A BBC TV programme, Inside Out, recently caused some red faces in the UK House of Commons by revealing that a six year-old girl was easily able to break into the parliamentary computer system by installing a keylogger on the PC of an MP.
Having managed to sneak the device in under the noses of one of the UK’s most vigilant security teams, the girl was able to swiftly attach the device while the MP agreed to leave her PC unattended for 60 seconds as part of the test.
This has brilliantly highlighted the increasing threat posed by keyloggers, which in the programme’s words are proving the “weapon of choice” for many fraudsters and criminals.
The real vulnerability that organisations face here is human, not technological. The keylogger is installed by someone physically attaching it to the PC, which can only be accomplished through the negligence, naivety or active help of someone within the organisation. A best practice information security management system adhering to ISO 27001 is the best possible defence against such vulnerabilities, as it addresses the staff training and awareness issues surrounding infosecurity in addition to technological defences.
This exchange on the blog of Doug Schweitzer adds some more useful colour here and highlights a couple of books that focus on the startling truth that the greatest security threat an organisation faces is from within.