Monthly News International
Cybercrime and Security Surveys
Three cybercrime and security related reports were released in November. PricewaterhouseCoopers LLP (PwC) published its Global Economic Crime Survey, which finds fraud is expanding and cybercrime has risen to rank as one of the top four economic crimes. Ernst & Young's 2011 Global Information Security Survey took a slightly different look at the issues and finds the risk level is increasing as companies move to the cloud, become borderless, and digitize their business models. Lastly, InformationWeek's survey on the cloud's role in business continuity/disaster recovery (BC/DR) strategy finds that one out of three respondents do not have a BC/DR plan and one-third of the firms could not get operations back into production within a day, if at all.
Focal Points:
- A PwC survey of 3,877 respondents from organizations in 78 countries finds 34 percent of the respondents experienced economic crimes in the last 12 months, up 13 percent from 2009. Almost one in 10 who reported fraud suffered losses of more than $5 million. The top four economic crimes reported were asset misappropriation (74 percent), accounting fraud (24 percent), bribery and corruption (24 percent), and cybercrime (23 percent). 40 percent of the respondents stated they do not have the capability to detect and prevent cybercrime while 56 percent said the most serious fraud was an internal job. The PwC report also noted that suspicious transaction monitoring has emerged as the most effective fraud detection method and that 40 percent of respondents had not received any cyber security training. Other findings were 60 percent said their organizations did not keep an eye on social media sites, 25 percent had no formal review of cybercrime threats, and the majority did not have a cyber crisis response plan in place.
- The E&Y global information security survey of nearly 1,700 respondents in 52 countries noted the shift companies are making to become digital, borderless, and extending into the cloud. In fact, 61 percent of the respondents stated that they are using, or planning to use, cloud services within the next 12 months, which is up 16 percent from last year. As a result of these shifts 72 percent see an increased level of risk due to increased external threats while 42 percent perceive increased risk due to growing internal vulnerabilities. The survey shows that only 12 percent of respondents presented information security topics at each board meeting while 49 percent stated their information security function is meeting the needs of the organization. The adoption of smartphones and tablets ranked second highest on the list of technology challenges perceived as most significant.
- The InformationWeek survey on cloud and BC/DR finds 67 percent of 414 business and technology respondents stated their firms have a BC/DR plan in place. The most critical applications under consideration for BC/DR were databases, email, and accounting with CRM and ERP much lower on the list. 17 percent stated their organizations were using cloud based services to augment or outsource BC/DR while another 26 percent were considering it. The top four concerns associated with using cloud services for BC/DR are security, reliability and availability, cost, and privacy.
Experton Group believes while previous cyber-attacks were from internal and non-professional sources, the attacks are becoming more sophisticated and originating with state and other deep-pocketed sources. Meanwhile the move to open enterprises to smartphones and tablets, social media, and other non-controllable access points increases the overall vulnerability of the organization. Since business demands are requiring greater access and openness, IT executives will need to invest more heavily in thwarting the attacks as well as the BC/DR capabilities needed to recover from attacks and other disasters. IT executives should ensure audit, the board of directors, CEO, and IT are all aligned in the fight against cybercrime and have implemented plans to protect the company against attacks.
.