Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

4/29/2011
02:37 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

IronKey: U.K Organisations Fearful Of Organized Cybercrime

30 percent suffered one or more attacks in the past 12 months resulting in theft of data or money

London, UK, 19 April 2011 – IronKey, the leader in securing data and online access, today announced the results of a survey of IT security professionals working at UK based organisations including, Lloyds Banking Group, HP, Fujitsu, Siemens, Worcester County Council and Cleveland Police.

While 31 per cent of respondents revealed suffering at least one cyber attack in the last 12 months, 45 per cent believed their organisation is a target of organised cyber crime which could result in the theft of data or money or sabotage.

“Unfortunately the results of our research don’t really come as a shock, as the past 12 months have seen some of the biggest and most successful cyber attacks our industry has ever witnessed,” said Dave Jevans, founder and chairman of IronKey and the Anti-Phishing Working Group. “However, the numbers of those who know they’ve been attacked and those fearful are dangerously similar. For many, not knowing will lead to painful realities. Just ask 31 per cent of our survey.”

When asked about the significant information security threat facing their organisation today, 54 per cent of respondents highlighted accidental data leakage by staff, contractors or vendors as the biggest threat. The past five years of highly publicised data breaches and the power of the Information Commissioner’s Office (ICO) to levy £500,000 have gained the attention of organisations. In contrast, only 10 per cent fear external attack on networks and systems and only 13 per cent see Trojans that steal data, money, or sabotage systems as a significant threat to their organisation.

The survey was conducted at the same time major breaches at security and third party outsourcers rocked the IT world. However the survey results highlighted a lack of clarity from respondents in terms of who should be held accountable should their organisation fall victim to cyber crime, with respondents split between CIO/Hof IT 26.1 per cent, CISO/Hof IT Security 27 per cent and CEO/MD 27 per cent.

While 44 per cent of respondents believed an untrusted desktop or laptop is the most vulnerable location for an advance persistent threat (APT) attack, it appears respondents prefer traditional methods, such as end user education (44 per cent) or anti-virus (29 per cent), as opposed to technology that isolates user and data from threats (19 per cent), as the most effective tool to prevent APT attacks.

“Unfortunately, end user education and anti-virus were all in place at organisations that suffered painful losses as a result of APT attacks. Doing the same thing over and over won’t make the problem go away – criminals are only more encouraged,” commented Jevans. “As an industry, we need to shift away from trying to be all knowing and detecting threats we can’t know about until they happen. Instead, we need to isolate users of sensitive data and transactions away from the problem.”

As a result of cyber crime, British business is estimated to be losing £20bn a year. As well, targeted attacks on the global energy industry as part of the Night Dragon attacks, the major breach of infrastructure at RSA, compromise of digital certificate issuance at Comodo, and theft of millions of customer records from Epsilon show that cyber crime is all too real and any organisation is a potential target.

IronKey also announced the upcoming availability of IronKey Trusted Access for Banking 2.7. The updated version addresses the continuing needs of banks to isolate customers from the growing threat of crimeware and online account takeovers. The new update includes IronKey’s keylogging protection that blocks the capture of user credentials, one-time passcodes (OTP), challenge questions, and other sensitive data criminals can easily steal otherwise. And in response to bank interest in building new revenue streams by offering Trusted Access protection for clients banking with competing institutions, Trusted Access will allow banks to provide clients with quick access to multiple banking sites. Banks can provide the same level of protection with Trusted Access to clients even if banking on a competitor’s site.

At Infosecurity Europe 2011, IronKey will be demonstrating how Trusted Access combats the growing threat of banking cyber-crime. Unlike previous approaches to preventing online banking fraud, Trusted Access for Banking isolates users from crimeware. Trusted Access for Banking meets guidelines for safe online banking established by NACHA and the FBI, and as described in draft FFIEC 2011 Online Banking Guidelines.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-36289
PUBLISHED: 2021-05-12
Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the QueryComponentRendererValue!Default.jspa endpoint. The affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and fro...
CVE-2021-32606
PUBLISHED: 2021-05-11
In the Linux kernel 5.11 through 5.12.2, isotp_setsockopt in net/can/isotp.c allows privilege escalation to root by leveraging a use-after-free. (This does not affect earlier versions that lack CAN ISOTP SF_BROADCAST support.)
CVE-2021-3504
PUBLISHED: 2021-05-11
A flaw was found in the hivex library in versions before 1.3.20. It is caused due to a lack of bounds check within the hivex_open function. An attacker could input a specially crafted Windows Registry (hive) file which would cause hivex to read memory beyond its normal bounds or cause the program to...
CVE-2021-20309
PUBLISHED: 2021-05-11
A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to ...
CVE-2021-20310
PUBLISHED: 2021-05-11
A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero ConvertXYZToJzazbz() of MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this...