Central and Eastern European Data Theft Survey 2012
|
|
- Constance Hardy
- 8 years ago
- Views:
Transcription
1 FORENSIC Central and Eastern European Data Theft Survey 2012 kpmg.com/cee KPMG in Central and Eastern Europe
2 Ever had the feeling that your competitors seem to be in the know about your strategic plans and other confidential information? How many times have you lost the element of surprise on your promotional campaigns? How about the time you had to battle it out with your competitor for the same spot of land or real estate that you were planning to secure for your next location? Think about this scenario: A mid-level manager at a consumer markets company is at odds with his boss and grows more disgruntled by the day. While trawling through the company file server he identifies a draft version of the 3-year business plan as well as some product development materials. He downloads these to a USB stick, which he takes with him when he goes home. Within a month he resigns his post, and within two months he starts working for a major competitor. How probable do you think this scenario is at your company? Do you have the right measures in place to combat this sort of data theft? KPMG in Central and Eastern Europe has surveyed a select number of companies across the region operating in the consumer markets and retail industry to better understand how they perceive the risk of data theft and what they are doing to address it. In summary, the results of the survey indicate that: The vast majority (84%) of respondents perceived data theft as a significant risk to their business. Furthermore, more than half (52%) of respondents thought that the risk of data theft would increase over the next three years. Employees (64%) were generally seen as the most likely perpetrators of data theft, with mid-level management posing the greatest perceived risk. The use of removable media such as USB sticks was recognised as a significant risk by many (61%) respondents, yet very few (16%) indicated that they had measures in place to deal with the threat posed by their use. The data perceived to be most at risk was data related to strategy and planning (80%). Most respondents (59%) assessed the risk of data theft to their organisations on an informal basis and 50% did so only occasionally, meaning that there will be time lags in the recognition and proper assessment of emerging data theft risks. About our respondents Our respondents were employees with responsibility for Information Technology and Security at 44 companies operating in the consumer markets and retail industries; mainly the retail, consumer goods, food and beverages segments in nine countries across Central and Eastern Europe ( CEE ). The companies surveyed represent market leaders in their sector in the particular CEE country and included global, regional and local companies. The majority of responses (in excess of 90%) were collected through personal interviews. Overall perception of risk and susceptibility The vast majority (84%) of respondents perceived data theft as a significant risk to their business. Furthermore, it is not a risk that they perceive to be diminishing: 39% thought that the risk of data theft had increased over the last three years (only 14% thought it had decreased); and 52% thought that the risk of data theft would increase over the next three years (only 9% thought it would decrease). Relatively few of our respondents reported being victims of data theft: only 9% indicated that they were aware of confirmed cases and only 18% indicated that they were aware of suspected cases of data theft during the last three years. The relatively low number of reported breaches may reflect that respondents were reluctant to admit such breaches; it is also possible that respondent companies had suffered data thefts that were not detected, or that were not recognised as data thefts. Irrespective of the number of actual occurrences, it is evident from the responses that the risk was perceived to be high. Source of the threat Whereas most coverage of data theft focuses on the risks presented by external attackers, our respondents generally considered employees to be the most likely perpetrators of data theft (64%). Employees inevitably have access to company data in the normal course of business, and we believe that this plays an important role in their high risk rating KPMG Central and Eastern Europe Ltd., a limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved.
3 Figure 1. Likely perpetrators of data theft Employees/Former Employees 64 Competitors 45 Unknown External Parties (e.g. thieves, anonymous hackers) Suppliers 9 Customers 9 Note: Table shows percentage of respondents indicating listed types of perpetrator as 4 or 5 on a 5 point likelihood scale (1 = Very Unlikely 5 = Very Likely) Respondents in the beverages sector clearly flagged mid-level managers as the most likely category (47%). This may reflect that such employees typically have broader access to high value data than lower level employees. Our respondents pointed out competitors as the second most likely perpetrator of data theft (45%). We consider that this is also related to the threat posed by employees. Companies might be tempted to obtain confidential information from their competitors in order to edge the competitors out and position themselves better in the market. Such information can be related to products, marketing plans, pricing and promotional campaigns, production specifications, supplier and customer data, and business plans and strategies. This information is usually accessible by employees during the normal course of business and can therefore be the subject of corporate espionage attempts by competitors colluding with company employees and managers. Managing the threat of data theft by insiders requires a more nuanced approach than might be appropriate for other potential sources of threat. There will always be a tension between providing employees with access to the information they need to do their jobs effectively and protecting that information against misuse. The same cannot be said for the risk of unauthorised access by external attackers: invariably an event that all organisations would wish to avoid. However, the risk of misuse from within must be considered as part of broader information risk management planning and mitigated accordingly. The challenge of removable media Taking away data on removable media was widely seen by respondents as a likely mode of data theft (61%). Despite 16 this, only 45% of respondents employed endpoint protection software to limit the use of removable media and only 16% monitored the use of removable media. The high risk of data theft using removable media is partly reflective of the absence in many companies of comprehensive measures to control their use. The vast majority of respondents indicated that their companies employed measures to protect against external threats firewalls, anti-virus and anti-malware solutions were almost ubiquitous yet this predominantly internal threat is not sufficiently addressed. Figure 2. Tools and technologies used to minimise the risk of data theft Firewall systems (appliance or software) Anti-virus software 98 Anti-malware software 93 System-specific access rights restrictions filters 82 Network monitoring systems (appliance or software) Internet activity filters 75 Encryption technologies 73 Intrusion detection / prevention systems (appliance or software) Endpoint protection software (e.g. restricting or monitoring the use of user devices and removable storage) Multi-factor authentication technologies Data leak detection / prevention systems Biometric measures Figure 3. Monitoring measures employed by respondents User access to User access at an item systems and reports or folder-level to holding high value data material on internal document management systems Use of web-based or file sharing websites s with attachments sent to web-based addresses 16 Use of removable medias such as removable disks, USB sticks, etc KPMG Central and Eastern Europe Ltd., a limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved.
4 One of the industries that has taken successful strides to address the challenge of removable media is financial services, in particular banks. Measures such as encrypting removable media, disabling CD/DVD drives in desktops and laptops, and restricting network access for smart phones have gone a long way in helping to prevent data theft. Types of information at risk Across all segments details about company strategy and planning were seen to be at high risk of theft. Additionally, in consumer markets, but not among retailers, information about business processes was also perceived to be at risk. The high risk respondents have placed on these types of data may be due to two reasons: such information presents very high value to competitors or partners, and it is often subjected to less stringent control and monitoring than information stored in more structured forms, such as records in a company s ERP system. Consumer markets manufacturers and beverages companies were more concerned about customer-side activity, whereas retailers were more concerned about supplier-side activity. This is consistent with the increased focus of the antitrust authorities across a number of CEE jurisdictions into restrictive trade practices and numerous probes into abuse of dominant market positions. Most respondents did not consider that details about suppliers, customers, or employees are at high risk of theft. This reflects the fact that such sources are typically more tightly controlled than others listed due to data privacy considerations. Figure 4. Types of information at highest risk of data theft Consumer Goods Retailers company strategy and planning supplier-side activity (contracts, total spend, product pricing, discounts etc) 2012 KPMG Central and Eastern Europe Ltd., a limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. business processes customer-side activity (total customers, total spend, product pricing, discounts etc) employees customers designs Note: Percentage of respondents indicating listed types of information as '4' or '5' on a 5 point likelihood scale (1 = Very Unlikely 5 = Very Likely). Split between 'retailers' and 'consumer goods' respondents. 'Consumer goods' covers respondents in the consumer products, food and beverages segments. suppliers
5 Managing the risk While most respondents indicated that they were assessing the risk of data theft it appears that there is room for improvement. Most respondents (59%) assessed the risk informally and 50% did so only occasionally. Very few (11%) reported using external advisors in their assessment efforts, although more reported that they made comprehensive use of independent advisors to perform penetration testing (36%) and to undertake regular audits of security and data protection measures (43%). Figure 5. Assessment of data theft risks Regular audits of the company's security and data protection measures by independent parties Measures to ensure that managers and staff leaving the company do not leak out sensitive information IT measures to secure data interchange with partners Policies regarding data management and security that extend to third parties / business partners Informally Formally Not at all Occasionally Regularly Continuously Not at all Within the company Using external advisors Not at all Note: Respondents could choose all criteria which applied. Some respondents did not answer. The findings seem to reflect the overall underestimation of the issue of data theft. On one hand it is considered to be a high risk, yet it receives little formal attention. There are significant benefits to formal over informal assessment and of regular or continuous assessment over occasional assessment. Formal, regular assessment tends to ensure that risks are reviewed on a systematic basis and that emerging risks are identified quickly. In most organisations the risk of data theft will be one among many responsibilities for the IT department; leveraging external data protection specialists in the assessment process will enable them to draw on a much broader range of experience. Besides the risks presented by removable media, there were various other areas in which respondents indicated that their data protection measures could be stronger. Whilst bolstering some areas may require substantial investment, there are some low hanging fruit: consider the costs of raising awareness among staff, or improving the content data management policies relevant to staff or to third parties. Figure 6. Comprehensiveness of data protection measures IT measures to secure data carried by employees outside company premises Regular notifications to all staff aimed at raising awareness and communicating staff responsibilities about data protection Physical security measures to protect sources of high value data carried by employees outside company premises Regular penetration testing and ethical hacking procedures by independent parties % Respondents 2012 KPMG Central and Eastern Europe Ltd., a limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved Company policies and procedures addressed to employees regarding data management and security IT measures to limit the possibilities for high value data to be removed from inside the network Physical security measures to limit access to premises where high value data is held or can be accessed IT measures to ensure that high value data is secured from external attacks IT measures to restrict access to high value data to relevant users inside the network Note: Graph shows percentage of respondents indicating listed data protection measures as 4 or 5 on a 6 point scale assessing the extent to which the respondent has implemented them (0 = Not Used 5 = Comprehensive Measures) Figure 7. Features of data management policies Indication of employee obligations regarding data security Indication of employee obligations regarding company confidential material Requirement for employee to indicate their agreement with policies Indication that use of company IT equipment and networks is subject to monitoring Indication that personal use of company IT equipment and networks is not permitted The bottom line % of respondents indicated that they were not satisfied with the measures they currently had in place to deal with data theft, amid the increasing risks. How does your organisation compare? KPMG Forensic assists clients in dealing with fraud and misconduct, including investigation into allegations of data theft, digital evidence recovery for legal, criminal and administrative proceedings, proactive data analysis, and reviews of fraud detection systems. KPMG IT Advisory assists clients with detailed reviews of all data management and information security areas, advises on recommendations and provides assistance with the implementation of countermeasures to address identified risks and gaps in these areas
6 For further information about the services offered by KPMG Forensic please contact us: Jimmy Helm Head of Forensic T: jhelm@kpmg.com Michael Peer Partner, Forensic T: mpeer@kpmg.com kpmg.com/cee The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavour to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation. The KPMG name, logo and cutting through complexity are registered trademarks or trademarks of KPMG International KPMG Central and Eastern Europe Ltd., a limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved.
Mitigating and managing cyber risk: ten issues to consider
Mitigating and managing cyber risk: ten issues to consider The board of directors is responsible for managing and mitigating risk exposure. A recent study conducted by the Ponemon Institute 1 revealed
More informationThe Recover Report. It s business. But it s personal.
The Recover Report It s business. But it s personal. Executive summary The Recover Report The perpetrators This report examines a sample of 150 data theft cases handled by Mishcon de Reya. Our research
More informationForensic Services. kpmg.hu
Forensic Services kpmg.hu We help you curb your losses. Our forensic team provides services designed to assist you in matters of a commercial or financial nature that may result in a legal or regulatory
More informationNine recommendations for alternative funds battling cyber crime. kpmg.ca/cybersecurity
Nine recommendations for alternative funds battling cyber crime kpmg.ca/cybersecurity Cyber criminals steal user names and passwords and use it to conduct financial trading activity illicitly. Hackers
More informationUnisys Security Insights: Germany A Consumer Viewpoint - 2015
Unisys Security Insights: Germany A Consumer Viewpoint - 2015 How consumers in Germany feel about: Personal data security, ranked by industry Experiences concerning security of personal data Research by
More informationData Access Request Service
Data Access Request Service Guidance Notes on Security Version: 4.0 Date: 01/04/2015 1 Copyright 2014, Health and Social Care Information Centre. Introduction This security guidance is for organisations
More informationA NEW APPROACH TO CYBER SECURITY
A NEW APPROACH TO CYBER SECURITY We believe cyber security should be about what you can do not what you can t. DRIVEN BY BUSINESS ASPIRATIONS We work with you to move your business forward. Positively
More informationAnalyzing Security for Retailers An analysis of what retailers can do to improve their network security
Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Clone Systems Business Security Intelligence Properly Secure Every Business Network Executive Summary
More informationUnit 3 Cyber security
2016 Suite Cambridge TECHNICALS LEVEL 3 IT Unit 3 Cyber security Y/507/5001 Guided learning hours: 60 Version 1 September 2015 ocr.org.uk/it LEVEL 3 UNIT 3: Cyber security Y/507/5001 Guided learning hours:
More informationManaging IT Security with Penetration Testing
Managing IT Security with Penetration Testing Introduction Adequately protecting an organization s information assets is a business imperative one that requires a comprehensive, structured approach to
More informationData Breaches and Customer Loyalty Report
Data Breaches and Customer Loyalty Report Broken Trust: Tis the Season to Be Wary Breakdown of trust between consumers and companies Trust is essential in building relationships, and for organizations
More informationA practical guide to IT security
Data protection A practical guide to IT security Ideal for the small business The Data Protection Act states that appropriate technical and organisational measures shall be taken against unauthorised or
More informationNine Steps to Smart Security for Small Businesses
Nine Steps to Smart Security for Small Businesses by David Lacey Co-Founder, Jericho Forum Courtesy of TABLE OF CONTENTS INTRODUCTION... 1 WHY SHOULD I BOTHER?... 1 AREN T FIREWALLS AND ANTI-VIRUS ENOUGH?...
More informationData Loss Prevention in the Enterprise
Data Loss Prevention in the Enterprise ISYM 525 Information Security Final Paper Written by Keneth R. Rhodes 12-01-09 In today s world data loss happens multiple times a day. Statistics show that there
More informationWHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR
KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST Protecting Identities. Enhancing Reputations. IDT911 1 DATA BREACHES AND SUBSEQUENT IDENTITY THEFT AND FRAUD THREATEN YOUR ORGANIZATION
More informationUnisys Security Insights: U.S. A Consumer Viewpoint - 2015
Unisys Security Insights: U.S. A Consumer Viewpoint - 2015 How US consumers feel about Personal data security, ranked by industry Biometrics as a security measure Research by Table of Contents Executive
More informationCyber Security for audit committees
AUDIT COMMITTEE INSTITUTE Cyber Security for audit committees An introduction kpmg.com/globalaci 2 Audit Committee Institute An introduction to cyber security for audit committees Audit committees have
More informationThe Impact of Cybercrime on Business
The Impact of Cybercrime on Business Studies of IT practitioners in the United States, United Kingdom, Germany, Hong Kong and Brazil Sponsored by Check Point Software Technologies Independently conducted
More informationCYBER RISK SECURITY, NETWORK & PRIVACY
CYBER RISK SECURITY, NETWORK & PRIVACY CYBER SECURITY, NETWORK & PRIVACY In the ever-evolving technological landscape in which we live, our lives are dominated by technology. The development and widespread
More informationPursuing Compliance with the FFIEC Guidance Risk Assessment 101 KPMG RISK ADVISORY SERVICES
Pursuing Compliance with the FFIEC Guidance Risk Assessment 101 KPMG RISK ADVISORY SERVICES Contents PART I An Increasing Threat: Identity Theft The FFIEC Response Risk Assessment Fundamentals The FFIEC
More informationHealth & Life sciences breach security program. David Houlding MSc CISSP CIPP Healthcare Privacy & Security Lead Intel Health and Life Sciences
Health & Life sciences breach security program David Houlding MSc CISSP CIPP Healthcare Privacy & Security Lead Intel Health and Life Sciences Overview 1. Healthcare Security Research / Directions 2. Healthcare
More informationBellevue University Cybersecurity Programs & Courses
Undergraduate Course List Core Courses: CYBR 250 Introduction to Cyber Threats, Technologies and Security CIS 311 Network Security CIS 312 Securing Access Control CIS 411 Assessments and Audits CYBR 320
More informationPolicy. London School of Economics & Political Science. Remote Access Policy. IT Services. Jethro Perkins. Information Security Manager.
London School of Economics & Political Science IT Services Policy Remote Access Policy Jethro Perkins Information Security Manager Summary This document outlines the controls from ISO27002 that relate
More informationCyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft
Cyber Security and Privacy Services Working in partnership with you to protect your organisation from cyber security threats and data theft 2 Cyber Security and Privacy Services What drives your security
More informationCyber Security, a theme for the boardroom www.kpmg.com/nl/cybersecurity
IT ADVISORY Cyber Security, a theme for the boardroom www.kpmg.com/nl/cybersecurity TABLE OF CONTENTS 1 Cyber security, a theme for the boardroom 3 2 What is cyber security? 4 3 Relevance to the boardroom
More informationOCR LEVEL 3 CAMBRIDGE TECHNICAL
Cambridge TECHNICALS OCR LEVEL 3 CAMBRIDGE TECHNICAL CERTIFICATE/DIPLOMA IN IT NETWORKED SYSTEMS SECURITY J/601/7332 LEVEL 3 UNIT 28 GUIDED LEARNING HOURS: 60 UNIT CREDIT VALUE: 10 NETWORKED SYSTEMS SECURITY
More informationCPNI VIEWPOINT CONFIGURING AND MANAGING REMOTE ACCESS FOR INDUSTRIAL CONTROL SYSTEMS
CPNI VIEWPOINT CONFIGURING AND MANAGING REMOTE ACCESS FOR INDUSTRIAL CONTROL SYSTEMS MARCH 2011 Acknowledgements This Viewpoint is based upon the Recommended Practice: Configuring and Managing Remote Access
More informationHow To Implement Data Loss Prevention
Data Loss Prevention Implementation Initiatives THE HITACHI WAY White Paper By HitachiSoft America Security Solutions Group September, 2009 HITACHI SOFTWARE ENGINEERING AMERICA, LTD. Executive Summary
More informationHow To Improve Security In An Organization
Protecting the organization against the unknown A new generation of threats February 2014 Contents Scope of the research 3 Research methodology 3 Aims of the research 3 Summary of key findings 4 IT security
More informationComputer Security Incident Response Planning. Preparing for the Inevitable
Computer Security Incident Response Planning Preparing for the Inevitable Introduction Computers and computer networks have been part of the corporate landscape for decades. But it s only in the last five
More informationIT OUTSOURCING SECURITY
IT OUTSOURCING SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without
More informationWho s next after TalkTalk?
Who s next after TalkTalk? Frequently Asked Questions on Cyber Risk Fraud threat to millions of TalkTalk customers TalkTalk cyber-attack: website hit by significant breach These are just two of the many
More informationGlobal Corporate IT Security Risks: 2013
Global Corporate IT Security Risks: 2013 May 2013 For Kaspersky Lab, the world s largest private developer of advanced security solutions for home users and corporate IT infrastructures, meeting the needs
More informationGlobal IT Security Risks: 2012
Global IT Security Risks: 2012 Kaspersky Lab is a leading developer of secure content and threat management solutions and was recently named a Leader in the Gartner Magic Quadrant for Endpoint Protection
More informationWireless (In)Security Trends in the Enterprise
A Whitepaper by AirTight Networks, Inc. 339 N. Bernardo Avenue, Suite 200, Mountain View, CA 94043 www.airtightnetworks.com 2012 AirTight Networks, Inc. All rights reserved. WiFi is proliferating fast.
More informationSymantec Protection Suite Enterprise Edition for Servers Complete and high performance protection where you need it
Complete and high performance protection where you need it Overview delivers high-performance protection against physical and virtual server downtime with policy based prevention, using multiple protection
More informationDATA BREACH COVERAGE
THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ THIS CAREFULLY. DATA BREACH COVERAGE SCHEDULE OF COVERAGE LIMITS Coverage Limits of Insurance Data Breach Coverage $50,000 Legal Expense Coverage $5,000
More informationDemystifying Cyber Insurance. Jamie Monck-Mason & Andrew Hill. Introduction. What is cyber? Nomenclature
Demystifying Cyber Insurance Jamie Monck-Mason & Andrew Hill Introduction What is cyber? Nomenclature 1 What specific risks does cyber insurance cover? First party risks - losses arising from a data breach
More informationAWARENESS T E C H N O L O G I E S. Complete internal threat solution on the endpoint delivered as a service. A Whitepaper By Ron Penna
Complete internal threat solution on the endpoint delivered as a service About, Inc, Inc (ATI) is a Los Angeles, California company founded in 2002 who has over 200,000 total users and 10,000 corporate
More informationTHE FFIEC CHALLENGE A Call for Reliable Authentication
THE FFIEC CHALLENGE A Call for Reliable Authentication March 14, 2006 ISACA LOS ANGELES RISK ADVISORY SERVICES INFORMATION RISK MANAGEMENT Agenda The FFIEC Challenge Current/Future Authentication Scenarios
More informationWhite Paper on Financial Industry Regulatory Climate
White Paper on Financial Industry Regulatory Climate According to a 2014 report on threats to the financial services sector, 45% of financial services organizations polled had suffered economic crime during
More informationInstitute of Internal Auditors Cyber Security. Birmingham Event 15 th May 2014 Jason Alexander
Institute of Internal Auditors Cyber Security Birmingham Event 15 th May 2014 Jason Alexander Introduction Boards growing concern with Cyber Risk Cyber risk is not new, but incidents have increased in
More informationThe potential legal consequences of a personal data breach
The potential legal consequences of a personal data breach Tue Goldschmieding, Partner 16 April 2015 The potential legal consequences of a personal data breach 15 April 2015 Contents 1. Definitions 2.
More informationHow To Audit Health And Care Professions Council Security Arrangements
Audit Committee 28 Internal audit report ICT Security Executive summary and recommendations Introduction Mazars has undertaken a review of ICT Security controls, in accordance with the internal audit plan
More informationThis factsheet is for: Senior management of small firms that handle, store or dispose of customers personal data in the course of their business.
FSA factsheet for All firms This factsheet is for: Senior management of small firms that handle, store or dispose of customers personal data in the course of their business. It explains: What you should
More informationFinding a Cure for Medical Identity Theft
Finding a Cure for Medical Identity Theft A look at the rise of medical identity theft and what small healthcare organizations are doing to address threats October 2014 www.csid.com TABLE OF CONTENTS SUMMARY
More informationGuidelines. London School of Economics & Political Science. Remote Access and Mobile Working Guidelines. Information Management and Technology
London School of Economics & Political Science Information Management and Technology Guidelines Remote Access and Mobile Working Guidelines Jethro Perkins Information Security Manager Summary This document
More informationProtection of Computer Data and Software
April 2011 Country of Origin: United Kingdom Protection of Computer Data and Software Introduction... 1 Responsibilities...2 User Control... 2 Storage of Data and Software... 3 Printed Data... 4 Personal
More informationsafe and sound processing online card payments securely
safe and sound processing online card payments securely Executive summary The following information and guidance is intended to provide key payment security advice to new or existing merchants who trade
More informationPerformanta Pty Ltd. Company Profile. May 2012. Trust. Practical. Performanta.
May 2012 Trust. Practical. Performanta. Company Overview Performanta Pty Ltd is an information security organisation that has a practical approach, competitively priced services, strong client commitment,
More informationIT Security. Securing Your Business Investments
Securing Your Business Investments IT Security NCS GROUP OFFICES Australia Bahrain China Hong Kong SAR India Korea Malaysia Philippines Singapore Sri Lanka Securing Your Business Investments! Information
More information2014 NETWORK SECURITY & CYBER RISK MANAGEMENT: A SURVEY OF ENTERPRISE-WIDE CYBER RISK MANAGEMENT PRACTICES IN THE ASIA-PACIFIC REGION
2014 NETWORK SECURITY & CYBER RISK MANAGEMENT: A SURVEY OF ENTERPRISE-WIDE CYBER RISK MANAGEMENT PRACTICES IN THE ASIA-PACIFIC REGION April 2014 Sponsored by: 2014 Network Security & Cyber Risk Management:
More informationINVESTIGATIONS REPORT
2014 DATA BREACH INVESTIGATIONS REPORT Executive Summary INSIDER MISUSE DOS ATTACKS MISCELLANEOUS ERRORS PHYSICAL THEFT AND LOSS CYBER-ESPIONAGE CRIMEWARE PAYMENT CARD SKIMMERS WEB APP ATTACKS 92 % THE
More informationTOOLBOX. ABA Financial Privacy
ABA Financial Privacy TOOLBOX This tool will help ensure that privacy remains a core value in all corners of your institution. The success of your privacy program depends upon your board s and your management
More informationAB 1149 Compliance: Data Security Best Practices
AB 1149 Compliance: Data Security Best Practices 1 Table of Contents Executive Summary & Overview 3 Data Security Best Practices 4 About Aurora 10 2 Executive Summary & Overview: AB 1149 is a new California
More informationMUNICIPAL WIRELESS NETWORK
MUNICIPAL WIRELESS NETWORK May 2009 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without
More informationData Breach and Senior Living Communities May 29, 2015
Data Breach and Senior Living Communities May 29, 2015 Todays Objectives: 1. Discuss Current Data Breach Trends & Issues 2. Understanding Why The Senior Living Industry May Be A Target 3. Data Breach Costs
More informationExternal Supplier Control Requirements
External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must
More information7 VITAL FACTS ABOUT HEALTHCARE BREACHES. www.eset.com
7 VITAL FACTS ABOUT HEALTHCARE BREACHES www.eset.com 7 vital facts about healthcare breaches Essential information for protecting your business and your patients Large breaches of Personal Health Information
More informationHow To Deal With A Converged Threat From A Cloud And Mobile Device To A Business Or A Customer'S Computer Or Network To A Cloud Device
Ten Tips for Managing Risks on Convergent Networks The Risk Management Group April 2012 Sponsored by: Lavastorm Analytics is a global business performance analytics company that enables companies to analyze,
More informationNHS Information Governance - A Guide to Social Networking
NHS Information Governance: Information Risk Management Guidance: Social Interaction Good Practice Department of Health Informatics Directorate February 2012 1 Amendment History Version Date Amendment
More informationDATA SECURITY BREACH: THE NEW THIRD CERTAINTY OF LIFE
DATA SECURITY BREACH: THE NEW THIRD CERTAINTY OF LIFE ACC-Charlotte February 4, 2015 THIS WILL NEVER HAPPEN TO ME! Death, Taxes & Data Breach Not just Home Depot, Target or Sony Do you employ the next
More informationCSI/FBI 2000 COMPUTER CRIME AND SECURITY SURVEY
CSI/FBI 00 COMPUTER CRIME AND SECURITY SURVEY Statement of intent This survey was conducted by the Computer Security Institute (CSI) in association with the San Francisco Computer Crime Squad of the Federal
More informationCP3043 Social, Legal and Professional Aspects of Computing. Mr Graham Brown. Assessment 2
CP3043 Social, Legal and Professional Aspects of Computing Mr Graham Brown Assessment 2 Colin Hopson 0482647 Wednesday 16 th April 2008 i Contents 1 Introduction... 1 1.1 The Bridgeway Building Society...
More informationTop tips for improved network security
Top tips for improved network security Network security is beleaguered by malware, spam and security breaches. Some criminal, some malicious, some just annoying but all impeding the smooth running of a
More informationBDO NORDIC. Investigation, fraud prevention and computer forensics. You can guess. You can assume. Or you can know. And knowing is always better.
BDO NORDIC Investigation, fraud prevention and computer forensics You can guess. You can assume. Or you can know. And knowing is always better. CONTENT OUR SERVICES 3 Investigation - Identifying the facts
More informationPCI Compliance for Healthcare
PCI Compliance for Healthcare Best practices for securing payment card data In just five years, criminal attacks on healthcare organizations are up by a stunning 125%. 1 Why are these data breaches happening?
More informationUniversity of Brighton School and Departmental Information Security Policy
University of Brighton School and Departmental Information Security Policy This Policy establishes and states the minimum standards expected. These policies define The University of Brighton business objectives
More informationCYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES
POINT OF VIEW CYBERSECURITY IN FINANCIAL SERVICES Financial services institutions are globally challenged to keep pace with changing and covert cybersecurity threats while relying on traditional response
More informationHow To Cover A Data Breach In The European Market
SECURITY, CYBER AND NETWORK INSURANCE SECURING YOUR FUTURE Businesses today rely heavily on computer networks. Using computers, and logging on to public and private networks has become second nature to
More informationThe Impact of HIPAA and HITECH
The Health Insurance Portability & Accountability Act (HIPAA), enacted 8/21/96, was created to protect the use, storage and transmission of patients healthcare information. This protects all forms of patients
More informationCyber threat intelligence and the lessons from law enforcement. kpmg.com.au
Cyber threat intelligence and the lessons from law enforcement kpmg.com.au Introduction Cyber security breaches are rarely out of the media s eye. As adversary sophistication increases, many organisations
More informationDigital Forensics Services
Digital Forensics Services A KPMG SERVICE FOR G-CLOUD VII October 2015 kpmg.co.uk Digital Forensics Services KPMG PROVIDES RELIABLE END TO END COMPUTER FORENSIC AND EXPERT WITNESS SERVICES We bring together
More informationLondon Business Interruption Association Technology new risks and opportunities for the Insurance industry
London Business Interruption Association Technology new risks and opportunities for the Insurance industry Kiran Nagaraj Senior Manager, KPMG LLP February 2014 Agenda Introduction The world we live in
More information2012 Bit9 Cyber Security Research Report
2012 Bit9 Cyber Security Research Report Table of Contents Executive Summary Survey Participants Conclusion Appendix 3 4 10 11 Executive Summary According to the results of a recent survey conducted by
More informationCompromises in Healthcare Privacy due to Data Breaches
Compromises in Healthcare Privacy due to Data Breaches S. Srinivasan, PhD Distinguished Professor of Information Systems Jesse H. Jones School of Business Texas Southern University, Houston, Texas, USA
More informationon Data and Identity Theft*
on Data and Identity Theft* What you need to know about emerging topics essential to your business. Brought to you by PricewaterhouseCoopers. October 2008 A collaborative business world s Achilles heel
More informationData loss prevention and endpoint security. Survey findings
Data loss prevention and endpoint security Survey findings Table of Contents Overview 3 Executive summary 4 Half of companies have lost confidential information through removable media 5 Intellectual property
More informationINSTANT MESSAGING SECURITY
INSTANT MESSAGING SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part
More informationensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster
Security Standards Symantec shall maintain administrative, technical, and physical safeguards for the Symantec Network designed to (i) protect the security and integrity of the Symantec Network, and (ii)
More informationE Commerce and Internet Security
E Commerce and Internet Security Zachary Rosen, CFE, CIA President, ACFE Czech Republic Chapter Introduction The Internet has become a global phenomenon reshaping the way we communicate and conduct business.
More informationGUIDANCE SOFTWARE WHITEPAPER. Tackling the Causes of Data Leakage and Data Loss
GUIDANCE SOFTWARE WHITEPAPER TACKLING THE CAUSES OF DATA LEAKAGE AND DATA LOSS Tackling the Causes of Data Leakage and Data Loss I. Introduction Sometimes people have no choice but to provide personal
More informationCyber and Data Security. Proposal form
Cyber and Data Security Proposal form This proposal form must be completed and signed by a principal, director or a partner of the proposed insured. Cover and Quotation requirements Please indicate which
More informationHow To Secure An Extended Enterprise
Data Security Initiatives The Layered Approach Melissa Perisce Regional Director, Global Services, South Asia April 25, 2010 2009 Verizon. All Rights Reserved. PTEXXXXX XX/09 Intel Case Study Asia North
More informationCYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility
CYBER SECURITY AND RISK MANAGEMENT An Executive level responsibility Cyberspace poses risks as well as opportunities Cyber security risks are a constantly evolving threat to an organisation s ability to
More informationIM&T POLICY & PROCEDURE (IM&TPP 01) Anti-Virus Policy. Notification of Policy Release: Distribution by Communication Managers
IM&T POLICY & PROCEDURE (IM&TPP 01) Anti-Virus Policy DOCUMENT INFORMATION Author: Vince Weldon Associate Director of IM&T Approval: Executive This document replaces: IM&T Policy No. 1 Anti Virus Version
More information2015 Travelers Business Risk Index. Findings from a survey of U.S. business risk decision makers May 2015
2015 Travelers Business Risk Index Findings from a survey of U.S. business risk decision makers May 2015 Contents executive summary 2 Rising medical and benefit costs 3 Cyber risks 3 Legal liability 4
More informationWhitepaper on AuthShield Two Factor Authentication with ERP Applications
Whitepaper on AuthShield Two Factor Authentication with ERP Applications By INNEFU Labs Pvt. Ltd Table of Contents 1. Overview... 3 2. Threats to account passwords... 4 2.1 Social Engineering or Password
More informationCyber Security and Information Assurance Controls Prevention and Reaction NOVEMBER 2013
Cyber Security and Information Assurance Controls Prevention and Reaction 1 About Enterprise Risk Management Capabilities Cyber Security Risk Management Information Assurance Strategic Governance Regulatory
More informationIBM Global Small and Medium Business. Keep Your IT Infrastructure and Assets Secure
IBM Global Small and Medium Business Keep Your IT Infrastructure and Assets Secure Contents 2 Executive overview 4 Monitor IT infrastructure to prevent malicious threats 5 Protect IT assets and information
More informationClose the security gap with a unified approach. Detect, block and remediate risks faster with end-to-end visibility of the security cycle
Close the security gap with a unified approach Detect, block and remediate risks faster with end-to-end visibility of the security cycle Events are not correlated. Tools are not integrated. Teams are not
More informationSERVER, DESKTOP AND PORTABLE SECURITY. September 2014. Version 3.0
SERVER, DESKTOP AND PORTABLE SECURITY September 2014 Version 3.0 Western Health and Social Care Trust Page 1 of 6 Server, Desktop and Portable Policy Title SERVER, DESKTOP AND PORTABLE SECURITY POLICY
More informationIs Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution
Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: March 2013 Ponemon Institute Research Report
More informationCybercrime: risks, penalties and prevention
Cybercrime: risks, penalties and prevention Cyber attacks have been appearing in the news with increased frequency and recent victims of cybercrime have included well-known companies such as Sony, LinkedIn,
More informationERM Symposium April 2009. Moderator Nancy Bennett
ERM Symposium April 2009 RI4-Implementing a Comprehensive Privacy Program John Kelly Joseph Nocera Moderator Nancy Bennett Data & Identity Theft: Keeping sensitive data out of the wrong hands Presented
More informationPreparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS
Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS CONTENTS PAGE RECONNAISSANCE STAGE 4 INCURSION STAGE 5 DISCOVERY STAGE 6 CAPTURE STAGE 7 EXFILTRATION STAGE
More informationUniversity of Kent Information Services Information Technology Security Policy
University of Kent Information Services Information Technology Security Policy IS/07-08/104 (A) 1. General The University IT Security Policy (the Policy) shall be approved by the Information Systems Committee
More informationAUTOMATED PENETRATION TESTING PRODUCTS
AUTOMATED PENETRATION TESTING PRODUCTS Justification and Return on Investment (ROI) EXECUTIVE SUMMARY This paper will help you justify the need for an automated penetration testing product and demonstrate
More informationResearch Imperatives
Research Imperatives Areas of Research Needed in Information Security Julie J.C.H. Ryan, D.Sc. Assistant Professor The George Washington University What We Know Technology Fabulous research going on in
More informationI D C A N A L Y S T C O N N E C T I O N
I D C A N A L Y S T C O N N E C T I O N Simon Piff Associate Vice President, Enterprise Infrastructure IDC Asia/Pacific C o n t e n t S e curity: I m p o r t a n c e o f Protecting I n f o r m a t i o
More information