Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

4/29/2011
02:37 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

IronKey: U.K Organisations Fearful Of Organized Cybercrime

30 percent suffered one or more attacks in the past 12 months resulting in theft of data or money

London, UK, 19 April 2011 – IronKey, the leader in securing data and online access, today announced the results of a survey of IT security professionals working at UK based organisations including, Lloyds Banking Group, HP, Fujitsu, Siemens, Worcester County Council and Cleveland Police.

While 31 per cent of respondents revealed suffering at least one cyber attack in the last 12 months, 45 per cent believed their organisation is a target of organised cyber crime which could result in the theft of data or money or sabotage.

“Unfortunately the results of our research don’t really come as a shock, as the past 12 months have seen some of the biggest and most successful cyber attacks our industry has ever witnessed,” said Dave Jevans, founder and chairman of IronKey and the Anti-Phishing Working Group. “However, the numbers of those who know they’ve been attacked and those fearful are dangerously similar. For many, not knowing will lead to painful realities. Just ask 31 per cent of our survey.”

When asked about the significant information security threat facing their organisation today, 54 per cent of respondents highlighted accidental data leakage by staff, contractors or vendors as the biggest threat. The past five years of highly publicised data breaches and the power of the Information Commissioner’s Office (ICO) to levy £500,000 have gained the attention of organisations. In contrast, only 10 per cent fear external attack on networks and systems and only 13 per cent see Trojans that steal data, money, or sabotage systems as a significant threat to their organisation.

The survey was conducted at the same time major breaches at security and third party outsourcers rocked the IT world. However the survey results highlighted a lack of clarity from respondents in terms of who should be held accountable should their organisation fall victim to cyber crime, with respondents split between CIO/Hof IT 26.1 per cent, CISO/Hof IT Security 27 per cent and CEO/MD 27 per cent.

While 44 per cent of respondents believed an untrusted desktop or laptop is the most vulnerable location for an advance persistent threat (APT) attack, it appears respondents prefer traditional methods, such as end user education (44 per cent) or anti-virus (29 per cent), as opposed to technology that isolates user and data from threats (19 per cent), as the most effective tool to prevent APT attacks.

“Unfortunately, end user education and anti-virus were all in place at organisations that suffered painful losses as a result of APT attacks. Doing the same thing over and over won’t make the problem go away – criminals are only more encouraged,” commented Jevans. “As an industry, we need to shift away from trying to be all knowing and detecting threats we can’t know about until they happen. Instead, we need to isolate users of sensitive data and transactions away from the problem.”

As a result of cyber crime, British business is estimated to be losing £20bn a year. As well, targeted attacks on the global energy industry as part of the Night Dragon attacks, the major breach of infrastructure at RSA, compromise of digital certificate issuance at Comodo, and theft of millions of customer records from Epsilon show that cyber crime is all too real and any organisation is a potential target.

IronKey also announced the upcoming availability of IronKey Trusted Access for Banking 2.7. The updated version addresses the continuing needs of banks to isolate customers from the growing threat of crimeware and online account takeovers. The new update includes IronKey’s keylogging protection that blocks the capture of user credentials, one-time passcodes (OTP), challenge questions, and other sensitive data criminals can easily steal otherwise. And in response to bank interest in building new revenue streams by offering Trusted Access protection for clients banking with competing institutions, Trusted Access will allow banks to provide clients with quick access to multiple banking sites. Banks can provide the same level of protection with Trusted Access to clients even if banking on a competitor’s site.

At Infosecurity Europe 2011, IronKey will be demonstrating how Trusted Access combats the growing threat of banking cyber-crime. Unlike previous approaches to preventing online banking fraud, Trusted Access for Banking isolates users from crimeware. Trusted Access for Banking meets guidelines for safe online banking established by NACHA and the FBI, and as described in draft FFIEC 2011 Online Banking Guidelines.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 11/19/2020
New Proposed DNS Security Features Released
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/19/2020
How to Identify Cobalt Strike on Your Network
Zohar Buber, Security Analyst,  11/18/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: A GONG is as good as a cyber attack.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5641
PUBLISHED: 2020-11-24
Cross-site request forgery (CSRF) vulnerability in GS108Ev3 firmware version 2.06.10 and earlier allows remote attackers to hijack the authentication of administrators and the product's settings may be changed without the user's intention or consent via unspecified vectors.
CVE-2020-5674
PUBLISHED: 2020-11-24
Untrusted search path vulnerability in the installers of multiple SEIKO EPSON products allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2020-29002
PUBLISHED: 2020-11-24
includes/CologneBlueTemplate.php in the CologneBlue skin for MediaWiki through 1.35 allows XSS via a qbfind message supplied by an administrator.
CVE-2020-29003
PUBLISHED: 2020-11-24
The PollNY extension for MediaWiki through 1.35 allows XSS via an answer option for a poll question, entered during Special:CreatePoll or Special:UpdatePoll.
CVE-2020-26890
PUBLISHED: 2020-11-24
Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member events, allowing remote attackers to execute a denial of service attack against the federation and common Matrix clients. If such a malformed event is accepted into the r...