85% of organizations worldwide experienced an internal information security incident last year, some of which led to sensitive data loss, according to the Global Corporate IT Security Risks 2013 survey carried out by the B2B International research agency and Kaspersky Lab. The survey found that the three most common types of internal threats are: vulnerabilities or flaws in existing software, accidental leaks of data due to human error, and the loss or theft of mobile devices.
Most companies around the globe understand the importance of IT security preventive measures and implement them to varying degrees. In order to minimize internal security risks, half of the organizations surveyed have network structures that, for example, separate mission-critical networks from other networks and 52% use different levels of access privilege to IT systems.
However, many companies admit that existing measures are insufficient and some are increasingly implementing new security solutions which could enforce policies and provide additional protection from data loss. For instance, less than half the companies surveyed use application control, device control or an anti-malware agent for mobile devices. Even fewer organizations have implemented a Mobile Device Management solution (24%) or encryption on removable devices (33%).
Another problem is that employees do not always comply with existing corporate security policies, and less than half of companies (46%) have clearly outlined sanctions and disciplinary procedures for when IT security policies are breached. Meanwhile, just under half (48%) of the companies polled feel that security policies actually bring any value to the staff.
Reblogged from Internal Audit Software:
Many continue to use spreadsheet tools as their ‘default’ approach for data analysis for a few main reasons. Obviously the software has high availability, with the majority of businesses use Microsoft™ as their operating system whist Microsoft Excel® is the most recognised spreadsheet tool in the market for data entry.It becomes a habit. Spreadsheet tools are familiar, comfortable and many (instinctively) attempt to use a spreadsheet tool to fulfil data analysis objectives.
Read more… 439 more words
Leading fraud consultancy UK Fraud (www.ukfraud.co.uk) has identified 10 key trends that will characterise the domestic fraud prevention market in 2013.
Bill Trueman, widely accepted as a leading fraud expert in Europe, has extensive experience in banking, insurance and financial services sectors. Turueman’s UK based consultancy, UKFraud, has an impressive international track record of eliminating the risk of fraud.
The trends are:
- With more high quality data becoming available to fraudsters than ever before, an economy forecast to contract and the UK’s benefits spend reducing, overall fraud levels will continue to increase dramatically across the UK and the rest of Europe. Fraud hotspots most likely to be affected in 2013 include: banks and card companies, insurers, online merchants, retailers and government be it HMRC, the universal credit scheme or local authorities.
- The types of fraud likely to see the biggest growth will be CNP (Card Not Present) card fraud, other forms of cybercrime, internal fraud, and supply chain fraud. Procurement fraud is also set to rise significantly. In contracting economies, evidence suggests that people inside this function can be put under pressure to defraud.
- Mortgage fraud is also set to surge in 2013, with credit rating experts pointing the finger at further rises in first-party fraud – i.e. where people misrepresent their finances whilst applying for mortgages. Once again the economic climate is a significant contributor in this.
- Recent spectacular mass data breaches and suspicion of cloud security in some areas will continue. An increasingly greater emphasis will be placed upon PCI DSS and other data security and integrity issues. Already, the daily number of automated attacks on bank and retailer systems runs into the millions, which means that we will continue to see major high-profile data breaches both reported and otherwise.
- Solutions will be based around systems for acquirers, online merchants and PSPs, who are regularly the victims of CNP fraud – where fraud is growing fast in line with the growth in internet based payments. Increasingly, solutions will move to better and newer generations of screening, scoring and risk based monitoring, such as those based upon Bayesian based fraud detection systems. These will start to pose a real challenge to older systems based on ‘so called’ Neural Networks.
- Most people feel that there could be a lack of unified central direction and strategy from government. The lack of a pan-European strategy will also prevail. The UK government’s response is divided between the NFA, the Cyber Crimes unit and the Cabinet Office’s FED (Fraud Error and Debt Initiative). Some believe passionately that the lack of a unified central government strategy will drive up fraud significantly in 2013. On the positive side, at least some of the civil servants who have been involved in the NFA since the beginning are starting to gain real experience of the sector and an appreciation of the enormous challenges they face. The DWP is also tendering to get some real-world fraud strategy skills into their midst too, which should prove invaluable given the changes due with the Universal Credit.
- The USA is increasingly ready for a policy U-turn on the adoption of signature as the CVM of choice. The US market will find it increasingly difficult to evolve in a global payment systems world without the protections offered either by PINs – or a ‘next generation’ solution. As the rest of the world is moving (or largely has moved) in this direction already, 2013 could see this U-turn as fraud increasingly migrates to the US.
- Major insurers will continue to develop a strong and very credible fraud prevention solution based around the ‘front end’ (underwriting stage of business) The emphasis on delivering a strong industry wide data-sharing drive will also continue to increase; although a whole re-think of the industry fraud register will be needed to address Data Protection Act requirements.
- There will be a major shift in the presence, position and fraud service offerings of one or more of the major data-bureaux (such as credit reference agencies), as more solutions either move ‘in-house’ or move to systems developed by a host of new players in various fraud sectors.
- And there will be some surprises as there always are – whether they are policemen ‘on-the-take’, another raft of politicians fiddling their expenses, or further high profile banks brought to their knees by (usually) rogue traders.
“The current economic climate is driving change and there is an evolution in the world of fraud prevention that we have not seen before,” Says Bill Trueman, CEO of UK Fraud. “However, if we are to stay ahead of the fraudster, we have to be able to read these trends and manage both our strategy and the risks accordingly. In highlighting what we see as the trends, we aim to contribute to the debate and raise awareness of the risks. By keeping this debate alive we hope that fraud prevention will shortly gain an even greater emphasis in key seats of power – be that in the boardroom or within key government departments.”
UKFraud is a leading UK based consultancy, with an impressive international track record of eliminating the risk of fraud. Its founder Bill Trueman is widely accepted as one of Europe’s leading fraud experts and a frequent commentator and writer on the issues involved. Trueman has extensive experience of the banking, insurance and the financial services sectors and is a thought leader at the forefront of many industry wide and international debates.