@Risk

How careful are employees when it comes to IT security?

Apparently, most aren’t careful, at all. What’s more, most aren’t really concerned whether or not IT policies are followed.

Take a look at these survey results. IT security expert Avira polled nearly 1,000 of its users in September and found that:

• Only 38.95 percent of those participating in the study said they adhere to security policies designed to protect their company.
• About the same amount (35.42 percent) admitted there are security policies in place at their business, but that they didn’t feel that anyone really cared whether those policies were followed or not.
• The remaining 25.63 percent said they see security as a system administrator’s responsibility and not an employee concern. (more…)

Do you know what your employees, customers and competitors are saying about your company online via social media networks?

Most companies don’t –and that’s starting to cause headaches for risk professionals.

A recent survey by the Federation of European Risk Management Associations and the Institute of Risk Management (IRM) asked risk professionals which three cyber risks they thought were the greatest threats to their own organization and to business, in general.

For business, in general:

• Respondents ranked social media alongside non-malicious operational IT risks, theft of customer information and malicious interference with IT systems as the greatest cyber threats to business. Reputation risk from social media was cited as a material risk by nearly 50 percent of respondents and loss of confidential information through social media by 20 percent.

In terms of exposures to their own organizations, the emphasis shifted somewhat:

• More than half put operational, non-malicious IT risks among the top three, followed by 43 percent theft of customer information (43 percent) and social media risks (42 percent).  21 percent said they were concerned about loss of confidential information through social media.

In other findings: (more…)

Even though many have had to cope firsthand with disruptions caused by recent natural disasters such as Iceland’s volcanic eruption or the earthquake and tsunami in Japan, executives now see cyber attacks –rather than physical attacks –as potentially the most damaging to their supply chains, according to new report from PwC.

The report, Volume 4 of the Transport & Logistics’ 2030 series Securing the Supply Chain, is a joint project between PwC and the Supply Chain Management Institute (SMI) at EBS Business School in Germany.  It warns that cyber attacks are now so sophisticated that any business, or even country, could be at risk. (The German internet, for example, is attacked every two seconds, PwC says.)

On average, the 80 science, government and business executives polled agreed that there is a 56 percent probability of a rise in attacks in some form. Overall, those surveyed said they were even more concerned about hacker attacks affecting their supply chains than they were about actual physical attacks.

In addition, survey respondents said there was a 70 percent probability of logistics companies having to perform obligatory security checks on their whole supply chain, and they said there was a 60 percent probability that modern technology would offer businesses better protection.
(more…)

Cybercrime is on the rise, and unfortunately, it’s a trend that shows no signs of slowing down.

In fact, a new report from McAfee and Science Applications International Corporation (SAIC) found that the cyber underground economy now makes its money on the theft of corporate intellectual capital, including trade secrets, marketing plans, research and development findings and even source code.

McAfee defines this intellectual capital as the “new currency of choice” and says that cybercriminals have discovered that there is great value in selling a corporations’ proprietary information and trade secrets which have little to no protection.

“Cybercriminals have shifted their focus from physical assets to data driven properties, such as trade secrets or product planning documents,” Simon Hunt, vice president and chief technology officer, endpoint security at McAfee, said. “We’ve seen significant attacks targeting this type of information. Sophisticated attacks such as s Operation Aurora, and even unsophisticated attacks like Night Dragon, have infiltrated some of the of the largest, and seemingly most protected corporations in the world. Criminals are targeting corporate intellectual capital and they are often succeeding.”

The report, Underground Economies: Intellectual Capital and Sensitive Corporate Data Now the Latest Cybercrime Currency, found that: (more…)

Smartphones are embedded into today’s corporate culture. But, if you use your smartphone for both business and personal purposes, you may be putting your company at risk.

A new study from AVG Technologies found that most people are surprisingly indifferent to the many serious security risks associated with the storage and transmission of sensitive data on iPhone, Blackberry and Android devices. For example: (more…)