Banking show security bypassed with a smile

Banking show security bypassed with a smile

Summary: Sibos 2006 organisers had probably spent more on security than any other exhibition I have been to; however, all it took was a friendly gesture from one security guard to create a gaping hole in the security infrastructure.My first thoughts when walking into the main hall at the Sydney Exhibition Centre in Darling Harbour last week were "this is where the money is at".

SHARE:
TOPICS: Security
1

Sibos 2006 organisers had probably spent more on security than any other exhibition I have been to; however, all it took was a friendly gesture from one security guard to create a gaping hole in the security infrastructure.

My first thoughts when walking into the main hall at the Sydney Exhibition Centre in Darling Harbour last week were "this is where the money is at".

The exhibition space had spotless cream carpets and the hall was filled with ridiculously expensive stands belonging to the largest banks and financial institutions on the planet. Milling around the stands, I could see the cream of the crop -- when it comes to IT in finance -- making deals and discussing the latest advancements in payment technologies.

In order to get as far as the exhibition space, delegates first had to get past airport-style metal detectors and a manual bag check.

Not expecting to have to deal with such obstacles, I approached the exhibition entrance and, with my jacket in one hand and my bag in the other, fumbled around trying to gather all the metallic objects from my person.

The security guard standing at the metal detector helpfully held my jacket while I put the last of my metal objects into a little black plastic tray. I walked through the gate -- without any beeps -- and then set about re-inserting keys, change etc. into their original pockets. As I was doing this, the security guard handed my jacket back to me with a big smile on his face. He didn't put the jacket through the security gate or check to see if it had any hidden weapons.

So all the money spent on metal detectors and security guards was effectively useless when my jacket, which could have contained "bad" metal objects, completely bypassed the security check.

As it happened, it made no difference because I wasn't there to cause any trouble. However, if I had hidden something undesirable in my jacket, exhibition security would have failed miserably.

Often, being seen to take security seriously is far more important than actually doing so. Administrators, companies and governments do this on a regular basis.

For example, if a company notices that some "trusted" employees' computers are being used to access unauthorised documents or files, what should it do?

I remember a few years ago being told that if all the computers had a password protected screensaver, there would be far less chance of a "bad" employee being tempted by an unprotected desktop.

It's this kind of policy, which plugs up gaping holes and costs virtually nothing to implement, that should be prioritised.

In the case of the Sibos, hiring fewer but better trained security guards would have made the exhibition safer. But when security budgets are so big, who cares about the little things?

Topic: Security

Munir Kotadia

About Munir Kotadia

Munir first became involved with online publishing in 1998 when he joined ZDNet UK and later moved into print publishing as Chief Reporter for IT Week, part of ZDNet UK, a weekly trade newspaper targeted at Enterprise IT managers. He later moved back into online publishing as Senior News Reporter for ZDNet UK.

Munir was recognised as Australia's Best Technology Columnist at the 5th Annual Sun Microsystems IT Journalism Awards 2007. In the previous year he was named Best News Journalist at the Consensus IT Writers Awards.

He no longer uses his Commodore 64.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

1 comment
Log in or register to join the discussion
  • Banking Show Security Bypassed with a Smile

    I remember a few years ago being told that if all the computers had a password protected screensaver, there would be far less chance of a "bad" employee being tempted by an unprotected desktop.

    It's this kind of policy, which plugs up gaping holes and costs virtually nothing to implement, that should be prioritised.


    Yes but what most ppl that think along these lines don't realise is that having to enter your password, which by the way has to contain UPPER & LOWER case characters as well as Numbers AND it must contain at least one non text/number eg. @#$%^&*!

    Now of course this is all well & good until you have password aging which means you have to change your password every 60 days & you can't use your last 12 password & the new password must differ by 3 digits (eg, windows password policy).

    the end result is that the person now HAS to write the password down so they do not forget it making the whole exercise a waste of time & money, not too mention major security issues.
    anonymous