Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

4/26/2011
05:00 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

IronKey Announces Trusted Access For Banking v2.7

Update extends IronKey’s keylogging protection

London, UK, 19 April 2011 – IronKey, the leader in securing data and online access, today announced the results of a survey of IT security professionals working at UK based organisations including, Lloyds Banking Group, HP, Fujitsu, Siemens, Worcester County Council and Cleveland Police.

While 31 per cent of respondents revealed suffering at least one cyber attack in the last 12 months, 45 per cent believed their organisation is a target of organised cyber crime which could result in the theft of data or money or sabotage.

“Unfortunately the results of our research don’t really come as a shock, as the past 12 months have seen some of the biggest and most successful cyber attacks our industry has ever witnessed,” said Dave Jevans, founder and chairman of IronKey and the Anti-Phishing Working Group. “However, the numbers of those who know they’ve been attacked and those fearful are dangerously similar. For many, not knowing will lead to painful realities. Just ask 31 per cent of our survey.”

When asked about the significant information security threat facing their organisation today, 54 per cent of respondents highlighted accidental data leakage by staff, contractors or vendors as the biggest threat. The past five years of highly publicised data breaches and the power of the Information Commissioner’s Office (ICO) to levy £500,000 have gained the attention of organisations. In contrast, only 10 per cent fear external attack on networks and systems and only 13 per cent see Trojans that steal data, money, or sabotage systems as a significant threat to their organisation.

The survey was conducted at the same time major breaches at security and third party outsourcers rocked the IT world. However the survey results highlighted a lack of clarity from respondents in terms of who should be held accountable should their organisation fall victim to cyber crime, with respondents split between CIO/Hof IT 26.1 per cent, CISO/Hof IT Security 27 per cent and CEO/MD 27 per cent.

While 44 per cent of respondents believed an untrusted desktop or laptop is the most vulnerable location for an advance persistent threat (APT) attack, it appears respondents prefer traditional methods, such as end user education (44 per cent) or anti-virus (29 per cent), as opposed to technology that isolates user and data from threats (19 per cent), as the most effective tool to prevent APT attacks.

“Unfortunately, end user education and anti-virus were all in place at organisations that suffered painful losses as a result of APT attacks. Doing the same thing over and over won’t make the problem go away – criminals are only more encouraged,” commented Jevans. “As an industry, we need to shift away from trying to be all knowing and detecting threats we can’t know about until they happen. Instead, we need to isolate users of sensitive data and transactions away from the problem.”

As a result of cyber crime, British business is estimated to be losing £20bn a year. As well, targeted attacks on the global energy industry as part of the Night Dragon attacks, the major breach of infrastructure at RSA, compromise of digital certificate issuance at Comodo, and theft of millions of customer records from Epsilon show that cyber crime is all too real and any organisation is a potential target.

IronKey also announced the upcoming availability of IronKey Trusted Access for Banking 2.7. The updated version addresses the continuing needs of banks to isolate customers from the growing threat of crimeware and online account takeovers. The new update includes IronKey’s keylogging protection that blocks the capture of user credentials, one-time passcodes (OTP), challenge questions, and other sensitive data criminals can easily steal otherwise. And in response to bank interest in building new revenue streams by offering Trusted Access protection for clients banking with competing institutions, Trusted Access will allow banks to provide clients with quick access to multiple banking sites. Banks can provide the same level of protection with Trusted Access to clients even if banking on a competitor’s site.

At Infosecurity Europe 2011, IronKey will be demonstrating how Trusted Access combats the growing threat of banking cyber-crime. Unlike previous approaches to preventing online banking fraud, Trusted Access for Banking isolates users from crimeware. Trusted Access for Banking meets guidelines for safe online banking established by NACHA and the FBI, and as described in draft FFIEC 2011 Online Banking Guidelines.

Notes to Editors

Sample size: Survey results based on IT security professionals working at 120 UK based private and public organisations

Total number of employees working within surveyed organisations

o 1-99 31.3% o 100-999 18.3% o 1000-4999 20.0% o 5,000 – to 9,999 13.0% o 10,000 or more 17.4%

Resources

“Protecting Online Banking Customers from Evolving Cyber Crime Threats,” a 20-minute online webcast from IronKey, can help you understand the risks facing anyone using a PC for online banking and why anti-virus software and firewalls and other conventional safeguards are not able to stop these attacks. The webcast explains the latest bank phishing attacks, the ZeuS Trojan and SpyEye, the "mule" economy and dozens of other topics relevant to understanding and fighting this serious crime wave.

“Trusted Access Guided Demonstration” provides a complete product demonstration and example attacks. Presented by Kapil Raina, senior product manager at IronKey, the demonstration also shows how banks can easily issue and manage Trusted Access.

About IronKey

Ranked as the 14th best venture-funded company in The Wall Street Journal's "Next Big Thing 2011" survey, IronKey secures data and online access for individuals, enterprises, and governments. IronKey solutions protect remote workers from the threats of data loss, compromise of passwords, and computers infected by malicious software and crimeware. IronKey multi-function devices connect to a computer's USB port and are easy to manage with the IronKey management service. This allows users to securely carry sensitive corporate data, strongly authenticate to VPNs and corporate networks and isolate online banking customers from Advanced Persistent Threat attacks. IronKey customers include Fortune 500 companies, healthcare providers, financial institutions and government agencies around the world. Trusted Access for Banking has also won numerous awards such as ‘FutureNow 2010 Top 5’ from Bank Technology News. Visit www.IronKey.com for more information.

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Google's new See No Evil policy......
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-24368
PUBLISHED: 2021-06-20
The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin WordPress plugin before 7.1.18 did not sanitise or escape its result_id parameter when displaying an existing quiz result page, leading to a reflected Cross-Site Scripting issue. This c...
CVE-2021-31664
PUBLISHED: 2021-06-18
RIOT-OS 2021.01 before commit 44741ff99f7a71df45420635b238b9c22093647a contains a buffer overflow which could allow attackers to obtain sensitive information.
CVE-2021-33185
PUBLISHED: 2021-06-18
SerenityOS contains a buffer overflow in the set_range test in TestBitmap which could allow attackers to obtain sensitive information.
CVE-2021-33186
PUBLISHED: 2021-06-18
SerenityOS in test-crypto.cpp contains a stack buffer overflow which could allow attackers to obtain sensitive information.
CVE-2021-31272
PUBLISHED: 2021-06-18
SerenityOS before commit 3844e8569689dd476064a0759d704bc64fb3ca2c contains a directory traversal vulnerability in tar/unzip that may lead to command execution or privilege escalation.