08:53 PM

Electronic Theft Costs Businesses More Than Physical Theft

Phishing is the top information theft threat to U.S. companies, according to a Kroll survey that found physical property fall behind information thievery for the first time in its four-year history.

Strategic Security Survey: Global Threat, Local Pain
Strategic Security Survey: Global Threat, Local Pain
(click image for larger view and for full slideshow)
Companies in North American face relatively low levels of fraud, except in one area: information theft or attack. Indeed, related fraud over the past year rose from 22% to 32%, compared to a global average of 27% reporting that they'd suffered information theft.

Those findings come from a new global fraud report commissioned by Kroll and conducted by the Economist Intelligence Unit. More than 800 senior executives worldwide were polled.

The survey also found that the top techniques used for information theft against U.S. companies were phishing (26%) and technology or tools (19%). In addition, said Kroll, "26% of those surveyed cited the complexity of IT infrastructure as the leading cause of increased fraud exposure."

According to Kroll, 2010 marked the first time the annual survey -- now in its fourth year -- found more companies had suffered information theft than theft of physical property. Of the 10 industries surveyed, Kroll said that the companies most at risk from information theft or attacks operated in the financial services, professional services or natural resources sectors.

Unfortunately, executives and corporate boards in numerous industries don't appear to be taking appropriate measures. In a year in which even Google has been hacked, only one-third of respondents to the Kroll survey thought their organization was moderately or highly vulnerable to information theft. Notably, overall investment in information security by businesses declined from 2009 to 2010.

In addition, companies also think they're relatively immune to fraud, and report low levels of exposure to corruption (7%) and market collusion (4%). Yet, only 42% of U.S. survey respondents correctly identified the fact that the U.S. Foreign Corrupt Practices Act (FCPA) applies to their company, while 44% didn't know, and 14% believed they were exempt.

Kroll said that businesses must take a more proactive security and anti-fraud stance to help offset the overall rise in fraud, including information theft. "North American companies currently enjoy a relatively benign fraud environment. They will need to address growing risks, especially in information security, to keep things that way."

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Current Issue
Dark Reading Tech Digest September 7, 2015
Some security flaws go beyond simple app vulnerabilities. Have you checked for these?
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-02
Buffer overflow in Canary Labs Trend Web Server before 9.5.2 allows remote attackers to execute arbitrary code via a crafted TCP packet.

Published: 2015-10-02
Cisco NX-OS 6.0(2)U6(0.46) on N3K devices allows remote authenticated users to cause a denial of service (temporary SNMP outage) via an SNMP request for an OID that does not exist, aka Bug ID CSCuw36684.

Published: 2015-10-02
Cisco Email Security Appliance (ESA) 8.5.6-106 and 9.6.0-042 allows remote authenticated users to cause a denial of service (file-descriptor consumption and device reload) via crafted HTTP requests, aka Bug ID CSCuw32211.

Published: 2015-10-01
lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a (1) mount target or (2) bind mount source.

Published: 2015-10-01
kernel_crashdump in Apport before 2.19 allows local users to cause a denial of service (disk consumption) or possibly gain privileges via a (1) symlink or (2) hard link attack on /var/crash/vmcore.log.

Dark Reading Radio
Archived Dark Reading Radio
What can the information security industry do to solve the IoT security problem? Learn more and join the conversation on the next episode of Dark Reading Radio.