@Risk

Any business is vulnerable to a data breach. However, for the second year in a row, the information security firm Trustwave has found companies in the food and beverage industry are the most at risk from cybercriminals.

Why? According to the newly released Trustwave 2012 Global Security Report, industries with franchise and chain store models are top targets primarily because franchises often use the same IT systems across stores. Once cybercriminals compromise a system in one location, they likely can duplicate the attack in multiple locations. In fact, more than one third of Trustwave SpiderLabs 2011 investigations occurred in a franchise business, and the report predicts this number will rise in 2012.

Here are a few more key findings from the 2012 report: (more…)

Identity fraud jumped by 13 percent in 2011, and that increase may be the result of consumers’ social media and mobile behaviors.

For the past nine years, Javelin Strategy & Research has conducted an annual analysis of identity fraud trends, and for the first time, the 2011 study examined social media and mobile phone behaviors, ultimately uncovering certain related consumer practices that appear to increase risks.

Here are some of the key findings in more detail:

• The overall number of identity fraud cases is up, but the dollar amount held steady. Javelin found that more than 11.6 million adults became a victim of identity fraud in the US last year, although the dollar amount stolen remained constant. (Javelin defines “identity fraud” as the unauthorized use of another person’s personal information to achieve illicit financial gain.)
• Social behaviors are risky. LinkedIn, Google+, Twitter and Facebook users had the highest incidence of fraud although there is no proof of direct causation.  What’s the risk? Javelin found that consumers share significant amounts of personal information frequently used to authenticate identity. For example: (more…)

News last week that a NASA computer stolen in March 2011 contained unencrypted codes used to command and control the International Space Station has put the spotlight, once again, on the issue of cyber security.

Are C-suite execs paying attention?

Unfortunately, new research suggests they’re not.

The advanced findings from the latest 2012 Carnegie Mellon CyLab Governance survey of how corporate boards and executives are managing cyber risks reveal that the issue is still not getting adequate attention at the top.

Sponsored by RSA, The Security Division of EMC, the survey results show that even though there are some improvements in key “regular” board governance practices formation of board Risk Committees and cross-organizational teams within certain organizations, significant areas of concern remain. For instance:

• Oversight is lacking. Boards and senior management are not engaging in key oversight activities, such as setting top-level policies and reviews of privacy and security budgets to help protect against breaches and mitigate financial losses.
• Most boards aren’t taking responsibility. Less than one-third of the respondents indicate their boards and senior executives are undertaking basic responsibilities for cyber governance.
• Lack of personnel is a concern. Nearly half of the respondents indicated that their companies do not have full-time personnel in key privacy and security roles.
• Insurance coverage needs updating. More than half (58 percent) of the respondents said their boards are not reviewing their companies’ insurance coverage for cyber-related risks.

What can you do to help remedy the situation at your company?  RSA suggests you: (more…)

Vermont is known for maple syrup, fall foliage, covered bridges and now . . . embezzlement?

As strange as it sounds, Vermont topped the list of states with the highest risk of loss due to embezzlement in 2011, according to new research from Marquet International Ltd.

The 2011 Marquet Report On Embezzlement, examined 473 major employee theft cases active in the US last year and found that: (more…)

Despite widespread awareness, cyberattacks are becoming  increasingly common.

As remarkable as it sounds, a new study from HP and the Ponemon Institute found that over a four-week period, the organizations surveyed experienced 72 successful attacks per week, an increase of nearly 45 percent from last year. (Note: More than 90 percent of all cybercrime costs were caused by malicious code, denial of service, stolen devices and web-based attacks.)

Of course, the financial impact of a cyberattack can be devastating. The Second Annual Cost of Cyber Crime Study also revealed that the median annualized cost of cybercrime incurred by a benchmark sample of organizations was $5.9 million per year, with a range of $1.5 million to $36.5 million each year per organization. This represents an increase of 56 percent from the median cost reported in the inaugural study published in July 2010. (Note: More than 90 percent of all cybercrime costs were caused by malicious code, denial of service, stolen devices and web-based attacks.)

Interestingly, the study looked deeper into the economic costs of cybercrime and found that: (more…)