For the first time, major international corporations are reporting higher fraud losses more from electronic theft of data than from physical stealing of assets, cash and inventory. With 98 percent of businesses affected, China appears to have the highest level of fraud followed by Colombia with 94 percent and Brazil at 90 percent.
A recent study performed in 2010 showed that the amount lost by businesses to fraud rose from $1.4 billion to $1.7 billion over the previous year. The majority of fraud losses have been from “inside jobs” carried out by company employees.
“How much fraud there is depends more on opportunity than anything else,” Tommy Helsby, Kroll chairman for Europe, Middle East and Africa, told Reuters. “Much more work is done electronically, and that creates new opportunities for fraud. It takes time for companies to catch up with that. There’s a real range of dangers,” said Helsby. “‘It can be simple theft or the risk of reputational damage if your firm loses customer data. That itself could be an existential threat to your business.”
Many companies are discouraged from expanding in some crucial emerging markets, China, Africa, and Latin America due to their suspicions over fraud.
“That means you miss out on some of the fastest growing markets,” said Helsby. “You can’t make the risk go away, but you can manage it through having the right systems in place.”
With fraud losses at an all time high, Cyber Liability insurance is a critical part of the risk management plan of any major corportation.
Source: Insurance Journal
I came across an excellent article that explains how easy it is for scammers to decode your Social Security number. I always wondered how they did this.
Carnegie Mellon University researchers only need two pieces of information to guess SSNs in a recent study published in the Proceedings of the National Academy of Sciences. The study implies that knowledge of your hometown and your birth date allows scammers to discover most of, if not all, of the nine digits of your Social Security number.
$50 can buy your SSN from dozens of websites used by private investigators, businesses conducting credit checks, and savvy scammers who know your name, birth date, and current address.
And if the scammer doesn’t have the information, Alessandor Acquisti, the study’s lead researcher, says it is easy to find. Acquistis states, “There are many websites and database where one can access the birth dates of thousands of people easily and cheaply.”
Public databases and voter registration lists include this information. Over the years the first three digits of the SSN have been an “area number”. The fourth and fifth has been a “group number” and the last four digits which are more difficult to guess are issued sequentially depending on how long the Social Security application took to process.
Today’s highest risk group for decoding are those born since 1988 because that is the year the Social Security Administration began to order SSNs for newborns and older children who did not already have a SSN. The SSA plans to start a more arbitrarily process of assigning SSNs next year.
For those who use social networking websites such as Myspace, Facebook, Twitter, etc. or have online accounts, here are four easy ways to help prevent potential problems:
Do not use your birth date or any part of your SSN as a password.
Do not post any personal information such as your birth date, hometown and location of your high school.
If you post obituaries of loved ones, exclude hometowns and other personal information, as deceased are frequent targets.
Stay away from online security questions that ask for your hometown.
Source: Sid Kirchheimer AARPBULLETINtoday
Do you know how much of your organization’s data is getting into cyberspace? Daily vital information about your company and your employees is seeping out and probably into the wrong hands.
There are laws in place in more that 40 states that are requiring companies to notify customers if their data may have been compromised. Not only is damage done to the company’s reputation, but also in some states, if a company neglects to inform an individual of possible identity infringement, then they may face civil liability, regulatory and legal cost.
Founder and executive chairman of the board, Timothy Sullivan of Fidelis Security Systems has developed a risk management method that moves the focus from “intrusion” to “extrusion” prevention. Sullivan states that the way companies handle the personal data of their clients and employees are of utmost importance.
Fidelis Security System’s XPS is the only one that runs at such high speeds to thwart unauthorized transfer of sensitive data on all network channels according to Sullivan. The system provides content security to all e-mails, file transfers, and peer communications. Evidence of extrusions can be obtained to enforce laws that control privacy and financial data integrity, states Sullivan.
“Ninety-eight percent of computer investment today involves trying to prevent people from getting into a system. We believe some of that money would be well spent in trying to keep information from getting out.”
Source: Rough Notes Magazine, April 2009, Greg Davis http://www.roughnotes.com
