Central and Eastern European Data Theft Survey 2012

Size: px
Start display at page:

Download "Central and Eastern European Data Theft Survey 2012"

Transcription

1 FORENSIC Central and Eastern European Data Theft Survey 2012 kpmg.com/cee KPMG in Central and Eastern Europe

2 Ever had the feeling that your competitors seem to be in the know about your strategic plans and other confidential information? How many times have you lost the element of surprise on your promotional campaigns? How about the time you had to battle it out with your competitor for the same spot of land or real estate that you were planning to secure for your next location? Think about this scenario: A mid-level manager at a consumer markets company is at odds with his boss and grows more disgruntled by the day. While trawling through the company file server he identifies a draft version of the 3-year business plan as well as some product development materials. He downloads these to a USB stick, which he takes with him when he goes home. Within a month he resigns his post, and within two months he starts working for a major competitor. How probable do you think this scenario is at your company? Do you have the right measures in place to combat this sort of data theft? KPMG in Central and Eastern Europe has surveyed a select number of companies across the region operating in the consumer markets and retail industry to better understand how they perceive the risk of data theft and what they are doing to address it. In summary, the results of the survey indicate that: The vast majority (84%) of respondents perceived data theft as a significant risk to their business. Furthermore, more than half (52%) of respondents thought that the risk of data theft would increase over the next three years. Employees (64%) were generally seen as the most likely perpetrators of data theft, with mid-level management posing the greatest perceived risk. The use of removable media such as USB sticks was recognised as a significant risk by many (61%) respondents, yet very few (16%) indicated that they had measures in place to deal with the threat posed by their use. The data perceived to be most at risk was data related to strategy and planning (80%). Most respondents (59%) assessed the risk of data theft to their organisations on an informal basis and 50% did so only occasionally, meaning that there will be time lags in the recognition and proper assessment of emerging data theft risks. About our respondents Our respondents were employees with responsibility for Information Technology and Security at 44 companies operating in the consumer markets and retail industries; mainly the retail, consumer goods, food and beverages segments in nine countries across Central and Eastern Europe ( CEE ). The companies surveyed represent market leaders in their sector in the particular CEE country and included global, regional and local companies. The majority of responses (in excess of 90%) were collected through personal interviews. Overall perception of risk and susceptibility The vast majority (84%) of respondents perceived data theft as a significant risk to their business. Furthermore, it is not a risk that they perceive to be diminishing: 39% thought that the risk of data theft had increased over the last three years (only 14% thought it had decreased); and 52% thought that the risk of data theft would increase over the next three years (only 9% thought it would decrease). Relatively few of our respondents reported being victims of data theft: only 9% indicated that they were aware of confirmed cases and only 18% indicated that they were aware of suspected cases of data theft during the last three years. The relatively low number of reported breaches may reflect that respondents were reluctant to admit such breaches; it is also possible that respondent companies had suffered data thefts that were not detected, or that were not recognised as data thefts. Irrespective of the number of actual occurrences, it is evident from the responses that the risk was perceived to be high. Source of the threat Whereas most coverage of data theft focuses on the risks presented by external attackers, our respondents generally considered employees to be the most likely perpetrators of data theft (64%). Employees inevitably have access to company data in the normal course of business, and we believe that this plays an important role in their high risk rating KPMG Central and Eastern Europe Ltd., a limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved.

3 Figure 1. Likely perpetrators of data theft Employees/Former Employees 64 Competitors 45 Unknown External Parties (e.g. thieves, anonymous hackers) Suppliers 9 Customers 9 Note: Table shows percentage of respondents indicating listed types of perpetrator as 4 or 5 on a 5 point likelihood scale (1 = Very Unlikely 5 = Very Likely) Respondents in the beverages sector clearly flagged mid-level managers as the most likely category (47%). This may reflect that such employees typically have broader access to high value data than lower level employees. Our respondents pointed out competitors as the second most likely perpetrator of data theft (45%). We consider that this is also related to the threat posed by employees. Companies might be tempted to obtain confidential information from their competitors in order to edge the competitors out and position themselves better in the market. Such information can be related to products, marketing plans, pricing and promotional campaigns, production specifications, supplier and customer data, and business plans and strategies. This information is usually accessible by employees during the normal course of business and can therefore be the subject of corporate espionage attempts by competitors colluding with company employees and managers. Managing the threat of data theft by insiders requires a more nuanced approach than might be appropriate for other potential sources of threat. There will always be a tension between providing employees with access to the information they need to do their jobs effectively and protecting that information against misuse. The same cannot be said for the risk of unauthorised access by external attackers: invariably an event that all organisations would wish to avoid. However, the risk of misuse from within must be considered as part of broader information risk management planning and mitigated accordingly. The challenge of removable media Taking away data on removable media was widely seen by respondents as a likely mode of data theft (61%). Despite 16 this, only 45% of respondents employed endpoint protection software to limit the use of removable media and only 16% monitored the use of removable media. The high risk of data theft using removable media is partly reflective of the absence in many companies of comprehensive measures to control their use. The vast majority of respondents indicated that their companies employed measures to protect against external threats firewalls, anti-virus and anti-malware solutions were almost ubiquitous yet this predominantly internal threat is not sufficiently addressed. Figure 2. Tools and technologies used to minimise the risk of data theft Firewall systems (appliance or software) Anti-virus software 98 Anti-malware software 93 System-specific access rights restrictions filters 82 Network monitoring systems (appliance or software) Internet activity filters 75 Encryption technologies 73 Intrusion detection / prevention systems (appliance or software) Endpoint protection software (e.g. restricting or monitoring the use of user devices and removable storage) Multi-factor authentication technologies Data leak detection / prevention systems Biometric measures Figure 3. Monitoring measures employed by respondents User access to User access at an item systems and reports or folder-level to holding high value data material on internal document management systems Use of web-based or file sharing websites s with attachments sent to web-based addresses 16 Use of removable medias such as removable disks, USB sticks, etc KPMG Central and Eastern Europe Ltd., a limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved.

4 One of the industries that has taken successful strides to address the challenge of removable media is financial services, in particular banks. Measures such as encrypting removable media, disabling CD/DVD drives in desktops and laptops, and restricting network access for smart phones have gone a long way in helping to prevent data theft. Types of information at risk Across all segments details about company strategy and planning were seen to be at high risk of theft. Additionally, in consumer markets, but not among retailers, information about business processes was also perceived to be at risk. The high risk respondents have placed on these types of data may be due to two reasons: such information presents very high value to competitors or partners, and it is often subjected to less stringent control and monitoring than information stored in more structured forms, such as records in a company s ERP system. Consumer markets manufacturers and beverages companies were more concerned about customer-side activity, whereas retailers were more concerned about supplier-side activity. This is consistent with the increased focus of the antitrust authorities across a number of CEE jurisdictions into restrictive trade practices and numerous probes into abuse of dominant market positions. Most respondents did not consider that details about suppliers, customers, or employees are at high risk of theft. This reflects the fact that such sources are typically more tightly controlled than others listed due to data privacy considerations. Figure 4. Types of information at highest risk of data theft Consumer Goods Retailers company strategy and planning supplier-side activity (contracts, total spend, product pricing, discounts etc) 2012 KPMG Central and Eastern Europe Ltd., a limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. business processes customer-side activity (total customers, total spend, product pricing, discounts etc) employees customers designs Note: Percentage of respondents indicating listed types of information as '4' or '5' on a 5 point likelihood scale (1 = Very Unlikely 5 = Very Likely). Split between 'retailers' and 'consumer goods' respondents. 'Consumer goods' covers respondents in the consumer products, food and beverages segments. suppliers

5 Managing the risk While most respondents indicated that they were assessing the risk of data theft it appears that there is room for improvement. Most respondents (59%) assessed the risk informally and 50% did so only occasionally. Very few (11%) reported using external advisors in their assessment efforts, although more reported that they made comprehensive use of independent advisors to perform penetration testing (36%) and to undertake regular audits of security and data protection measures (43%). Figure 5. Assessment of data theft risks Regular audits of the company's security and data protection measures by independent parties Measures to ensure that managers and staff leaving the company do not leak out sensitive information IT measures to secure data interchange with partners Policies regarding data management and security that extend to third parties / business partners Informally Formally Not at all Occasionally Regularly Continuously Not at all Within the company Using external advisors Not at all Note: Respondents could choose all criteria which applied. Some respondents did not answer. The findings seem to reflect the overall underestimation of the issue of data theft. On one hand it is considered to be a high risk, yet it receives little formal attention. There are significant benefits to formal over informal assessment and of regular or continuous assessment over occasional assessment. Formal, regular assessment tends to ensure that risks are reviewed on a systematic basis and that emerging risks are identified quickly. In most organisations the risk of data theft will be one among many responsibilities for the IT department; leveraging external data protection specialists in the assessment process will enable them to draw on a much broader range of experience. Besides the risks presented by removable media, there were various other areas in which respondents indicated that their data protection measures could be stronger. Whilst bolstering some areas may require substantial investment, there are some low hanging fruit: consider the costs of raising awareness among staff, or improving the content data management policies relevant to staff or to third parties. Figure 6. Comprehensiveness of data protection measures IT measures to secure data carried by employees outside company premises Regular notifications to all staff aimed at raising awareness and communicating staff responsibilities about data protection Physical security measures to protect sources of high value data carried by employees outside company premises Regular penetration testing and ethical hacking procedures by independent parties % Respondents 2012 KPMG Central and Eastern Europe Ltd., a limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved Company policies and procedures addressed to employees regarding data management and security IT measures to limit the possibilities for high value data to be removed from inside the network Physical security measures to limit access to premises where high value data is held or can be accessed IT measures to ensure that high value data is secured from external attacks IT measures to restrict access to high value data to relevant users inside the network Note: Graph shows percentage of respondents indicating listed data protection measures as 4 or 5 on a 6 point scale assessing the extent to which the respondent has implemented them (0 = Not Used 5 = Comprehensive Measures) Figure 7. Features of data management policies Indication of employee obligations regarding data security Indication of employee obligations regarding company confidential material Requirement for employee to indicate their agreement with policies Indication that use of company IT equipment and networks is subject to monitoring Indication that personal use of company IT equipment and networks is not permitted The bottom line % of respondents indicated that they were not satisfied with the measures they currently had in place to deal with data theft, amid the increasing risks. How does your organisation compare? KPMG Forensic assists clients in dealing with fraud and misconduct, including investigation into allegations of data theft, digital evidence recovery for legal, criminal and administrative proceedings, proactive data analysis, and reviews of fraud detection systems. KPMG IT Advisory assists clients with detailed reviews of all data management and information security areas, advises on recommendations and provides assistance with the implementation of countermeasures to address identified risks and gaps in these areas

6 For further information about the services offered by KPMG Forensic please contact us: Jimmy Helm Head of Forensic T: Michael Peer Partner, Forensic T: kpmg.com/cee The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavour to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation. The KPMG name, logo and cutting through complexity are registered trademarks or trademarks of KPMG International KPMG Central and Eastern Europe Ltd., a limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved.

Mitigating and managing cyber risk: ten issues to consider

Mitigating and managing cyber risk: ten issues to consider Mitigating and managing cyber risk: ten issues to consider The board of directors is responsible for managing and mitigating risk exposure. A recent study conducted by the Ponemon Institute 1 revealed

More information

The Recover Report. It s business. But it s personal.

The Recover Report. It s business. But it s personal. The Recover Report It s business. But it s personal. Executive summary The Recover Report The perpetrators This report examines a sample of 150 data theft cases handled by Mishcon de Reya. Our research

More information

Forensic Services. kpmg.hu

Forensic Services. kpmg.hu Forensic Services kpmg.hu We help you curb your losses. Our forensic team provides services designed to assist you in matters of a commercial or financial nature that may result in a legal or regulatory

More information

Nine recommendations for alternative funds battling cyber crime. kpmg.ca/cybersecurity

Nine recommendations for alternative funds battling cyber crime. kpmg.ca/cybersecurity Nine recommendations for alternative funds battling cyber crime kpmg.ca/cybersecurity Cyber criminals steal user names and passwords and use it to conduct financial trading activity illicitly. Hackers

More information

Unisys Security Insights: Germany A Consumer Viewpoint - 2015

Unisys Security Insights: Germany A Consumer Viewpoint - 2015 Unisys Security Insights: Germany A Consumer Viewpoint - 2015 How consumers in Germany feel about: Personal data security, ranked by industry Experiences concerning security of personal data Research by

More information

Data Access Request Service

Data Access Request Service Data Access Request Service Guidance Notes on Security Version: 4.0 Date: 01/04/2015 1 Copyright 2014, Health and Social Care Information Centre. Introduction This security guidance is for organisations

More information

A NEW APPROACH TO CYBER SECURITY

A NEW APPROACH TO CYBER SECURITY A NEW APPROACH TO CYBER SECURITY We believe cyber security should be about what you can do not what you can t. DRIVEN BY BUSINESS ASPIRATIONS We work with you to move your business forward. Positively

More information

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Clone Systems Business Security Intelligence Properly Secure Every Business Network Executive Summary

More information

Managing IT Security with Penetration Testing

Managing IT Security with Penetration Testing Managing IT Security with Penetration Testing Introduction Adequately protecting an organization s information assets is a business imperative one that requires a comprehensive, structured approach to

More information

Unit 3 Cyber security

Unit 3 Cyber security 2016 Suite Cambridge TECHNICALS LEVEL 3 IT Unit 3 Cyber security Y/507/5001 Guided learning hours: 60 Version 1 September 2015 ocr.org.uk/it LEVEL 3 UNIT 3: Cyber security Y/507/5001 Guided learning hours:

More information

Data Breaches and Customer Loyalty Report

Data Breaches and Customer Loyalty Report Data Breaches and Customer Loyalty Report Broken Trust: Tis the Season to Be Wary Breakdown of trust between consumers and companies Trust is essential in building relationships, and for organizations

More information

A practical guide to IT security

A practical guide to IT security Data protection A practical guide to IT security Ideal for the small business The Data Protection Act states that appropriate technical and organisational measures shall be taken against unauthorised or

More information

Nine Steps to Smart Security for Small Businesses

Nine Steps to Smart Security for Small Businesses Nine Steps to Smart Security for Small Businesses by David Lacey Co-Founder, Jericho Forum Courtesy of TABLE OF CONTENTS INTRODUCTION... 1 WHY SHOULD I BOTHER?... 1 AREN T FIREWALLS AND ANTI-VIRUS ENOUGH?...

More information

Data Loss Prevention in the Enterprise

Data Loss Prevention in the Enterprise Data Loss Prevention in the Enterprise ISYM 525 Information Security Final Paper Written by Keneth R. Rhodes 12-01-09 In today s world data loss happens multiple times a day. Statistics show that there

More information

WHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR

WHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST Protecting Identities. Enhancing Reputations. IDT911 1 DATA BREACHES AND SUBSEQUENT IDENTITY THEFT AND FRAUD THREATEN YOUR ORGANIZATION

More information

Unisys Security Insights: U.S. A Consumer Viewpoint - 2015

Unisys Security Insights: U.S. A Consumer Viewpoint - 2015 Unisys Security Insights: U.S. A Consumer Viewpoint - 2015 How US consumers feel about Personal data security, ranked by industry Biometrics as a security measure Research by Table of Contents Executive

More information

Cyber Security for audit committees

Cyber Security for audit committees AUDIT COMMITTEE INSTITUTE Cyber Security for audit committees An introduction kpmg.com/globalaci 2 Audit Committee Institute An introduction to cyber security for audit committees Audit committees have

More information

Pursuing Compliance with the FFIEC Guidance Risk Assessment 101 KPMG RISK ADVISORY SERVICES

Pursuing Compliance with the FFIEC Guidance Risk Assessment 101 KPMG RISK ADVISORY SERVICES Pursuing Compliance with the FFIEC Guidance Risk Assessment 101 KPMG RISK ADVISORY SERVICES Contents PART I An Increasing Threat: Identity Theft The FFIEC Response Risk Assessment Fundamentals The FFIEC

More information

The Impact of Cybercrime on Business

The Impact of Cybercrime on Business The Impact of Cybercrime on Business Studies of IT practitioners in the United States, United Kingdom, Germany, Hong Kong and Brazil Sponsored by Check Point Software Technologies Independently conducted

More information

CYBER RISK SECURITY, NETWORK & PRIVACY

CYBER RISK SECURITY, NETWORK & PRIVACY CYBER RISK SECURITY, NETWORK & PRIVACY CYBER SECURITY, NETWORK & PRIVACY In the ever-evolving technological landscape in which we live, our lives are dominated by technology. The development and widespread

More information

Health & Life sciences breach security program. David Houlding MSc CISSP CIPP Healthcare Privacy & Security Lead Intel Health and Life Sciences

Health & Life sciences breach security program. David Houlding MSc CISSP CIPP Healthcare Privacy & Security Lead Intel Health and Life Sciences Health & Life sciences breach security program David Houlding MSc CISSP CIPP Healthcare Privacy & Security Lead Intel Health and Life Sciences Overview 1. Healthcare Security Research / Directions 2. Healthcare

More information

Bellevue University Cybersecurity Programs & Courses

Bellevue University Cybersecurity Programs & Courses Undergraduate Course List Core Courses: CYBR 250 Introduction to Cyber Threats, Technologies and Security CIS 311 Network Security CIS 312 Securing Access Control CIS 411 Assessments and Audits CYBR 320

More information

Policy. London School of Economics & Political Science. Remote Access Policy. IT Services. Jethro Perkins. Information Security Manager.

Policy. London School of Economics & Political Science. Remote Access Policy. IT Services. Jethro Perkins. Information Security Manager. London School of Economics & Political Science IT Services Policy Remote Access Policy Jethro Perkins Information Security Manager Summary This document outlines the controls from ISO27002 that relate

More information

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft Cyber Security and Privacy Services Working in partnership with you to protect your organisation from cyber security threats and data theft 2 Cyber Security and Privacy Services What drives your security

More information

THE HITACHI WAY. White Paper. By HitachiSoft America Security Solutions Group. September, 2009 HITACHI SOFTWARE ENGINEERING AMERICA, LTD.

THE HITACHI WAY. White Paper. By HitachiSoft America Security Solutions Group. September, 2009 HITACHI SOFTWARE ENGINEERING AMERICA, LTD. Data Loss Prevention Implementation Initiatives THE HITACHI WAY White Paper By HitachiSoft America Security Solutions Group September, 2009 HITACHI SOFTWARE ENGINEERING AMERICA, LTD. Executive Summary

More information

OCR LEVEL 3 CAMBRIDGE TECHNICAL

OCR LEVEL 3 CAMBRIDGE TECHNICAL Cambridge TECHNICALS OCR LEVEL 3 CAMBRIDGE TECHNICAL CERTIFICATE/DIPLOMA IN IT NETWORKED SYSTEMS SECURITY J/601/7332 LEVEL 3 UNIT 28 GUIDED LEARNING HOURS: 60 UNIT CREDIT VALUE: 10 NETWORKED SYSTEMS SECURITY

More information

Protecting the organization against the unknown. A new generation of threats

Protecting the organization against the unknown. A new generation of threats Protecting the organization against the unknown A new generation of threats February 2014 Contents Scope of the research 3 Research methodology 3 Aims of the research 3 Summary of key findings 4 IT security

More information

CPNI VIEWPOINT CONFIGURING AND MANAGING REMOTE ACCESS FOR INDUSTRIAL CONTROL SYSTEMS

CPNI VIEWPOINT CONFIGURING AND MANAGING REMOTE ACCESS FOR INDUSTRIAL CONTROL SYSTEMS CPNI VIEWPOINT CONFIGURING AND MANAGING REMOTE ACCESS FOR INDUSTRIAL CONTROL SYSTEMS MARCH 2011 Acknowledgements This Viewpoint is based upon the Recommended Practice: Configuring and Managing Remote Access

More information

IT OUTSOURCING SECURITY

IT OUTSOURCING SECURITY IT OUTSOURCING SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without

More information

Who s next after TalkTalk?

Who s next after TalkTalk? Who s next after TalkTalk? Frequently Asked Questions on Cyber Risk Fraud threat to millions of TalkTalk customers TalkTalk cyber-attack: website hit by significant breach These are just two of the many

More information

Computer Security Incident Response Planning. Preparing for the Inevitable

Computer Security Incident Response Planning. Preparing for the Inevitable Computer Security Incident Response Planning Preparing for the Inevitable Introduction Computers and computer networks have been part of the corporate landscape for decades. But it s only in the last five

More information

Demystifying Cyber Insurance. Jamie Monck-Mason & Andrew Hill. Introduction. What is cyber? Nomenclature

Demystifying Cyber Insurance. Jamie Monck-Mason & Andrew Hill. Introduction. What is cyber? Nomenclature Demystifying Cyber Insurance Jamie Monck-Mason & Andrew Hill Introduction What is cyber? Nomenclature 1 What specific risks does cyber insurance cover? First party risks - losses arising from a data breach

More information

Symantec Protection Suite Enterprise Edition for Servers Complete and high performance protection where you need it

Symantec Protection Suite Enterprise Edition for Servers Complete and high performance protection where you need it Complete and high performance protection where you need it Overview delivers high-performance protection against physical and virtual server downtime with policy based prevention, using multiple protection

More information

Global Corporate IT Security Risks: 2013

Global Corporate IT Security Risks: 2013 Global Corporate IT Security Risks: 2013 May 2013 For Kaspersky Lab, the world s largest private developer of advanced security solutions for home users and corporate IT infrastructures, meeting the needs

More information

DATA BREACH COVERAGE

DATA BREACH COVERAGE THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ THIS CAREFULLY. DATA BREACH COVERAGE SCHEDULE OF COVERAGE LIMITS Coverage Limits of Insurance Data Breach Coverage $50,000 Legal Expense Coverage $5,000

More information

Global IT Security Risks: 2012

Global IT Security Risks: 2012 Global IT Security Risks: 2012 Kaspersky Lab is a leading developer of secure content and threat management solutions and was recently named a Leader in the Gartner Magic Quadrant for Endpoint Protection

More information

Cyber Security, a theme for the boardroom www.kpmg.com/nl/cybersecurity

Cyber Security, a theme for the boardroom www.kpmg.com/nl/cybersecurity IT ADVISORY Cyber Security, a theme for the boardroom www.kpmg.com/nl/cybersecurity TABLE OF CONTENTS 1 Cyber security, a theme for the boardroom 3 2 What is cyber security? 4 3 Relevance to the boardroom

More information

THE FFIEC CHALLENGE A Call for Reliable Authentication

THE FFIEC CHALLENGE A Call for Reliable Authentication THE FFIEC CHALLENGE A Call for Reliable Authentication March 14, 2006 ISACA LOS ANGELES RISK ADVISORY SERVICES INFORMATION RISK MANAGEMENT Agenda The FFIEC Challenge Current/Future Authentication Scenarios

More information

White Paper on Financial Industry Regulatory Climate

White Paper on Financial Industry Regulatory Climate White Paper on Financial Industry Regulatory Climate According to a 2014 report on threats to the financial services sector, 45% of financial services organizations polled had suffered economic crime during

More information

Finding a Cure for Medical Identity Theft

Finding a Cure for Medical Identity Theft Finding a Cure for Medical Identity Theft A look at the rise of medical identity theft and what small healthcare organizations are doing to address threats October 2014 www.csid.com TABLE OF CONTENTS SUMMARY

More information

The potential legal consequences of a personal data breach

The potential legal consequences of a personal data breach The potential legal consequences of a personal data breach Tue Goldschmieding, Partner 16 April 2015 The potential legal consequences of a personal data breach 15 April 2015 Contents 1. Definitions 2.

More information

Institute of Internal Auditors Cyber Security. Birmingham Event 15 th May 2014 Jason Alexander

Institute of Internal Auditors Cyber Security. Birmingham Event 15 th May 2014 Jason Alexander Institute of Internal Auditors Cyber Security Birmingham Event 15 th May 2014 Jason Alexander Introduction Boards growing concern with Cyber Risk Cyber risk is not new, but incidents have increased in

More information

This factsheet is for: Senior management of small firms that handle, store or dispose of customers personal data in the course of their business.

This factsheet is for: Senior management of small firms that handle, store or dispose of customers personal data in the course of their business. FSA factsheet for All firms This factsheet is for: Senior management of small firms that handle, store or dispose of customers personal data in the course of their business. It explains: What you should

More information

Guidelines. London School of Economics & Political Science. Remote Access and Mobile Working Guidelines. Information Management and Technology

Guidelines. London School of Economics & Political Science. Remote Access and Mobile Working Guidelines. Information Management and Technology London School of Economics & Political Science Information Management and Technology Guidelines Remote Access and Mobile Working Guidelines Jethro Perkins Information Security Manager Summary This document

More information

safe and sound processing online card payments securely

safe and sound processing online card payments securely safe and sound processing online card payments securely Executive summary The following information and guidance is intended to provide key payment security advice to new or existing merchants who trade

More information

At its meeting in March 2012, the Committee approved the Internal Audit Plan for 2012-13.

At its meeting in March 2012, the Committee approved the Internal Audit Plan for 2012-13. Audit Committee 28 Internal audit report ICT Security Executive summary and recommendations Introduction Mazars has undertaken a review of ICT Security controls, in accordance with the internal audit plan

More information

Protection of Computer Data and Software

Protection of Computer Data and Software April 2011 Country of Origin: United Kingdom Protection of Computer Data and Software Introduction... 1 Responsibilities...2 User Control... 2 Storage of Data and Software... 3 Printed Data... 4 Personal

More information

Performanta Pty Ltd. Company Profile. May 2012. Trust. Practical. Performanta.

Performanta Pty Ltd. Company Profile. May 2012. Trust. Practical. Performanta. May 2012 Trust. Practical. Performanta. Company Overview Performanta Pty Ltd is an information security organisation that has a practical approach, competitively priced services, strong client commitment,

More information

INVESTIGATIONS REPORT

INVESTIGATIONS REPORT 2014 DATA BREACH INVESTIGATIONS REPORT Executive Summary INSIDER MISUSE DOS ATTACKS MISCELLANEOUS ERRORS PHYSICAL THEFT AND LOSS CYBER-ESPIONAGE CRIMEWARE PAYMENT CARD SKIMMERS WEB APP ATTACKS 92 % THE

More information

Data Breach and Senior Living Communities May 29, 2015

Data Breach and Senior Living Communities May 29, 2015 Data Breach and Senior Living Communities May 29, 2015 Todays Objectives: 1. Discuss Current Data Breach Trends & Issues 2. Understanding Why The Senior Living Industry May Be A Target 3. Data Breach Costs

More information

7 VITAL FACTS ABOUT HEALTHCARE BREACHES. www.eset.com

7 VITAL FACTS ABOUT HEALTHCARE BREACHES. www.eset.com 7 VITAL FACTS ABOUT HEALTHCARE BREACHES www.eset.com 7 vital facts about healthcare breaches Essential information for protecting your business and your patients Large breaches of Personal Health Information

More information

TOOLBOX. ABA Financial Privacy

TOOLBOX. ABA Financial Privacy ABA Financial Privacy TOOLBOX This tool will help ensure that privacy remains a core value in all corners of your institution. The success of your privacy program depends upon your board s and your management

More information

2014 NETWORK SECURITY & CYBER RISK MANAGEMENT: A SURVEY OF ENTERPRISE-WIDE CYBER RISK MANAGEMENT PRACTICES IN THE ASIA-PACIFIC REGION

2014 NETWORK SECURITY & CYBER RISK MANAGEMENT: A SURVEY OF ENTERPRISE-WIDE CYBER RISK MANAGEMENT PRACTICES IN THE ASIA-PACIFIC REGION 2014 NETWORK SECURITY & CYBER RISK MANAGEMENT: A SURVEY OF ENTERPRISE-WIDE CYBER RISK MANAGEMENT PRACTICES IN THE ASIA-PACIFIC REGION April 2014 Sponsored by: 2014 Network Security & Cyber Risk Management:

More information

Wireless (In)Security Trends in the Enterprise

Wireless (In)Security Trends in the Enterprise A Whitepaper by AirTight Networks, Inc. 339 N. Bernardo Avenue, Suite 200, Mountain View, CA 94043 www.airtightnetworks.com 2012 AirTight Networks, Inc. All rights reserved. WiFi is proliferating fast.

More information

IT Security. Securing Your Business Investments

IT Security. Securing Your Business Investments Securing Your Business Investments IT Security NCS GROUP OFFICES Australia Bahrain China Hong Kong SAR India Korea Malaysia Philippines Singapore Sri Lanka Securing Your Business Investments! Information

More information

PCI Compliance for Healthcare

PCI Compliance for Healthcare PCI Compliance for Healthcare Best practices for securing payment card data In just five years, criminal attacks on healthcare organizations are up by a stunning 125%. 1 Why are these data breaches happening?

More information

AB 1149 Compliance: Data Security Best Practices

AB 1149 Compliance: Data Security Best Practices AB 1149 Compliance: Data Security Best Practices 1 Table of Contents Executive Summary & Overview 3 Data Security Best Practices 4 About Aurora 10 2 Executive Summary & Overview: AB 1149 is a new California

More information

External Supplier Control Requirements

External Supplier Control Requirements External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must

More information

DATA SECURITY BREACH: THE NEW THIRD CERTAINTY OF LIFE

DATA SECURITY BREACH: THE NEW THIRD CERTAINTY OF LIFE DATA SECURITY BREACH: THE NEW THIRD CERTAINTY OF LIFE ACC-Charlotte February 4, 2015 THIS WILL NEVER HAPPEN TO ME! Death, Taxes & Data Breach Not just Home Depot, Target or Sony Do you employ the next

More information

University of Brighton School and Departmental Information Security Policy

University of Brighton School and Departmental Information Security Policy University of Brighton School and Departmental Information Security Policy This Policy establishes and states the minimum standards expected. These policies define The University of Brighton business objectives

More information

CYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES

CYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES POINT OF VIEW CYBERSECURITY IN FINANCIAL SERVICES Financial services institutions are globally challenged to keep pace with changing and covert cybersecurity threats while relying on traditional response

More information

BDO NORDIC. Investigation, fraud prevention and computer forensics. You can guess. You can assume. Or you can know. And knowing is always better.

BDO NORDIC. Investigation, fraud prevention and computer forensics. You can guess. You can assume. Or you can know. And knowing is always better. BDO NORDIC Investigation, fraud prevention and computer forensics You can guess. You can assume. Or you can know. And knowing is always better. CONTENT OUR SERVICES 3 Investigation - Identifying the facts

More information

Top tips for improved network security

Top tips for improved network security Top tips for improved network security Network security is beleaguered by malware, spam and security breaches. Some criminal, some malicious, some just annoying but all impeding the smooth running of a

More information

NHS Information Governance:

NHS Information Governance: NHS Information Governance: Information Risk Management Guidance: Social Interaction Good Practice Department of Health Informatics Directorate February 2012 1 Amendment History Version Date Amendment

More information

Ten Tips for Managing Risks on Convergent Networks The Risk Management Group

Ten Tips for Managing Risks on Convergent Networks The Risk Management Group Ten Tips for Managing Risks on Convergent Networks The Risk Management Group April 2012 Sponsored by: Lavastorm Analytics is a global business performance analytics company that enables companies to analyze,

More information

AWARENESS T E C H N O L O G I E S. Complete internal threat solution on the endpoint delivered as a service. A Whitepaper By Ron Penna

AWARENESS T E C H N O L O G I E S. Complete internal threat solution on the endpoint delivered as a service. A Whitepaper By Ron Penna Complete internal threat solution on the endpoint delivered as a service About, Inc, Inc (ATI) is a Los Angeles, California company founded in 2002 who has over 200,000 total users and 10,000 corporate

More information

The Impact of HIPAA and HITECH

The Impact of HIPAA and HITECH The Health Insurance Portability & Accountability Act (HIPAA), enacted 8/21/96, was created to protect the use, storage and transmission of patients healthcare information. This protects all forms of patients

More information

CP3043 Social, Legal and Professional Aspects of Computing. Mr Graham Brown. Assessment 2

CP3043 Social, Legal and Professional Aspects of Computing. Mr Graham Brown. Assessment 2 CP3043 Social, Legal and Professional Aspects of Computing Mr Graham Brown Assessment 2 Colin Hopson 0482647 Wednesday 16 th April 2008 i Contents 1 Introduction... 1 1.1 The Bridgeway Building Society...

More information

Digital Forensics Services

Digital Forensics Services Digital Forensics Services A KPMG SERVICE FOR G-CLOUD VII October 2015 kpmg.co.uk Digital Forensics Services KPMG PROVIDES RELIABLE END TO END COMPUTER FORENSIC AND EXPERT WITNESS SERVICES We bring together

More information

CSI/FBI 2000 COMPUTER CRIME AND SECURITY SURVEY

CSI/FBI 2000 COMPUTER CRIME AND SECURITY SURVEY CSI/FBI 00 COMPUTER CRIME AND SECURITY SURVEY Statement of intent This survey was conducted by the Computer Security Institute (CSI) in association with the San Francisco Computer Crime Squad of the Federal

More information

SECURITY, CYBER AND NETWORK INSURANCE SECURING YOUR FUTURE

SECURITY, CYBER AND NETWORK INSURANCE SECURING YOUR FUTURE SECURITY, CYBER AND NETWORK INSURANCE SECURING YOUR FUTURE Businesses today rely heavily on computer networks. Using computers, and logging on to public and private networks has become second nature to

More information

E Commerce and Internet Security

E Commerce and Internet Security E Commerce and Internet Security Zachary Rosen, CFE, CIA President, ACFE Czech Republic Chapter Introduction The Internet has become a global phenomenon reshaping the way we communicate and conduct business.

More information

London Business Interruption Association Technology new risks and opportunities for the Insurance industry

London Business Interruption Association Technology new risks and opportunities for the Insurance industry London Business Interruption Association Technology new risks and opportunities for the Insurance industry Kiran Nagaraj Senior Manager, KPMG LLP February 2014 Agenda Introduction The world we live in

More information

Data loss prevention and endpoint security. Survey findings

Data loss prevention and endpoint security. Survey findings Data loss prevention and endpoint security Survey findings Table of Contents Overview 3 Executive summary 4 Half of companies have lost confidential information through removable media 5 Intellectual property

More information

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster Security Standards Symantec shall maintain administrative, technical, and physical safeguards for the Symantec Network designed to (i) protect the security and integrity of the Symantec Network, and (ii)

More information

Cyber threat intelligence and the lessons from law enforcement. kpmg.com.au

Cyber threat intelligence and the lessons from law enforcement. kpmg.com.au Cyber threat intelligence and the lessons from law enforcement kpmg.com.au Introduction Cyber security breaches are rarely out of the media s eye. As adversary sophistication increases, many organisations

More information

Data Security Initiatives. The Layered Approach. Melissa Perisce Regional Director, Global Services, South Asia April 25, 2010

Data Security Initiatives. The Layered Approach. Melissa Perisce Regional Director, Global Services, South Asia April 25, 2010 Data Security Initiatives The Layered Approach Melissa Perisce Regional Director, Global Services, South Asia April 25, 2010 2009 Verizon. All Rights Reserved. PTEXXXXX XX/09 Intel Case Study Asia North

More information

Information Security Policy

Information Security Policy Information Security Policy Last updated By A. Whillance/ Q. North/ T. Hanson On April 2015 This document and other Information Services documents are held online on our website: https://staff.brighton.ac.uk/is

More information

Compromises in Healthcare Privacy due to Data Breaches

Compromises in Healthcare Privacy due to Data Breaches Compromises in Healthcare Privacy due to Data Breaches S. Srinivasan, PhD Distinguished Professor of Information Systems Jesse H. Jones School of Business Texas Southern University, Houston, Texas, USA

More information

on Data and Identity Theft*

on Data and Identity Theft* on Data and Identity Theft* What you need to know about emerging topics essential to your business. Brought to you by PricewaterhouseCoopers. October 2008 A collaborative business world s Achilles heel

More information

GUIDANCE SOFTWARE WHITEPAPER. Tackling the Causes of Data Leakage and Data Loss

GUIDANCE SOFTWARE WHITEPAPER. Tackling the Causes of Data Leakage and Data Loss GUIDANCE SOFTWARE WHITEPAPER TACKLING THE CAUSES OF DATA LEAKAGE AND DATA LOSS Tackling the Causes of Data Leakage and Data Loss I. Introduction Sometimes people have no choice but to provide personal

More information

Cyber and Data Security. Proposal form

Cyber and Data Security. Proposal form Cyber and Data Security Proposal form This proposal form must be completed and signed by a principal, director or a partner of the proposed insured. Cover and Quotation requirements Please indicate which

More information

INSTANT MESSAGING SECURITY

INSTANT MESSAGING SECURITY INSTANT MESSAGING SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part

More information

Absolute Software. Complying with Australian Privacy Law: Protecting Privacy with Endpoint Security WHITEPAPER. Table of Contents. www.absolute.

Absolute Software. Complying with Australian Privacy Law: Protecting Privacy with Endpoint Security WHITEPAPER. Table of Contents. www.absolute. Complying with Australian Privacy Law: Protecting Privacy with Endpoint Security Table of Contents Highlights... 2 Endpoint Devices: Increasing Risks for Organisations... 3 The New Law: Getting Serious

More information

2015 Travelers Business Risk Index. Findings from a survey of U.S. business risk decision makers May 2015

2015 Travelers Business Risk Index. Findings from a survey of U.S. business risk decision makers May 2015 2015 Travelers Business Risk Index Findings from a survey of U.S. business risk decision makers May 2015 Contents executive summary 2 Rising medical and benefit costs 3 Cyber risks 3 Legal liability 4

More information

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility CYBER SECURITY AND RISK MANAGEMENT An Executive level responsibility Cyberspace poses risks as well as opportunities Cyber security risks are a constantly evolving threat to an organisation s ability to

More information

Close the security gap with a unified approach. Detect, block and remediate risks faster with end-to-end visibility of the security cycle

Close the security gap with a unified approach. Detect, block and remediate risks faster with end-to-end visibility of the security cycle Close the security gap with a unified approach Detect, block and remediate risks faster with end-to-end visibility of the security cycle Events are not correlated. Tools are not integrated. Teams are not

More information

Cyber Security and Information Assurance Controls Prevention and Reaction NOVEMBER 2013

Cyber Security and Information Assurance Controls Prevention and Reaction NOVEMBER 2013 Cyber Security and Information Assurance Controls Prevention and Reaction 1 About Enterprise Risk Management Capabilities Cyber Security Risk Management Information Assurance Strategic Governance Regulatory

More information

University of Kent Information Services Information Technology Security Policy

University of Kent Information Services Information Technology Security Policy University of Kent Information Services Information Technology Security Policy IS/07-08/104 (A) 1. General The University IT Security Policy (the Policy) shall be approved by the Information Systems Committee

More information

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS CONTENTS PAGE RECONNAISSANCE STAGE 4 INCURSION STAGE 5 DISCOVERY STAGE 6 CAPTURE STAGE 7 EXFILTRATION STAGE

More information

Whitepaper on AuthShield Two Factor Authentication with ERP Applications

Whitepaper on AuthShield Two Factor Authentication with ERP Applications Whitepaper on AuthShield Two Factor Authentication with ERP Applications By INNEFU Labs Pvt. Ltd Table of Contents 1. Overview... 3 2. Threats to account passwords... 4 2.1 Social Engineering or Password

More information

IM&T POLICY & PROCEDURE (IM&TPP 01) Anti-Virus Policy. Notification of Policy Release: Distribution by Communication Managers

IM&T POLICY & PROCEDURE (IM&TPP 01) Anti-Virus Policy. Notification of Policy Release: Distribution by Communication Managers IM&T POLICY & PROCEDURE (IM&TPP 01) Anti-Virus Policy DOCUMENT INFORMATION Author: Vince Weldon Associate Director of IM&T Approval: Executive This document replaces: IM&T Policy No. 1 Anti Virus Version

More information

IBM Global Small and Medium Business. Keep Your IT Infrastructure and Assets Secure

IBM Global Small and Medium Business. Keep Your IT Infrastructure and Assets Secure IBM Global Small and Medium Business Keep Your IT Infrastructure and Assets Secure Contents 2 Executive overview 4 Monitor IT infrastructure to prevent malicious threats 5 Protect IT assets and information

More information

DNA of Cybersecurity Risks. Credit Union Executive Leadership Symposium

DNA of Cybersecurity Risks. Credit Union Executive Leadership Symposium DNA of Risks Credit Union Executive Leadership Symposium CUNA Mutual Group Proprietary Reproduction, Adaptation or Distribution Prohibited 2016 CUNA Mutual Group, All Rights Reserved. What s in store for

More information

Cybercrime: risks, penalties and prevention

Cybercrime: risks, penalties and prevention Cybercrime: risks, penalties and prevention Cyber attacks have been appearing in the news with increased frequency and recent victims of cybercrime have included well-known companies such as Sony, LinkedIn,

More information

I D C A N A L Y S T C O N N E C T I O N

I D C A N A L Y S T C O N N E C T I O N I D C A N A L Y S T C O N N E C T I O N Simon Piff Associate Vice President, Enterprise Infrastructure IDC Asia/Pacific C o n t e n t S e curity: I m p o r t a n c e o f Protecting I n f o r m a t i o

More information

Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution

Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: March 2013 Ponemon Institute Research Report

More information

Research Imperatives

Research Imperatives Research Imperatives Areas of Research Needed in Information Security Julie J.C.H. Ryan, D.Sc. Assistant Professor The George Washington University What We Know Technology Fabulous research going on in

More information

ERM Symposium April 2009. Moderator Nancy Bennett

ERM Symposium April 2009. Moderator Nancy Bennett ERM Symposium April 2009 RI4-Implementing a Comprehensive Privacy Program John Kelly Joseph Nocera Moderator Nancy Bennett Data & Identity Theft: Keeping sensitive data out of the wrong hands Presented

More information