Attacks/Breaches
10/18/2010
08:53 PM
50%
50%

Electronic Theft Costs Businesses More Than Physical Theft

Phishing is the top information theft threat to U.S. companies, according to a Kroll survey that found physical property fall behind information thievery for the first time in its four-year history.

Strategic Security Survey: Global Threat, Local Pain
Strategic Security Survey: Global Threat, Local Pain
(click image for larger view and for full slideshow)
Companies in North American face relatively low levels of fraud, except in one area: information theft or attack. Indeed, related fraud over the past year rose from 22% to 32%, compared to a global average of 27% reporting that they'd suffered information theft.

Those findings come from a new global fraud report commissioned by Kroll and conducted by the Economist Intelligence Unit. More than 800 senior executives worldwide were polled.

The survey also found that the top techniques used for information theft against U.S. companies were phishing (26%) and technology or tools (19%). In addition, said Kroll, "26% of those surveyed cited the complexity of IT infrastructure as the leading cause of increased fraud exposure."

According to Kroll, 2010 marked the first time the annual survey -- now in its fourth year -- found more companies had suffered information theft than theft of physical property. Of the 10 industries surveyed, Kroll said that the companies most at risk from information theft or attacks operated in the financial services, professional services or natural resources sectors.

Unfortunately, executives and corporate boards in numerous industries don't appear to be taking appropriate measures. In a year in which even Google has been hacked, only one-third of respondents to the Kroll survey thought their organization was moderately or highly vulnerable to information theft. Notably, overall investment in information security by businesses declined from 2009 to 2010.

In addition, companies also think they're relatively immune to fraud, and report low levels of exposure to corruption (7%) and market collusion (4%). Yet, only 42% of U.S. survey respondents correctly identified the fact that the U.S. Foreign Corrupt Practices Act (FCPA) applies to their company, while 44% didn't know, and 14% believed they were exempt.

Kroll said that businesses must take a more proactive security and anti-fraud stance to help offset the overall rise in fraud, including information theft. "North American companies currently enjoy a relatively benign fraud environment. They will need to address growing risks, especially in information security, to keep things that way."

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Five Emerging Security Threats - And What You Can Learn From Them
At Black Hat USA, researchers unveiled some nasty vulnerabilities. Is your organization ready?
Flash Poll
Dark Reading Strategic Security Report: The Impact of Enterprise Data Breaches
Dark Reading Strategic Security Report: The Impact of Enterprise Data Breaches
Social engineering, ransomware, and other sophisticated exploits are leading to new IT security compromises every day. Dark Reading's 2016 Strategic Security Survey polled 300 IT and security professionals to get information on breach incidents, the fallout they caused, and how recent events are shaping preparations for inevitable attacks in the coming year. Download this report to get a look at data from the survey and to find out what a breach might mean for your organization.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Security researchers are finding that there's a growing market for the vulnerabilities they discover and persistent conundrum as to the right way to disclose them. Dark Reading editors will speak to experts -- Veracode CTO and co-founder Chris Wysopal and HackerOne co-founder and CTO Alex Rice -- about bug bounties and the expanding market for zero-day security vulnerabilities.