Attacks/Breaches
10/18/2010
08:53 PM
50%
50%

Electronic Theft Costs Businesses More Than Physical Theft

Phishing is the top information theft threat to U.S. companies, according to a Kroll survey that found physical property fall behind information thievery for the first time in its four-year history.

Strategic Security Survey: Global Threat, Local Pain
Strategic Security Survey: Global Threat, Local Pain
(click image for larger view and for full slideshow)
Companies in North American face relatively low levels of fraud, except in one area: information theft or attack. Indeed, related fraud over the past year rose from 22% to 32%, compared to a global average of 27% reporting that they'd suffered information theft.

Those findings come from a new global fraud report commissioned by Kroll and conducted by the Economist Intelligence Unit. More than 800 senior executives worldwide were polled.

The survey also found that the top techniques used for information theft against U.S. companies were phishing (26%) and technology or tools (19%). In addition, said Kroll, "26% of those surveyed cited the complexity of IT infrastructure as the leading cause of increased fraud exposure."

According to Kroll, 2010 marked the first time the annual survey -- now in its fourth year -- found more companies had suffered information theft than theft of physical property. Of the 10 industries surveyed, Kroll said that the companies most at risk from information theft or attacks operated in the financial services, professional services or natural resources sectors.

Unfortunately, executives and corporate boards in numerous industries don't appear to be taking appropriate measures. In a year in which even Google has been hacked, only one-third of respondents to the Kroll survey thought their organization was moderately or highly vulnerable to information theft. Notably, overall investment in information security by businesses declined from 2009 to 2010.

In addition, companies also think they're relatively immune to fraud, and report low levels of exposure to corruption (7%) and market collusion (4%). Yet, only 42% of U.S. survey respondents correctly identified the fact that the U.S. Foreign Corrupt Practices Act (FCPA) applies to their company, while 44% didn't know, and 14% believed they were exempt.

Kroll said that businesses must take a more proactive security and anti-fraud stance to help offset the overall rise in fraud, including information theft. "North American companies currently enjoy a relatively benign fraud environment. They will need to address growing risks, especially in information security, to keep things that way."

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-7286
Published: 2014-12-22
Buffer overflow in AClient in Symantec Deployment Solution 6.9 and earlier on Windows XP and Server 2003 allows local users to gain privileges via unspecified vectors.

CVE-2014-8896
Published: 2014-12-22
The Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1 allows remote authenticated users to modify ...

CVE-2014-8897
Published: 2014-12-22
Cross-site scripting (XSS) vulnerability in the Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1 ...

CVE-2014-8898
Published: 2014-12-22
Cross-site scripting (XSS) vulnerability in the Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1 ...

CVE-2014-8899
Published: 2014-12-22
Cross-site scripting (XSS) vulnerability in the Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1 ...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.