Endpoint Protector Appliance: Stop data theft on Windows and Mac

Social networks and smartphone users, likely victims of identity fraud

February 23rd, 2012 by Agent Smith (0) Data Theft & Loss,Identity Theft

People who use social networks and smartphones can easily become victims of identity fraud, as shown in the 2012 identity fraud study carried out by Javelin Strategy & Research.

The US number of victims was 13% higher more than 11.6 million adults have fallen pray to identity fraud, yet the average dollar amount stolen in these incidents was about the same as the previous year. Consumers whose personal information has been compromised by corporate data breaches were the most likely victims. Persons who have received notifications of a data breach affecting their personal data are 9.5 times more likely to experience identity fraud than those who did not receive such a notification.

Javelin also tracked users’ online behavior to see its impact on identity fraud. “LinkedIn, Google+, Twitter and Facebook users had the highest incidence of fraud, although there is no proof of direct causation”. The survey also showed users ignore warnings about social networks being heavily used by fraudsters and are still sharing a significant amount of personal information that might be used to steal their identities. One of the examples quoted in the report was business social network LinkedIn where people connect with strangers without reading carefully or paying attention to of what they are really doing.

7% of smartphone users became victims of identity fraud last year, showing a 33% higher incidence rate compared to the general public. A good way to prevent such breaches for smartphone users is to have passwords on the home screen (the study shows 62% of mobile users fail to set one), to block access to information stored on the phone. Another safety measure to prevent identity fraud is to never tick the “remember password” button to save the information on their mobile device (32% users do this). Mobile users should also never accept the invitations of strangers or use the GPS tracking locations.

Law Enforcement Agencies Find New Ways to Fight Cybercrime

February 8th, 2012 by Agent Smith (0) DLP,Research and Studies

Law enforcement agencies worldwide are getting better at catching cybercriminals, scoring some big cybercrime busts and getting better at detecting and investigating data breaches. Officials worldwide detected five times as many breaches in 2011 as in 2010, according to new data in the Trustwave’s 2012 Global Security Report. About 33% of organizations with data breaches discovered the incidents when alerted by law enforcement, up from 7% in 2010. These good results for law enforcement are mostly powered by the work of the U.S. Secret Service, Interpol, the Australian Federal Police, and the U.K.’s Serious Organised Crime Agency (SOCA).

Only 16% of victim organizations detected hacking incidents on their own in 2011, while the other 84% only discovered them when alerted by outside entities, such as law enforcement, regulatory bodies, or a public venue. When analyzing the circumstances of the hacks discovered by third parties, it’s been discovered attackers had been active within the victim organization’s network for an average of 173.5 days before being detected. Read more

Healthcare data breaches on the rise and costing billions

December 2nd, 2011 by Agent Smith (0) Data Theft & Loss,DLP,Research and Studies

Based on the many stories about data breaches reported by organizations in the healthcare industry, from hospitals to insurance companies and other third-party companies that deal with healthcare data, we could have guessed this is not even close to being a top sector when it comes to data security. A new report released by the Ponemon Institute now brings even further insight into the state of the healthcare industry, showing a spike in data breaches of over 30% and average annual costs of 6.5 billion US dollars.

The “2011 Benchmark Study on Patient Privacy and Data Security,” commissioned by IDExperts, idendified employee error to be one of the main cause for data breaches in hospitals and healthcare providers. These types of organizations in the healthcare industry suffered an average of four data breaches in the past year. Nearly 30 percent of healthcare companies said the breaches they suffered resulted in medical identity theft – an over 25 percent increase over 2010. Read more

Database administrators lack proper understanding of security

May 22nd, 2011 by Agent Smith (0) Research and Studies,security breach

A recently published study shows that database administrators don’t fully understand security. According to these fresh findings, database administrators and IT decision-makers in general admit to knowing very little about security issues like change control, patch management, auditing etc. This survey was conducted on 214 Sybase administrators belonging to the International Sybase User Group.

“A majority of respondents admit that there are multiple copies of their production data, but many do not have direct control over the security of this information,” the survey report stated. “Only one out of five take proactive measures to mask or shield this data from prying eyes.”

According to the report’s author, Unisphere Research analyst Joe McKendrick, the ISUG survey is the first released of a series of similar database security surveys being conducted across various database user groups, including those running other platforms such as Oracle and SQL Server. Read more

Employees Couldn’t Care Less about Data Security

June 16th, 2009 by Agent Smith (1) DLP,Research and Studies

More and more employees chose to overlook data security policies put in place by the companies they work for and engage in activities that could easily lead to data breaches, according to the findings of a new Ponemon Institute survey. The risky activities include taking private records with them on unsecured storage devices, downloading personal software on company systems, turning off security settings and networking on social media sites.

Most members of a company’s staff copy classified data to USB drives or turn off security settings on their work laptops. Compared to the Institute’s 2007 findings, the numbers of those ignoring company policies has increased.

Here are some highlights of the survey findings, as presented by PC World:

  • 69 percent of the 967 IT professionals surveyed copied confidential company data to USB sticks
  • those who lost said USB sticks with confidential corporate data on them failed to report it immediately
  • almost 31 percent of respondents engaged in social-networking practices on the Web from work PCs
  • around 53 percent said they downloaded personal software on corporate PCs

Laptop Facial Recognition Takes Hard Blow

Facial recognition is one of the very well known methods employed by biometric security systems. It’s used in different complicated security systems, but also on more day-to-day devices, such as laptops.

A group of white hat security researchers have recently managed to bypass the facial recognition systems employed by several laptops. According to the Register, the laptops that have had their biometric security breached are developed by Lenovo, Asus and Toshiba. The researchers’ team includes and they have also detailed their findings in a presentation called Your Face is NOT your Password during the Blackhat security conference in Washington.

You might wonder if it was hard to breach the facial recognition systems. The team responsible for this breaches used images of laptop owners or photoshopped images:

Nguyen and his team created a large number of images to run what they described a “fake face bruteforce” attack to fool the systems, which in fairness are still in their infancy, into allowing a log-on. The approach can be compared to trying out a huge number of possible text passwords until the right combination is stumbled upon as part of a conventional brute-force dictionary attack.

While trying to find a practical security use for biometric traits, the developers at Lenovo, Asus and Toshiba should reconsider the efficiency of their facial recognition software. We admire the fact that they lead research and implementation in the field, but we’d appreciate safer systems more :)

US Data Breach Cost Up, Response Cost Down

According to a  recent Ponemon Institute study, the costs of data breaches rose in the USA to $6.6 million per incident in 2008, although companies put increased efforts in better handling such incidents.

The study, funded by data security firm PGP Corp. and quoted by Security Focus, analyzed data breaches experienced by 43 US-based companies from 17 different industry sectors. The breaches involved a number of records ranging from about 4,200 to more than 113,000. The findings showed the average costs of data breaches are about 2.5 percent higher in 2008, amounting to $202 per record, up from $197 per record in 2007 and $182 per record in 2006. An average breach would require a company to spend $6.6 million in 2008, up from $6.3 million in 2007 and $4.7 million in 20006.

To calculate the total cost of a data breach, the institute added the costs of detecting and responding to the loss of data, legal and administrative expenses, customer defections and opportunity loss. The response costs decrease was a result of businesses learning how to cost effectively handle such incidents:

While legal fees and customer losses moved breach costs higher, companies reduced the costs of dealing with breaches, signaling that firms and their third-party providers are becoming more cost effective in responding to data breaches, the Ponemon Institute stated in the report.