@Risk

News last week that a NASA computer stolen in March 2011 contained unencrypted codes used to command and control the International Space Station has put the spotlight, once again, on the issue of cyber security.

Are C-suite execs paying attention?

Unfortunately, new research suggests they’re not.

The advanced findings from the latest 2012 Carnegie Mellon CyLab Governance survey of how corporate boards and executives are managing cyber risks reveal that the issue is still not getting adequate attention at the top.

Sponsored by RSA, The Security Division of EMC, the survey results show that even though there are some improvements in key “regular” board governance practices formation of board Risk Committees and cross-organizational teams within certain organizations, significant areas of concern remain. For instance:

• Oversight is lacking. Boards and senior management are not engaging in key oversight activities, such as setting top-level policies and reviews of privacy and security budgets to help protect against breaches and mitigate financial losses.
• Most boards aren’t taking responsibility. Less than one-third of the respondents indicate their boards and senior executives are undertaking basic responsibilities for cyber governance.
• Lack of personnel is a concern. Nearly half of the respondents indicated that their companies do not have full-time personnel in key privacy and security roles.
• Insurance coverage needs updating. More than half (58 percent) of the respondents said their boards are not reviewing their companies’ insurance coverage for cyber-related risks.

What can you do to help remedy the situation at your company?  RSA suggests you: (more…)

Secure Socket Layers (SSL) certificates are an essential component of secure online transactions, and yet most (54 percent) of the 174 IT and information-security pros recently surveyed by Venafi admitted they have an inaccurate or incomplete inventory of their SSL certificate populations.

As Venafi points out, deploying encryption solutions without maintaining comprehensive certificate and key inventories is a worst practice that jeopardizes vital business systems and processes, while exposing organizations to substantial risk of security and compliance incidents.

But, hold on. The story gets even worse. The survey results also showed that: (more…)

Business travel has become standard fare for many –if not most –corporate employees.  However, recent research by American Express Global Business Travel found that corporate travel policies are often lacking updates and appropriate oversight, leaving companies exposed to losing hard-earned corporate negotiated rates, and even more importantly, putting business travelers at unnecessary risk.

American Express Global Business Travel analyzed nearly 100 travel policies of global, multinational, and mid-sized companies, and the results showed that:

• Less than one-third of these companies overall have updated their travel policies within the last year.
• Only 12 percent addressed traveler security despite it being a critical issue for companies to consider as more and more employees embark on worldwide business travel today.
• The vast majority (80 percent) did not address reimbursement of ancillary fees such as checked bags, reservation change fees, or other for-purchase services offered at hotels and car rentals
• 85 percent of global companies require an agency to book hotels. But only 35 percent of smaller companies and large international organizations do the same.
• None of the travel policies addressed the use of mobile applications or even referenced tools they may have available for travelers to use on the road or when working remotely.
• 70 percent of companies do not provide specific guidelines to travelers on when it makes sense to book airfares through a non-preferred supplier if the ticket price is less expensive.

To fill in these gaps, American Express Global Business Travel suggests that companies review their policies and focus renewed attention on: (more…)

We all know that employees use social networks and browser-based file sharing at work. But, new research from Palo Alto Networks reveals just how deeply Web 2.0 tools have penetrated the workplace –and how important it is for companies to prepare for potential threats from social media and file sharing apps.

After analyzing raw application traffic from more than 1,600 enterprises between April 2011 and November 2011, Palo Alto Networks found that:

Social media use is exploding, especially for Twitter. The study revealed that bandwidth consumption for Facebook Apps, Social Plugins and posting increased from 5 percent (October 2010) to 25 percent (December 2011) when measured as a percentage of total social networking bandwidth. Twitter browsing at work alone grew by more than 700 percent year-over-year. (more…)

Vermont is known for maple syrup, fall foliage, covered bridges and now . . . embezzlement?

As strange as it sounds, Vermont topped the list of states with the highest risk of loss due to embezzlement in 2011, according to new research from Marquet International Ltd.

The 2011 Marquet Report On Embezzlement, examined 473 major employee theft cases active in the US last year and found that: (more…)