We all understand the concepts of physical security reasonably well: Locks, Doors, Alarms, Security Guards… With the new digital universe we need to be just as conversant with information security. The front page headline of Computer Weekly last week was a good reminder: “More intruders found behind firewall, says 2008 Information Security Breaches survey.”

The report is based on the recent Information Security Breaches survey (PDF and PDF of executive summary) conducted for the Department for Business, Enterprise and Regulatory Reform, and reports a ten fold increase in hackers inside the firewall

An attention grabbing article, but there are some things of note. Because corporate cyber defences are working well, criminals are targeting home PCs and careless web surfers. Having failed to hack us in the office, they are after us at home. The IT team has always been concerned about the security of remote workers, now they will be even more so.

The launch of the report coincided with the start of the InfoSec security show London this week, which featured all of the major vendors showing their latest wares. Security is increasingly moving from network-based firewalls, to desktop-based software. This approach makes securing remote or home-based machines easier.

In the article, Jim Norton, senior policy adviser at the Institute of Directors, suggested firms use honeypots (servers designed to appear to contain valuable information). I wouldn’t say that was good advice. Using honey pots is a bit like guarding parked cars by putting a very expensive looking one in the middle and hoping the criminals hit that first.

Enterprise security measures are working increasingly well. What we have to watch out for now is social engineering attacks, such as emails that result in unwittingly handing over login information or personal details. Be on your guard, as these methods, including “phishing” e-mails, are becoming more and more sophisticated.

The threat is not just our personal or corporate information ending up in the public domain, it is also the risk of loosing valuable data. Yet another reason to have a good back up policy, be it for your family photos or corporate trade secrets!

Reference: Information Security Breaches survey (executive summary)