encounter an incident and who they can
call and what kind of actions they need
to take. Each one of those is part
of how you prevent and respond
to incidents.”
Gaetan Houle, executive director of
IT security at Ernst & Young LLP in
Montreal, says cyber-criminals used to
hack into a company’s system in order
to destroy information on hard drives,
but today they’re after information so
they can steal identities.
“The attacks are designed to work in
stealth mode below the radar screen,
undetected, and they’re designed to
extricate information out of
your environment without
being detected.”
He says phishing is still the most
prevalent problem but a popular
way of attacking a company’s
system is still through Internet
portals that are not secure,
something that’s posing a
challenge for IT profession-
als with the increasing popu-
larity of cloud computing.
“[Employees] get an e-
mail that they think is from their
buddy, they click on the link and end up
downloading malware.”
In fact, says Houle, there are highly skilled
hackers who steal intellectual property from
targeted industries, such as aerospace and
pharmaceuticals, and then sell it to certain
foreign governments who give it to their na-
tional companies.
China is traditionally cited as a country
where many cyber-attacks originate, but
Houle maintains other countries around the
globe have sophisticated networks of crimi-
nal hackers. While firewalls and detection
systems will catch viruses that have a digital
signature, Houle says hackers are now modi-
fying existing viruses, by adding random code
to them, giving them a different signature.
Some hackers, he says, will embed mal-
ware into the HTTP code so that firewalls
will not catch it.
Houle says security awareness should be
mandatory for all workers.
“If you don’t make it mandatory, people
make all kinds of excuses for not doing it.
That’s key because the employee is your last
layer of defence and it tends to be the weak-
est link. User awareness is key in all of this.
With new attacks, we’re playing a game of cat
and mouse in the cyber-security industry.”
Book
Forensic and Investigative
Accounting (5th Edition)
D. Larry Crumbley, CPA, CFD, Cr.FA
Updated databases
Fraud and Forensic Accounting Library
Internal Controls Library
Details at www.cch.ca/forensic2
Cover
IFC
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
IBC
BC
Zoom level
fit page
fit width
A
A
fullscreen
one page
two pages
share
print
download
SlideShow
fullscreen
Open Article
article text for page
< previous story
|
next story >
add comment
|
read comments
Share this page with a friend
Save to “My Stuff”
Subscribe to this magazine
Search
Help
