Study by KPMG sees “Business crime on the rise in Germany”

January 21st, 2010 by Robert (0) DLP, Data Theft & Loss, Default, Identity Theft, In the News, Research and Studies, endpoint security

As many as 37 percent of German companies were the victim of economic crime in the last three years, a new study has found. Internet fraud and the theft of business secrets have become a particular problem.
The use of USB Flash Drive in high capacity has made it easy to steal even the most complex business or construction plans in just a few seconds.

A USB Thumbdrive is all that’s required to steal valuable information.

A new study carried out by the German research institute Emnid for the financial services firm KPMG has found that criminal methods are being used more and more often in the ruthless and competitive world of business.

The survey, which took in 375 companies of all sizes, found that around one in three companies had been the victim of business crime. Two thirds of the companies surveyed also expected the level of criminality to rise.

The biggest economic crimes remain fraud, theft, embezzlement and breach of trust, but money-laundering and the forgery of accounts and financial information have all risen since the last survey was carried out in 2006.

Ignorance breeds carelessness

According to KPMG spokesman Frank M. Huelsberg, companies still need to be more aware of how crimes operate. “Despite these alarming results, small and medium-sized companies are particularly prone to underestimate the danger of falling victim to crime,” he said.

Fifty-six percent of the employees surveyed said that their company was less likely to be a victim of economic crime than a major corporation, while 76 percent believe they have made adequate security arrangements.

“Privately- or family-owned companies like to put their trust in their employees. But that makes them vulnerable,” Huelsberg said, “Experience shows that basic security mechanisms are often neglected in such companies.”

Third-party threat

In 62 percent of economic crimes involving small and medium-sized companies, employees conspired with an external third party. This figure is only 40 percent with large companies.

The theft of business or operational secrets is a growing threat, according to the study. A third of small and medium-sized companies have been a victim of such theft, the study said.

“The sale of sensitive information to competitors or criminals is particularly strong in times of economic crisis,” Huelsberg says, “Nowadays even the most complex construction plans fit on a USB stick. Data theft and industrial espionage can be child’s play if security fails, and the loss of sensitive designs or formulas can be fatal for a small, innovation-based company.”

Read the enitre article here on DW.

So what’s the endpoint security forcast for 2010?

January 6th, 2010 by Agent Smith (2) Data Theft & Loss, In The Spotlight, endpoint security

With security journalists complaining about hazy security predictions for 2010, we thought I thought I should get my crystal ball out and share with you what the future holds for the world of Endpoint Security! My predictions are based on what I’ve noticed in the past few years, on recurring issues and generally how things work in the industry. So here goes!

1. The much hyped and awaited US Cybersecurity Czar will spend at least 6 months sorting through inter-agency policies, egos and feeble budgets and only then starting to do some work! The boost the security industry is expecting to come from the authorities interest in cybertheats will continue to lag.

2. The economy is picking up. But slowly and mostly on paper. Security budgets won’t be much increased and cost effectiveness will remain an important factor in selecting security products. Let’s hope it will come into play after the ineffective products are eliminated and not before! Read more

Long live the new Cybersecurity Czar!

December 28th, 2009 by Agent Smith (1) In The Spotlight, endpoint security, security breach

A nice Christmas present wrapped up and delivered to the cybersecurity world. When we all started to doubt there will be a czar appointed in 2009, when all hopes were fading after months and months of delay (the initial announcement was made in May), the Obama administration finally chose Howard Schmidt to fill this position.

Schmidt is also a former member of the Bush administration and will be the leading star of the cybersecurity initiative, although experts fear the position does not come with any real power, says the Dark Reading. A little background info on the new czar:

Schmidt, who most recently served as president and CEO of the international nonprofit Information Security Forum and was previously chief information security officer at eBay and at Microsoft, said in a statement that he looks forward to bringing to the table all stakeholders in efforts to better secure U.S. networks and systems. He will work with the National Security Council and the National Economic Council.

Schmidt will have to settle all differences between the National Security Agency and the Department of Homeland Security, add a side of Deparment of Defense and other federal agencies involved in related projects, and serve a over common and effective US cybersecurity posture. And all this on a not so significant budget and with not so much power over these US security giants. We all wish him best of luck!

One third of federal IT security pros face cyberthreats on a daily basis

November 16th, 2009 by Agent Smith (0) In the News, Research and Studies

If you’re wondering how many cybersecurity threats a federal agency faces on a daily basis, a new survey has the answer to your question. At least one, each day, every day. About a third of the IT professionals employed by federal agencies say they experience at least one cybersecurity incident each day, be it external attack, malware, lost device, inappropriate employee access, or other threat.

When one thinks that of these 31% at least a few work for the same agencies. Threfore the numbers are troubling. The frequency of such problems are at the same level or slightly higher than last year for most survey respondents, and their severity has remained about the same. The top issues of this year are malware (33% of respondents), inappropriate employee activity or network use (25%), managing access for approved remote users (25%), and data encryption (23%).

As most of the participants find a solution to this problem in acquiring new, better performing cybersecurity solutions, and as many agencies already make efforts to buy such technologies, it comes to no surprise that market research firm Input, quoted by DarkReading, says federal cybersecurity spending will increase 48% from USD 7.9 billion this year to USD 11.7 billion in 2014. And the shining stars of this future wave of inestments are a USD 1.5 billion cybersecurity data center currently being developed by the National Security Agency and a cybersecurity operations center recently opened by the Department of Homeland Security.

Obama’s Cybersecurity plan, a resignation marathon

August 29th, 2009 by Agent Smith (0) In The Spotlight, security breach

The White House might have a bright, shiny plan for cybersecurity, but it seems unable to keep the security heads it needs to manage and further implement it. No less than the people holding key positions related to the USA’s cybersecurity have resigned in the past few months.

The trend was started in March by Rod Beckstrom, who at the time resigned from his position as head of the National Cybersecurity Center within the Department of Homeland Security. The said center coordinates the defense of civilian, military, and intelligence networks. The reason for Beckstrom’s resignation? As he stated in a letter quoted by the Register, the post was underfunded and unduly controlled by the National Security Agency.

The next person to announce their resignation was Obama’s top cybersecurity director, Melissa E. Hathway. What led to her decision was the long months of delays by the Obama administration in appointing a permanent director to oversee the safety of the nation’s vital computer networks. As the Register points out, Hathway was one of the best candidates for the “cybersecurity czar” position. The czar would hold the authority for securing networks and infrastructure that serve US banks, hospitals and stock exchanges.

The third and most recent top cat in the US government to go is Mischel Kwon, the head of the US Department of Homeland Security’s Computer Emergency Readiness Team. Washington Post rumor has it that Kwon had grown frustrated by bureaucratic obstacles and a lack of authority to fulfill her mission. And it seems people in her position don’t stick around for too long, she was the fourth US-CERT director in five years.

Hopefully, the critical cybersecurity plan will eventually be implemented, without any further delays and resignations. Let’s keep our fingers crossed!