Cyveillance Unveils Top 5 Security Risks for 2006; CSOs Must Make These New Year's Resolutions to Protect Against New Onslaught Of Threats

Business Wire, Jan 11, 2006

ARLINGTON, Va. -- Cyveillance, the leading provider of online risk monitoring and management solutions, today announced the top 5 online risks for the New Year. As threats become more sophisticated and organized, businesses of all sizes must put controls into place to secure operations and infrastructures. Cyveillance has sponsored an IDC report to educate the market on these growing threats and provide best practices for Chief Security Officers (CSOs) to use in the coming year. The report can be downloaded at: www.cyveillance.com/idc

"The external threat environment for online security is advancing, with a growing number of profit-minded perpetrators and increasingly sophisticated attacks," said Allan Carey, senior analyst at IDC and author of the recent report on mitigating online security risks. "Organizations need to increase their awareness of online risks that extend beyond information security, and are evolving to combine cyber and physical security, along with direct threats to business operations, revenue, and critical infrastructure."

Fraud, unlicensed product sales, physical-cyber threats and information leaks are among the most serious information threats facing organizations today and the problem is escalating. Stakeholders including security managers, risk and compliance executives, marketing and brand managers, as well as legal counsel are examining enterprise-wide efforts to mitigate risks by deploying specialized tools and relying on third party expertise.

Top 5 Online Threats for 2006

--Fraud and Identity Theft: Phishing schemes have increased during the past years and now even encompass "spear phishing" which targets specific groups of people. Until email authentication standards and new anti-phishing solutions are widely adopted phishing will continue to be a popular identity theft tactic. Financial Insights, an IDC company, estimates that global financial institutions may have lost up to $400 million in fraud losses in 2004 due to phishing schemes. Research Report # FIN1492, "Fraudsters Go Phishing in a Million-Dollar Hole of Opportunity", July 2004.

--Information Leaks: In addition to outside threats, the insider threat of trusted employees deliberately or inadvertently distributing sensitive information is quickly becoming a major concern in many organizations. Organizations often lack governance policies specific to methods of communication such as blogs, chat rooms, technical boards.

--Unlicensed Product Sales: In addition to identify theft, organizations must be alert to broader online threats such as intellectual property (IP) loss and the online sale of counterfeit or gray-market goods. More sophisticated attackers, often from organized crime, will increasingly use the Internet's speed and anonymity to exploit unauthorized product distribution.

--Convergence of Physical and Cyber Security: Threats are moving beyond pure information security and are converging with physical security. Extremist groups and activists are connecting online and discussing methods to attack the critical infrastructure at organizations including energy and utility plants, transportation systems, and corporate buildings. "IDC believes that CSOs, as well as other executives whose job it is to evaluate risk, must account for the broadening scope of emerging threats that are evolving from pure network or information security threats to a combination of physical and cybersecurity threats. Currently, many organizations are simply unprepared to handle such multilayered threats." IDC Executive Brief 440: Who's Got Your Virtual Back? Mitigating Online Security Risks, January 2006

--Corporate Espionage: Information intentionally or deliberately leaked onto the Internet can make the difference between profit gained and profit lost. Competitors that obtain access to confidential files can leverage the information to their advantage resulting in a diversion of sales and revenue.

Resolutions to Combat Top 5 Risks and How to Keep Them:

--Create Corporate Policy: to address new and old mediums for communications - email, blogging, chat rooms, instant messaging, technical boards, et al. - and aggressively enforce those policies.

--Enforce Policies: ensure that policies are defined and enforced regarding how employees are able to identify themselves online, and what types of information may be openly shared.

--Educate Customers: about what types of requests and product offers the company will make via electronic mediums. Also, take a systematic approach to monitoring the Web, as well as promotional offers made in junk email and global domain registrations, to proactively identify brand-related issues.

--Monitor the Internet vigilantly: for early signs that your corporate identity is being used without authorization. In addition, organizations should monitor activity leading up to a particular organizational event, searching for activities by hostile groups or individuals that might be targeting your event. Set up countermeasures such as increased physical security to avoid disruption.