Home
About
       Employment Opportunities
Calendar
Sponsorship
Cyber Security
How to Join
   Search
May 19, 2012 ..:: Cyber Security ::.. Register  Login
 Major Sponsors

  

 THE STATISTICS Minimize
By John Jorgensen, CEO of the Sylint Group
  • Florida is 2nd nationally in Computer Crime.
  • Theft of trade secrets has increased by 100% annually for the last two years.
  • 80% of all Cyber Crime is perpetrated from within the victim company.
  • Only 4% of Cyber Attacks and Incidents are reported to Senior Management.
  • 78% of Trojans and Worms since 2003 are designed to steal personal and company information.
  • Publicly traded companies that have suffered cyber crime loose 5% of their stock value within the first 60 days after the public announcement.
  • 70% of all laptops stolen are stolen for their information value, not their physical value.
  • 68% of wireless networks are unprotected, to include personal, businesses and hotels.
  • Identity Theft only accounts for less than 20% of all Cyber Crime.
  • 80% of companies polled by FBI reported significant financial losses due to security breaches.
  • Only 7% of Cyber Crime was prosecuted in 2004.
  • Cyber Crime accounted for between $42 Billion to $400 Billion in losses for 2005 in the US. Even an approximate figure is unknown because Cyber Crime is not reported due to its ill effects on business operations.
  • Law enforcement cannot protect you from Cyber Crime
What does this mean to you? Cyber Crime is a crime epidemic of unparalleled losses and unequalled criminal success since the history of business. A Cyber Crime in the United States can be perpetrated by someone halfway around the world or an unknown someone within your company or both. Cyber Criminals communicate, congregate and plot over the internet and may never meet face-to-face. Our dependence on technology and its explosive growth has drastically outpaced our ability to control its illicit and malicious misuse.
Who is the target of Cyber Crime? Every company polled during an FBI survey experienced a significant Cyber Security Incident over a three year period of time. One out of three people has had their personal information compromised through identity theft. One third of identity thefts lead to credit card fraud. With financial institutions tightening their security Cyber Criminals are attacking small and medium size companies, law firms and medical practices more frequently. Recent passage of Cyber Crime Laws in Florida have made it a crime, penalized by fines, for a company to be negligent in protecting client and customer information. This opens the door for civil negligence law suits by your affected clients and customers.
What can you do? Read about Cyber Crime and become aware. It’s not going away, its growing! Don’t let your computer Information Technology department fool you. Fire Walls and other technology protection against outside Cyber Attacks are only protecting you against 20% of Cyber Crime. If you own a company, are a senior level manager or sit on the Board of Directors insist on having a Cyber Security Audit either internally or better yet, by an outside firm that has a strong background in Cyber Security. At the very least an Audit will force awareness. The best and most reliable Audits are performed secretly. Why? Because, often the Cyber Security problems originate within your own computer technology department. It costs four to ten times more to deal with a Cyber Security Incident than it would cost for a Cyber Security Audit and implementation of recommended policy and procedure changes.
Published from an article in SRQ Magazine
 
  

 HOW TO SAFEGUARD YOUR COMPANY FROM INSIDE JOBS Minimize

By John Jorgensen, CEO of the Sylint Group

Stealing company secrets, passwords and sensitive data is easier than ever. And when you’re an employee with computer skills, it’s “Crime Without Punishment.”

That’s why 80 percent of cyber attacks on businesses originate on the inside of a company’s computer firewall. When you hire an information technology (IT) professional, you are essentially giving this person every bit of information they could ever need to destroy your company, steal your confidential data, or help someone else do it. You are handing over a skeleton key that opens all your doors, all your drawers, all your mail, and all your important filing cabinets.

Now, this doesn’t mean you have to start running the IT department yourself. Just start by taking the following steps, and you can reduce the chance of your company succumbing to an inside cyber crime:

Know New Hires’ Skills – The pre-defined questions you or your human resources director would ask, say, an office manager, are just plain useless when it comes to hiring the person who will end up with the ability to access your emails, trade secrets and client files. The proliferation of questionable online universities have made most software certifications meaningless, so beware of the person who claims to know an application but can’t solve a simple test problem. The person interviewing prospective hires should have at least some expertise in the software the new employee will be using, the Operating Systems used, and an understanding of the computer network. If you do not have the expertise in house, an outside computer firm can evaluate the candidate to determine whether he or she is “smoking” you or can actually demonstrate abilities.

Double, Triple and Quadruple Background Screening. If your company does not regularly perform comprehensive, national-database background checks, you need to find someone who does before you hire a new Information Technology professional. Large investigation firms often use clerical workers who do very limited searches and routinely end up missing red flags for untrustworthiness. If you need to outsource this function, hire a retired FBI agent or police officer to dig into your candidates’ past. It may cost a little more, but it will significantly lower your company’s and your clients’ risk of catastrophic loss in the long run. Retired FBI agents and police officers who perform comprehensive background checks can be found through any local Private Investigators’ organization.

Limit IT Personnel Access. Chances are, most of the people you hire are not corrupt, malicious people. But sometimes when people find themselves privy to all the company secrets, a phenomenon I call “creeping criminalization” grabs hold of them. They get hordes of privileged information and start seeing profit or personal gain potential. They may even begin rationalizing seemingly small but costly infractions. You can help protect your company from creeping criminalization by actively restricting each employee’s access to certain areas of information. Start by assigning particularly sensitive areas of the network to your most trusted employee only and regularly monitor information flow. Next, implement a strong policy that forces periodic changes in passwords and limits easy-to-break alphanumeric combinations. Also, have employees sign an annual agreement outlining: (1) The employee’s obligation to safeguard company information; (2) the company’s exclusive information ownership and right to examine all correspondence and information on any of its computers; (3) the company’s right to monitor all computer activity; and (4) the company’s methods, policies, and procedures regarding the use of company computer resources. And finally, change all passwords and access codes every time an IT employee leaves the company. That means; financial services, Web sites, routers, wireless access points, computers, servers, company FTP sites, and communications equipment, to name some.

Encourage Staff Members to Report Computer Security Incidents to Senior Management. An FBI study showed that only four percent of all computer security incidents, such as password collecting, information leaks and file copying are reported to managers. Encourage an honest environment by developing an anonymous informant system, in which employees learn exactly what to expect and can earn rewards for reporting questionable incidents. Through our work, we’ve discovered mass defamatory emails from an employee, employees getting grumpy and giving out secrets on the Internet, IT staff running pornographic Web sites at night from company netservers, unknown parties moving large amounts of data in the middle of the night and other indicative signs of a larger crime ahead. If senior management would have gotten involved in these infractions earlier, these companies could have been spared the tens of thousands of dollars it took to repair the overall damage.

Get A Cyber Security Audit. When most companies get an audit to find out what’s wrong with their security system, it’s in reaction to a major security breach. But a reputable and experienced security audit firm can also detect a problem well before it grows into disaster. If you have even an inkling of concern about your IT security, find a cyber security firm to perform a full audit. Look for principals with strong backgrounds in the intelligence industry or governmental intelligence agencies, and most importantly, look for a firm that can conduct an investigation geared toward litigation, rather than just toward protection. If the audit does uncover illegal activity, you will need a meticulously-executed forensic investigation with expert preservation of evidentiary material to protect your company. The sheer number of cyber crimes today makes it impossible for the local police or FBI to respond to most incidents, so a poorly-executed initial investigation greatly reduces the likelihood that you will be able to prosecute your case. This unpunished crime is, unfortunately, the fate of most cyber crimes today.

Incidence rates of outside hacking to gain company information are almost miniscule in comparison to the number of crimes initiated from within large and small businesses. Being proactive about your company’s cyber security is the only way to protect yourself against cyber “crime without punishment.”

Published in the EAF Journal 2005
  

Copyright 2008 by The Sylint Group   Terms of Use  Privacy Statement