Endpoint Protector Appliance: Stop data theft on Windows and Mac

Why cutting off USB ports is not a smart security solution

January 25th, 2010 by Agent Smith (1) Data Theft & Loss,DLP,endpoint security

The USB ports leading to the computers in your network are somewhat of a hell hole, opening up the way to scary security breaches. It all comes down to the use of portable devices that can store large amounts of data that employees and visitors carry around, plug in and use, regardless of all the security red alerts popping up each step of the way.

But completely cutting access to USB ports, although still used, is not a smart move if you’re trying to protect your data against accidental loss or theft. Lawsuits, fines and seeing your customers drop like flies are all scary scenarios, but fear should never prevent you from playing it smart. Read more

Study by KPMG sees “Business crime on the rise in Germany”

As many as 37 percent of German companies were the victim of economic crime in the last three years, a new study has found. Internet fraud and the theft of business secrets have become a particular problem.
The use of USB Flash Drive in high capacity has made it easy to steal even the most complex business or construction plans in just a few seconds.

A USB Thumbdrive is all that’s required to steal valuable information.

A new study carried out by the German research institute Emnid for the financial services firm KPMG has found that criminal methods are being used more and more often in the ruthless and competitive world of business.

The survey, which took in 375 companies of all sizes, found that around one in three companies had been the victim of business crime. Two thirds of the companies surveyed also expected the level of criminality to rise.

The biggest economic crimes remain fraud, theft, embezzlement and breach of trust, but money-laundering and the forgery of accounts and financial information have all risen since the last survey was carried out in 2006.

Ignorance breeds carelessness

According to KPMG spokesman Frank M. Huelsberg, companies still need to be more aware of how crimes operate. “Despite these alarming results, small and medium-sized companies are particularly prone to underestimate the danger of falling victim to crime,” he said.

Fifty-six percent of the employees surveyed said that their company was less likely to be a victim of economic crime than a major corporation, while 76 percent believe they have made adequate security arrangements.

banner-sky.jpg

“Privately- or family-owned companies like to put their trust in their employees. But that makes them vulnerable,” Huelsberg said, “Experience shows that basic security mechanisms are often neglected in such companies.”

Third-party threat

In 62 percent of economic crimes involving small and medium-sized companies, employees conspired with an external third party. This figure is only 40 percent with large companies.

The theft of business or operational secrets is a growing threat, according to the study. A third of small and medium-sized companies have been a victim of such theft, the study said.

“The sale of sensitive information to competitors or criminals is particularly strong in times of economic crisis,” Huelsberg says, “Nowadays even the most complex construction plans fit on a USB stick. Data theft and industrial espionage can be child’s play if security fails, and the loss of sensitive designs or formulas can be fatal for a small, innovation-based company.”

Read the enitre article here on DW.

Was there or wasn’t there a loss of data?

January 12th, 2010 by Agent Smith (0) Data Theft & Loss,In the News,security breach

A recent DOS attack on an Eugene School District server managed to succeed in breaching their security and access the said computer which contained the names, employee ID numbers and phone numbers of about 2500 current and former employees. While other sensitive information such as security numbers were not stored on the breached machine, the server was connected with others (apparently protected by other security systems as well), that contained private details on a total of 26000 people and vendors.

Luckily all student data are stored on different networks of the Eugene School District, so none of those studying in the region have been affected. The supposed breach seems to have only affected adults.

Yet the safetly of the 26000 different records is in no way guaranteed. There is no proof of further breaching, but there isn’t any to show there was none either. In the mean time, the breach is being investigated, while the school district’s website has been updated with information on the breach.

“A thorough investigation of the security breach has been initiated, police have been notified, and the district has taken measures to further safeguard the involved server,” the district said. “We are continuing to assess our information security systems to make certain that we have all appropriate measures in place to ensure that personal information is secure. We sincerely regret any inconvenience this may cause to our staff and vendors.”

More information here.

So what’s the endpoint security forcast for 2010?

January 6th, 2010 by Agent Smith (3) Data Theft & Loss,endpoint security,In The Spotlight

With security journalists complaining about hazy security predictions for 2010, we thought I thought I should get my crystal ball out and share with you what the future holds for the world of Endpoint Security! My predictions are based on what I’ve noticed in the past few years, on recurring issues and generally how things work in the industry. So here goes!

1. The much hyped and awaited US Cybersecurity Czar will spend at least 6 months sorting through inter-agency policies, egos and feeble budgets and only then starting to do some work! The boost the security industry is expecting to come from the authorities interest in cybertheats will continue to lag.

2. The economy is picking up. But slowly and mostly on paper. Security budgets won’t be much increased and cost effectiveness will remain an important factor in selecting security products. Let’s hope it will come into play after the ineffective products are eliminated and not before! Read more