BreachExchange mailing list archives
Hackers tap suppliers to target business
From: Lee J <lee () riskbasedsecurity com>
Date: Sat, 26 Oct 2013 09:11:38 +1100
http://www.cso.com.au/article/529811/hackers_tap_suppliers_target_business/ Insiders are still the main threat to an organisation’s information, but outside hackers have caught up and are leaning on vendors and suppliers to gain a foothold in their targets. Information theft incidents known to have come from outsider hackers have doubled in the past year to 35 per cent, according to the 2013 Kroll Global Fraud Report. The report, based on a survey of 901 executives at large companies across the globe, also found that 17 per cent of those incidents stemmed from earlier cyber attacks on suppliers and vendors, up from 5 per cent in the 2012 poll. Information theft was the second most common type of fraud at 22 per cent, with physical assets or stock continuing to lead at 24 per cent. While the threat from outside hackers might seem an obvious concern for most organisations, only 68 per cent of respondents said they invested in IT security. Meanwhile, the most commonly cited reason that execs gave for an expected increase in exposure to fraud was the complexity of IT systems. Still, when it comes to information theft, insiders remain the most common threat, with 39 per cent of respondents who identified as victims claiming their company knew the perpetrator. Nearly a third of respondents hit by fraud said whistleblowers were the first to report insider fraud. However, only 52 per cent said their organisation had created whistleblower hotlines. Follow @CSO_Australia and sign up to the CSO Australia newsletter.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: # OWASP http://www.appsecusa.org # Builders, Breakers and Defenders # Time Square, NYC 20-21 Nov o()xxxx[{::::::::::::::::::::::::::::::::::::::::> Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security offers security intelligence, risk management services and customized security solutions. The YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.
Current thread:
- Hackers tap suppliers to target business Lee J (Oct 28)