Skip to main content

Security Assumptions are dangerous

Anyone who steals the identity of a user becomes that user and has access to their most sensitive systems and data. If just one user’s identity is compromised, corporate systems are vulnerable. This is the threat posed by “corporate identity theft”.

Identity theft takes many forms – exploiting weak passwords, keystroke capture, phishing, Trojan software, social engineering, password sharing and so on. Not every attacker is sitting at home with their computer, trying to break in to the corporate web site. Sometimes all they have to do is call up and ask! As Dorothy Denning, author of Information Warfare and Security said, “Any medium that provides one-to-one communications between people can be exploited, including face-to-face, telephone and electronic mail. All it takes is to be a good liar.”

Organisations make very dangerous assumptions about the security of data on their networks. No-one considers, or more importantly tests, who might be able to view or steal mergers and acquisitions data, business plans, payroll information or BACS payments. On a typical corporate Windows network, anyone with an administrator account can see or copy anything. Putting information on a network server is not the same as locking it in your desk drawer.

This blog post is an excerpt of an opinion piece called "Identity Theft in The Corporate World" written by Peter Wood from First Base Technologies. You can find more about this security outfit at

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website building and web hosting when DHTML and frames were en vogue and started writing about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium. Following an eight-year stint at where he discovered the joys of global tech-fests, Désiré now heads up TechRadar Pro. Previously he was a freelance technology journalist at Incisive Media, Breakthrough Publishing and Vnunet, and Business Magazine. He also launched and hosted the first Tech Radio Show on Radio Plus.