Cyveillance Unveils Top 5 Security Risks for 2006; CSOs Must Make These New Year's Resolutions to Protect Against New Onslaught Of Threats.ARLINGTON, Va. -- Cyveillance, the leading provider of online risk monitoring and management solutions, today announced the top 5 online risks for the New Year. As threats become more sophisticated and organized, businesses of all sizes must put controls into place to secure operations and infrastructures. Cyveillance has sponsored an IDC report to educate the market on these growing threats and provide best practices for Chief Security Officers (CSOs) to use in the coming year. The report can be downloaded at: www.cyveillance.com/idc "The external threat environment for online security is advancing, with a growing number of profit-minded perpetrators and increasingly sophisticated attacks," said Allan Carey, senior analyst at IDC and author of the recent report on mitigating online security risks. "Organizations need to increase their awareness of online risks that extend beyond information security, and are evolving to combine cyber (1) From "cybernetics," it is a prefix attached to everyday words to add a computer, electronic or online connotation. The term is similar to "virtual," but the latter is used more frequently. See virtual. and physical security, along with direct threats to business operations Business operations are those activities involved in the running of a business for the purpose of producing value for the stakeholders. Compare business processes. The outcome of business operations is the harvesting of value from assets , revenue, and critical infrastructure." Fraud, unlicensed product sales, physical-cyber threats and information leaks are among the most serious information threats facing organizations today and the problem is escalating. Stakeholders Stakeholders All parties that have an interest, financial or otherwise, in a firm-stockholders, creditors, bondholders, employees, customers, management, the community, and the government. including security managers, risk and compliance executives, marketing and brand managers, as well as legal counsel are examining enterprise-wide efforts to mitigate risks by deploying specialized tools and relying on third party expertise. Top 5 Online Threats for 2006 --Fraud and Identity Theft: Phishing Pronounced "fishing," it is a scam to steal valuable information such as credit card and social security numbers, user IDs and passwords. Also known as "brand spoofing," an official-looking e-mail is sent to potential victims pretending to be from their ISP, bank or retail establishment. schemes have increased during the past years and now even encompass "spear phishing See phishing. " which targets specific groups of people. Until email authentication See e-mail authentication. standards and new anti-phishing solutions are widely adopted phishing will continue to be a popular identity theft tactic. Financial Insights, an IDC company, estimates that global financial institutions may have lost up to $400+ million in fraud losses in 2004 due to phishing schemes. Research Report # FIN1492, "Fraudsters Go Phishing in a Million-Dollar Hole of Opportunity", July 2004. --Information Leaks: In addition to outside threats, the insider threat of trusted employees deliberately or inadvertently distributing sensitive information is quickly becoming a major concern in many organizations. Organizations often lack governance policies specific to methods of communication such as blogs, chat rooms, technical boards. --Unlicensed Product Sales: In addition to identify theft, organizations must be alert to broader online threats such as intellectual property (IP) loss and the online sale of counterfeit or gray-market goods. More sophisticated attackers, often from organized crime, will increasingly use the Internet's speed and anonymity to exploit unauthorized product distribution. --Convergence of Physical and Cyber Security: Threats are moving beyond pure information security and are converging with physical security. Extremist groups and activists are connecting online and discussing methods to attack the critical infrastructure at organizations including energy and utility plants, transportation systems, and corporate buildings. "IDC believes that CSOs, as well as other executives whose job it is to evaluate risk, must account for the broadening scope of emerging threats that are evolving from pure network or information security threats to a combination of physical and cybersecurity threats. Currently, many organizations are simply unprepared to handle such multilayered mul·ti·lay·ered adj. Consisting of or involving several individual layers or levels. threats." IDC Executive Brief 440: Who's Got Your Virtual Back? Mitigating Online Security Risks, January 2006 --Corporate Espionage: Information intentionally or deliberately leaked onto the Internet can make the difference between profit gained and profit lost. Competitors that obtain access to confidential files can leverage the information to their advantage resulting in a diversion of sales and revenue. Resolutions to Combat Top 5 Risks and How to Keep Them: --Create Corporate Policy: to address new and old mediums for communications - email, blogging, chat rooms, instant messaging Exchanging text messages in real time between two or more people logged into a particular instant messaging (IM) service. Instant messaging is more interactive than e-mail because messages are sent immediately, whereas e-mail messages can be queued up in a mail server for seconds or , technical boards, et al. - and aggressively enforce those policies. --Enforce Policies: ensure that policies are defined and enforced regarding how employees are able to identify themselves online, and what types of information may be openly shared. --Educate Customers: about what types of requests and product offers the company will make via electronic mediums. Also, take a systematic approach to monitoring the Web, as well as promotional offers made in junk email and global domain registrations, to proactively identify brand-related issues. --Monitor the Internet vigilantly: for early signs that your corporate identity is being used without authorization. In addition, organizations should monitor activity leading up to a particular organizational event, searching for activities by hostile groups or individuals that might be targeting your event. Set up countermeasures That form of military science that, by the employment of devices and/or techniques, has as its objective the impairment of the operational effectiveness of enemy activity. See also electronic warfare. such as increased physical security to avoid disruption. --Attain a Closed-loop solution: Companies need a holistic approach holistic approach A term used in alternative health for a philosophical approach to health care, in which the entire Pt is evaluated and treated. See Alternative medicine, Holistic medicine. , with the tools (workflow, case management, document management), expertise to stay atop emerging threats, and third-party solution providers to mitigate risks. "The Internet is the main channel used for malicious attacks against organizations, business operations and infrastructure. We are working across multiple industries for one purpose - to secure their businesses from threats that impact their bottom line," said Panos Anastassiadis, president and CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board. of Cyveillance. "We have developed new technology that provides the most comprehensive, accurate and advance warning of risks providing closed-loop corrective actions A corrective action is a change implemented to address a weakness identified in a management system. Normally corrective actions are instigated in response to a customer complaint, abnormal levels if internal nonconformity, nonconformities identified during an internal audit or to address emerging threats." Cyveillance is launching a new robust technology at the end of January 2006 for customers looking for Looking for In the context of general equities, this describing a buy interest in which a dealer is asked to offer stock, often involving a capital commitment. Antithesis of in touch with. a closed-loop solution that addresses phishing, leaks of confidential information Noun 1. confidential information - an indication of potential opportunity; "he got a tip on the stock market"; "a good lead for a job" steer, tip, wind, hint, lead , online fraud, distribution control, identity theft and more. About Cyveillance Cyveillance provides online risk monitoring and management solutions to Global 2000 organizations. The company comprehensively monitors the Internet using patented technology to deliver early warning of risks to information, infrastructure and individuals. Armed with this actionable intelligence Having the necessary information immediately available in order to deal with the situation at hand. With regard to call centers, it refers to agents having customer history and related product data available on screen before the call is taken. and Cyveillance's immediate corrective response capability, chief security officers can proactively protect their company's reputation, revenues and customer trust. Cyveillance counts over half of the Fortune 50 and three quarters of the top Fortune 500 companies in the financial services The examples and perspective in this article or section may not represent a worldwide view of the subject. Please [ improve this article] or discuss the issue on the talk page. , pharmaceutical, energy, and technology industries as clients. |
|
||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion