobile devices even as a federal report shows increased web-based attacks against government web sites.

The Department of the Interior is allowing its employees to access its network from phones and mobile devices even as a federal report shows increased web-based attacks against government web sites.

The report from the Government Accountability Office found more than half of all agencies reported poor security for their financial reporting as well as overall concerns regarding unauthorized access, improper use of resources and malware attacks. It went on to state that the number of attacks reported in the past six years has increased by 680 percent. The volume and variety of attacks against infrastructure at all levels wasn’t just external, the report noted.

Meanwhile, the Interior Department has announced its aiming at making their workers more mobile by giving them remote access to the internal network. The department did say it would require data encryption and would try to enforce other security measures, but its network will still be available through a standard browser format.

“We’re taking a pretty slow approach in terms of which services we’re allowing,” said the department’s deputy assistant for technology Andrew Jackson in an interview with Federal News Radio. “My goal is that any service that an employee needs to actually get their job done, they’ll be able to get to it through this new system we’re setting up.”

Jackson went on to say it was the Interior’s intention to work closely with IT security providers to create protocols for the service, noting that the flexibility and utility offered outweighed the possible risk.

One expert pointed out in an interview with Sci-Tech Today that browsers have inherent security gaps, making data theft or loss far more likely. If the information isn’t stolen by an outside source, internal theft is still a strong possibility. Within the last month alone, a South Carolina Department of Health employee illegally forwarded sensitive information containing more than 200,000 Medicaid recipients to himself using a personal email account. The man was apprehended, but the incident could still cost the department a great deal of money. According to a Ponemon Institute study, the average cost of a data breach like the one suffered in South Carolina is about $202 per individual affected, adding up to roughly $40 million dollars.

A CDW straw poll found business network access has increased by 41 percent in the past two years. It also found two-thirds of businesses allow employees to participate in BYOD (bring your own device) programs, though only 35 percent felt their security was adequate.