FROM: PR NEWSWIRE Wednesday July 17, 1985 Update: 16

CGA SOFTWARE PRODUCTS GROUP ON COMPUTER CRIME

    INTERNAL COMPUTER CRIME PROVES GREATER THREAT THAN 'HACKERS'
    NEW YORK, July 17 /PRNewswire/  --  For  every  outsider  who
accesses  Pentagon  telephone  numbers or makes fraudulent credit
card purchases, like the seven New Jersey teenagers arrested  re-
cently,  it  is estimated that far greater numbers of disgruntled
or dishonest employees damage their employers'  computer  systems
internally every day.
    "Teenage 'hackers' are just the tip  of  the  computer  crime
iceberg,"  says Carol Molloy, a computer security specialist with
CGA Software  Products  Group,  Holmdel,  N.J.   "These  computer
crimes  get the spotlight because the perpetrators get caught and
the victims are willing to prosecute."
    More insidious data fraud and malicious damage occurs  inside
corporations  than  any  hacker ever committed, Molloy continues.
"Employees have far greater access to sensitive information,  and
many  times  are  so well acquainted with procedures and security
features that they leave no trail at all,"  she  adds.   "Unhappy
employees  can leave a programming 'time bomb' in a computer that
causes trouble long after they are fired  or  leave  for  another
job."
    Carelessness, rather than  malice,  often  causes  even  more
problems,  according  to Molloy.  "Many computer security systems
are based on passwords, and people can be very lax about protect-
ing them."
    Employee computer crimes, however, receive far less attention
than outside break-ins, Molloy says, because victimized organiza-
tions are unwilling to publicize the matter  through  arrest  and
prosecution.  "Revealing  damage from internal sources doesn't do
much for a company's image," she says.
    "Customers, corporations feel, will  start  to  wonder  about
just  how secure relevant information may be and may decide to go
elsewhere.  Also, insurance premiums often go up after a theft is
revealed."
    The question facing data processing and information  managers
is  not whether a security system should be installed, but how to
go about it, says Molloy.  "Many organizations believe that secu-
rity  is  solely  the  concern of the managers," she says.  "They
don't  realize  that  implementing  security  requires  extensive
internal support."
    Security systems also demand ongoing maintenance,  she  says.
"Just installing the system doesn't mean data is secure from then
on," she points out.
    "Our experience at CGA has shown that installing security  is
an  organization-wide effort," she says.  "Many corporations con-
sider compliance with security procedures part of regular perfor-
mance  reviews, and adhering to regulations is routinely included
in job descriptions.  This usually results in active,  widespread
employee  support  for  security procedures, especially when it's
obvious that the company takes security seriously."
    Molloy is product manager for Top Secret, a security software
package  from  CGA, and is a recognized authority on planning and
implementing computer security  systems.
  Provided  by  Elric  of
Imrryr & Lunatic Labs& UnLtd.