BreachExchange mailing list archives
Despite drop in fraud, businesses told to remain vigilant
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Fri, 25 Oct 2013 23:14:10 -0600
http://www.networkworld.com/news/2013/102313-despite-drop-in-fraud-businesses-275157.html?source=nww_rss Lower fraud rates are giving many companies a false sense of security and U.S. organizations are particularly good at ignoring trends that point to the need for vigilance, a global study found. The number of companies reporting at least one incident of fraud fell to 61 percent from 75 percent the previous year, according to the annual Global Fraud Report released Monday by Kroll Advisory Solutions, a security consulting firm. The drop was the second in as many years. Less fraud meant the average cost to businesses fell to 0.9 percent of revenues from 2.1 percent. These two trends made companies feel much safer with the number saying their exposure to fraud had increased falling to 63 percent from 80 percent. Despite the encouraging numbers, Kroll warned that that "letting down one's guard can have dire consequences." "Companies must remain vigilant as the methods and tools employed by fraudsters continue to evolve," Tom Hartley, president and chief executive of Kroll, said in the report. U.S. companies experienced similar trends, the study found. However, half the frauds covered in the survey were more prevalent in the U.S. than the global average and the amount of money lost was also higher at 1.1 percent of revenue. However, that number was less than the prior year's cost of 1.9 percent. U.S. companies were also less like than the rest of the world to have anti-fraud strategies in places and the number of companies planning to spend more in the coming year to combat fraud was also lower. "If businesses in the United States want to address their ongoing fraud issues, they will need to get more active," the report said. Information theft was the most common fraud in the U.S. with 26 percent of companies surveyed reporting at least one incident. That number was largely unchanged from the previous year, yet the proportion of companies describing themselves as highly or moderately vulnerable to information theft fell nearly 20 percentage points to 33 percent. Theft of physical assets, the most common fraud for the rest of the world, was second in the U.S. The complexity of information technology within U.S. companies was cited as the biggest driver of fraud. In addition, American businesses were the most likely in the world to report an attack from an outside hacker. Nevertheless, insiders were by far the most likely to commit fraud. More than two thirds of all the companies surveyed that reported at least one incident of fraud said an insider was the key perpetrator or at least one of the lead culprits. That number was up from 60 percent the prior year. Insiders tended to either act alone or with peers. Those acting alone were usually junior employees, senior managers or agents of the company. The global study, conducted by the Economist Intelligence Unit in July and August 2012, was based on a poll of 839 senior executives from a wide variety of industries, ranging from financial services, retail and telecommunications to healthcare, pharmaceuticals and manufacturing. More than half of the respondents represented companies with more than $500 million in revenue.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: # OWASP http://www.appsecusa.org # Builders, Breakers and Defenders # Time Square, NYC 20-21 Nov o()xxxx[{::::::::::::::::::::::::::::::::::::::::> Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security offers security intelligence, risk management services and customized security solutions. The YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.
Current thread:
- Despite drop in fraud, businesses told to remain vigilant Audrey McNeil (Oct 30)