Attacks/Breaches
10/18/2010
08:53 PM
50%
50%

Electronic Theft Costs Businesses More Than Physical Theft

Phishing is the top information theft threat to U.S. companies, according to a Kroll survey that found physical property fall behind information thievery for the first time in its four-year history.

Strategic Security Survey: Global Threat, Local Pain
Strategic Security Survey: Global Threat, Local Pain
(click image for larger view and for full slideshow)
Companies in North American face relatively low levels of fraud, except in one area: information theft or attack. Indeed, related fraud over the past year rose from 22% to 32%, compared to a global average of 27% reporting that they'd suffered information theft.

Those findings come from a new global fraud report commissioned by Kroll and conducted by the Economist Intelligence Unit. More than 800 senior executives worldwide were polled.

The survey also found that the top techniques used for information theft against U.S. companies were phishing (26%) and technology or tools (19%). In addition, said Kroll, "26% of those surveyed cited the complexity of IT infrastructure as the leading cause of increased fraud exposure."

According to Kroll, 2010 marked the first time the annual survey -- now in its fourth year -- found more companies had suffered information theft than theft of physical property. Of the 10 industries surveyed, Kroll said that the companies most at risk from information theft or attacks operated in the financial services, professional services or natural resources sectors.

Unfortunately, executives and corporate boards in numerous industries don't appear to be taking appropriate measures. In a year in which even Google has been hacked, only one-third of respondents to the Kroll survey thought their organization was moderately or highly vulnerable to information theft. Notably, overall investment in information security by businesses declined from 2009 to 2010.

In addition, companies also think they're relatively immune to fraud, and report low levels of exposure to corruption (7%) and market collusion (4%). Yet, only 42% of U.S. survey respondents correctly identified the fact that the U.S. Foreign Corrupt Practices Act (FCPA) applies to their company, while 44% didn't know, and 14% believed they were exempt.

Kroll said that businesses must take a more proactive security and anti-fraud stance to help offset the overall rise in fraud, including information theft. "North American companies currently enjoy a relatively benign fraud environment. They will need to address growing risks, especially in information security, to keep things that way."

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-5208
Published: 2014-12-22
BKBCopyD.exe in the Batch Management Packages in Yokogawa CENTUM CS 3000 through R3.09.50 and CENTUM VP through R4.03.00 and R5.x through R5.04.00, and Exaopc through R3.72.10, does not require authentication, which allows remote attackers to read arbitrary files via a RETR operation, write to arbit...

CVE-2014-7286
Published: 2014-12-22
Buffer overflow in AClient in Symantec Deployment Solution 6.9 and earlier on Windows XP and Server 2003 allows local users to gain privileges via unspecified vectors.

CVE-2014-8015
Published: 2014-12-22
The Sponsor Portal in Cisco Identity Services Engine (ISE) allows remote authenticated users to obtain access to an arbitrary sponsor's guest account via a modified HTTP request, aka Bug ID CSCur64400.

CVE-2014-8017
Published: 2014-12-22
The periodic-backup feature in Cisco Identity Services Engine (ISE) allows remote attackers to discover backup-encryption passwords via a crafted request that triggers inclusion of a password in a reply, aka Bug ID CSCur41673.

CVE-2014-8018
Published: 2014-12-22
Multiple cross-site scripting (XSS) vulnerabilities in Business Voice Services Manager (BVSM) pages in the Application Software in Cisco Unified Communications Domain Manager 8 allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCur19651, CSCur18555, CSCur1...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.