Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

4/26/2011
05:00 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

IronKey Announces Trusted Access For Banking v2.7

Update extends IronKey’s keylogging protection

London, UK, 19 April 2011 – IronKey, the leader in securing data and online access, today announced the results of a survey of IT security professionals working at UK based organisations including, Lloyds Banking Group, HP, Fujitsu, Siemens, Worcester County Council and Cleveland Police.

While 31 per cent of respondents revealed suffering at least one cyber attack in the last 12 months, 45 per cent believed their organisation is a target of organised cyber crime which could result in the theft of data or money or sabotage.

“Unfortunately the results of our research don’t really come as a shock, as the past 12 months have seen some of the biggest and most successful cyber attacks our industry has ever witnessed,” said Dave Jevans, founder and chairman of IronKey and the Anti-Phishing Working Group. “However, the numbers of those who know they’ve been attacked and those fearful are dangerously similar. For many, not knowing will lead to painful realities. Just ask 31 per cent of our survey.”

When asked about the significant information security threat facing their organisation today, 54 per cent of respondents highlighted accidental data leakage by staff, contractors or vendors as the biggest threat. The past five years of highly publicised data breaches and the power of the Information Commissioner’s Office (ICO) to levy £500,000 have gained the attention of organisations. In contrast, only 10 per cent fear external attack on networks and systems and only 13 per cent see Trojans that steal data, money, or sabotage systems as a significant threat to their organisation.

The survey was conducted at the same time major breaches at security and third party outsourcers rocked the IT world. However the survey results highlighted a lack of clarity from respondents in terms of who should be held accountable should their organisation fall victim to cyber crime, with respondents split between CIO/Hof IT 26.1 per cent, CISO/Hof IT Security 27 per cent and CEO/MD 27 per cent.

While 44 per cent of respondents believed an untrusted desktop or laptop is the most vulnerable location for an advance persistent threat (APT) attack, it appears respondents prefer traditional methods, such as end user education (44 per cent) or anti-virus (29 per cent), as opposed to technology that isolates user and data from threats (19 per cent), as the most effective tool to prevent APT attacks.

“Unfortunately, end user education and anti-virus were all in place at organisations that suffered painful losses as a result of APT attacks. Doing the same thing over and over won’t make the problem go away – criminals are only more encouraged,” commented Jevans. “As an industry, we need to shift away from trying to be all knowing and detecting threats we can’t know about until they happen. Instead, we need to isolate users of sensitive data and transactions away from the problem.”

As a result of cyber crime, British business is estimated to be losing £20bn a year. As well, targeted attacks on the global energy industry as part of the Night Dragon attacks, the major breach of infrastructure at RSA, compromise of digital certificate issuance at Comodo, and theft of millions of customer records from Epsilon show that cyber crime is all too real and any organisation is a potential target.

IronKey also announced the upcoming availability of IronKey Trusted Access for Banking 2.7. The updated version addresses the continuing needs of banks to isolate customers from the growing threat of crimeware and online account takeovers. The new update includes IronKey’s keylogging protection that blocks the capture of user credentials, one-time passcodes (OTP), challenge questions, and other sensitive data criminals can easily steal otherwise. And in response to bank interest in building new revenue streams by offering Trusted Access protection for clients banking with competing institutions, Trusted Access will allow banks to provide clients with quick access to multiple banking sites. Banks can provide the same level of protection with Trusted Access to clients even if banking on a competitor’s site.

At Infosecurity Europe 2011, IronKey will be demonstrating how Trusted Access combats the growing threat of banking cyber-crime. Unlike previous approaches to preventing online banking fraud, Trusted Access for Banking isolates users from crimeware. Trusted Access for Banking meets guidelines for safe online banking established by NACHA and the FBI, and as described in draft FFIEC 2011 Online Banking Guidelines.

Notes to Editors

Sample size: Survey results based on IT security professionals working at 120 UK based private and public organisations

Total number of employees working within surveyed organisations

o 1-99 31.3% o 100-999 18.3% o 1000-4999 20.0% o 5,000 – to 9,999 13.0% o 10,000 or more 17.4%

Resources

“Protecting Online Banking Customers from Evolving Cyber Crime Threats,” a 20-minute online webcast from IronKey, can help you understand the risks facing anyone using a PC for online banking and why anti-virus software and firewalls and other conventional safeguards are not able to stop these attacks. The webcast explains the latest bank phishing attacks, the ZeuS Trojan and SpyEye, the "mule" economy and dozens of other topics relevant to understanding and fighting this serious crime wave.

“Trusted Access Guided Demonstration” provides a complete product demonstration and example attacks. Presented by Kapil Raina, senior product manager at IronKey, the demonstration also shows how banks can easily issue and manage Trusted Access.

About IronKey

Ranked as the 14th best venture-funded company in The Wall Street Journal's "Next Big Thing 2011" survey, IronKey secures data and online access for individuals, enterprises, and governments. IronKey solutions protect remote workers from the threats of data loss, compromise of passwords, and computers infected by malicious software and crimeware. IronKey multi-function devices connect to a computer's USB port and are easy to manage with the IronKey management service. This allows users to securely carry sensitive corporate data, strongly authenticate to VPNs and corporate networks and isolate online banking customers from Advanced Persistent Threat attacks. IronKey customers include Fortune 500 companies, healthcare providers, financial institutions and government agencies around the world. Trusted Access for Banking has also won numerous awards such as ‘FutureNow 2010 Top 5’ from Bank Technology News. Visit www.IronKey.com for more information.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Manchester United Suffers Cyberattack
Dark Reading Staff 11/23/2020
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing Writer,  11/23/2020
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27218
PUBLISHED: 2020-11-28
In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is ...
CVE-2020-29367
PUBLISHED: 2020-11-27
blosc2.c in Blosc C-Blosc2 through 2.0.0.beta.5 has a heap-based buffer overflow when there is a lack of space to write compressed data.
CVE-2020-26245
PUBLISHED: 2020-11-27
npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection. The issue was fixed with a rewrite of shell sanitations to avoid prototyper pollution problems. The issue is fixed in version 4.30.5. If you cannot upgrade, be sure to check or sani...
CVE-2017-15682
PUBLISHED: 2020-11-27
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to inject malicious JavaScript code resulting in a stored/blind XSS in the admin panel.
CVE-2017-15683
PUBLISHED: 2020-11-27
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.