More interesting are those areas with the highest per capita rate of perps: the District of Columbia, Nevada, New York, Tennessee, Maine, and Florida.
http://www.usnews.com/usnews/news/badguys/070416/top_10_internet_crimes_of_2006.htm
Author: admini
Internal IT Threats in Europe 2006
Key conclusions
– Europe’s IT professionals overwhelmingly indicate (78%) that data theft represents the primary information security threat – more significant than either viruses or hacker infiltration
– Of all possible results of compromised information security, the threat of leakage of confidential information is keeping more members of the IT department (93%) awake at night than any other
– Europe’s primary data leakage channels are identified as portable storage devices, e-mail, and Internet-based channels such as web-mail and forums
– Only 11% of those surveyed were confident their company’s information security had not been breached over the last year – a figure which closely mirrors the number of companies with anti-leakage solutions in place – with 42% admitting to between 1-5 breaches and 37% unable to say with certainty that that no breach had occurred
– The lack of industry standards is highlighted as the primary obstacle (42%) to wider implementation of anti-leakage technologies
– Perceived solutions include the deployment of comprehensive anti-leakage software, the implementation of appropriate organizational measures – such as clear and consistent internal security policies – controls on external network access, and raising staff awareness and discipline through training.
http://www.viruslist.com/en/analysis?pubid=204791935
SCADA State of Denial
“They put in Windows with no intention of ever patching it, and then they are surprised when they get hit by a worm,” Graham says. Or they avoid patching and vulnerability testing because these processes pose risks of their own for SCADA systems –introducing other bugs to their highly sensitive and uptime-demanding systems, for instance. “They are managed by a Pearl Harbor-type mentality,” Graham says.
Attacks exploiting the latest OPC bugs could be avoided if logins were required in the app because the attacker needs login privileges to do his dirty work.
“Auditing is not as in-depth in my opinion or as transparent for SCADA” as it is for other industries. And some security experts say commercial IDS/IPS, antivirus, and SIM products don’t really fit for SCADA.
Mark Fabro, CEO of Lofty Perch, which makes SIM solutions for the water utility industry as well as other critical infrastructure companies, says commercial IDS/IPS and SIM systems don’t map well to industry control systems, where there are thousands of different protocols, many of them proprietary.
http://www.darkreading.com/document.asp?doc_id=121887
Employers warned on e-mail spying
Lynette Copland, who works at Carmarthenshire College in west Wales, successfully sued her employer for breaching the Human Rights convention. Mrs Copland said there had been a “clash of personalities” with Mr Wrentmore, who left the college shortly after the episode for reasons of ill health and who died in January.
It was argued the monitoring was to determine whether Mrs Copland was using the college’s facilities for “personal purposes.” But the European Court of Human Rights ruled that the surveillance without her knowledge “amounted to an interference with her right to a private life”. At the time of the offences there was no general right to privacy in English law but the implementation of the Human Rights Act in 2000 legally protected privacy rights in domestic law.
Liberty said the ruling, on 3 April, meant employers would have to make employees aware if their communications could be monitored and there would have to be a good reason for such monitoring in every case.
http://news.bbc.co.uk/2/hi/uk_news/wales/6559873.stm
E-mail monitoring may violate European laws
Employee communications are also covered by human rights legislation if the organization has no explicit acceptable-use policy and fails to inform employees of the monitoring of personal e-mail.
Privacy experts at law firm Pinsent Masons, based in London, said that although businesses now have clear guidance for monitoring work communications under the Regulation of Investigatory Powers Act 2000, personal communications at work may be protected by the European Convention on Human Rights, and the Human Rights Act 1998.
“The lawful business practice regulations allow an employer to monitor and intercept business communications, so the court is implying that private use of a telecommunications system, assuming it is authorized via an acceptable-use policy, can be protected (by human rights legislation),” said Chris Pounder, a privacy specialist. “The ruling is important in that it reinforces the need for a statutory basis for any interference with respect to private use of a telecommunications system by an employee,” Pounder added. The college had no policy in place at the time informing employees that their communications might be monitored.
“According to the court’s case-law, telephone calls from business premises are prima facie covered by the notions of ‘private life’ and ‘correspondence’ for the purposes of Article 8,” said the court’s ruling.
http://news.com.com/E-mail+monitoring+may+violate+European+laws/2100-7348_3-6175495.html?tag=nefd.top
How Much Would Data Theft Cost You? Calculate It Online
Analysts at the Farmington, Conn.-based company studied data from media reports, as well as several industry analyst reports, to develop the tool’s proprietary algorithms.
“Until now, organizations have struggled to assess the scope of their financial risk should they be hit with a data loss incident,” said Adam Sills, a lead underwriter with Darwin, in a written statement.
According to Darwin, organizations can use the Tech//404 Data Loss Cost Calculator to estimate their financial exposure in three categories: internal investigation expenses; customer notification and crisis management expenses, and regulatory/compliance expenses.
http://www.darkreading.com/document.asp?doc_id=121698&WT.svl=cmpnews2_1