Blog Posts: Information Security
According to a recent study published by the Ponemon Institute, combating insider fraud and the growing threat it poses to intellectual property and corporate security should be a higher priority for employers. "Insider fraud" includes malicious or criminal attacks on business or governmental organizations — by employees and contractors — that result in the theft of financial or information assets. Even employees' casual misuse or mishandling of data may have severe consequences for companies.
A United States security firm, Mandiant Corp., recently released a report linking China’s military to a hacking ring that stole massive amounts of information from roughly 141 U.S. and foreign entities, including military contractors, government agencies, law firms and corporations. Mandiant traced the attacks to a building in Shanghai run by a Chinese military unit, but China has vehemently denied the report’s findings.
Technology increases efficiency and productivity by allowing instant access and transfer of electronic data. And yet, unlike its physical counterpart, electronic data is vulnerable to attack from anywhere in the world. As the use of social media, cloud computing and mobile-device technology increases, so does the level of related security threats. Consequently, businesses are constantly threatened with cybercrime, privacy breaches, theft of intellectual property and business interruption, all of which compromise competitiveness and productivity.
A recent survey conducted by the National Cyber Security Alliance and Symantec, a computer security software provider, reveals that many small and medium-size businesses (SMBs) in the U.S. are inadequately prepared to deal with threats to cyber security. Out of 1,015 SMBs surveyed, 77% of owners believed cyber threats posed no risk to their company, while 83% did not have a formal plan in place to address such threats. Furthermore, 59% of SMBs did not have a contingency plan in place to deal with data loss from a cyber attack.
The Department of Justice recently announced that two Romanian hackers pleaded guilty to conspiracy charges for stealing credit, debit and payment-account data from hundreds of U.S. merchants’ computer systems. The scheme compromised the security of 146,000 payment cards and caused losses greater than $10 million.
New advances in technology for smartphones, tablets and computers, while eagerly embraced by users, often bring new risks of data breaches or loss of data privacy. Companies that allow their employees to use their own personal devices for work-related purposes may be especially vulnerable. Because of these risks, IBM recently decided to ban the use of Siri — the powerful voice-recognition software on the new iPhone — on employees’ phones.
As ever more important and sensitive data is being stored on laptops, the risk of data breaches continues to rise. Reports of another significant data breach resulting from the theft of a laptop serve as a reminder of how vulnerable sensitive data is to theft and how it's critical that employees take care to protect the data in their possession.
Companies that have invested in information security systems that quarantine viruses and detect intruders have discovered a new threat: their employees' personal mobile devices. Increasingly, companies have been letting office workers use their personal smartphones and tablets on the job. It seemed like a win-win solution: Employers gained no-cost access to expensive productivity tools, and employees got to use their preferred mobile devices.
Recently, Global Payments, a major credit card processing company, announced a data security breach. Hackers may have gained access to as many as 1.5 million credit and debit card numbers. Customers’ names, addresses and Social Security numbers were not accessed, according to the processing company, but the large number of records involved is a stark reminder of the scale of the damage a data breach can cause.
Shawn Henry, the executive assistant director of the FBI, commonly known as the Bureau’s “top cyber cop,” raised a dire warning about hacker attacks against corporate data networks. “We’re not winning,” he told the Wall Street Journal.