[ISN] Canadian Survey Finds Firms Vulnerable To Internet ...

From: mea culpa (jerichot_private)
Date: Wed Jul 01 1998 - 00:59:37 PDT

  • Next message: mea culpa: "[ISN] 'Back door' doesn't get very far"

    Forwarded From: Nicholas Charles Brawn <ncb05t_private>
     CANADA, TORONTO, ONTARIO, 1998 JUN 30 (Newsbytes) -- By Martin Stone, 
    Newsbytes. A survey conducted by one of the world's largest security  firms
    has disclosed that, despite concerns among business leaders that  the
    Internet is not a secure way to send information, it is still  widely used
    by Canadian companies to do just that. 
       According to security and investigation organization KPMG's 7th  annual
    Canadian Fraud Survey Report, which polls the chief executives  of Canada's
    top 1,000 companies on fraud and corporate security, only  11 percent of
    respondents believe that the Internet is a secure way to  send information.
       However, the study shows 43 percent stated their company uses the 
    Internet to transmit sensitive or private information, anyway. 
       "I think where the worry comes in is, as more companies move to an 
    electronic-based economy they need to be more concerned about the  security
    of their Internet transactions," KPMG Investigation and  Security Inc.
    President Norm Inkster told Newsbytes. 
       "The Internet is a very easy and convenient way to conduct business  and
    send information. People are busy and electronic commerce and mail  appeals
    to them because it's fast and saves time," Inkster continued.  "However,
    the Internet presents risks for fraud if companies do not  implement
    adequate information security measures. The increase in  electronic
    commerce provides opportunity for fraud in all industries." 
       For the first time in its seven-year history, KPMG's Fraud Survey  asked
    about the security measures for computers and the transmittal of 
    information by Canada's largest companies. Inkster points to warning  signs
    >from the results that indicate that Canadian businesses are  vulnerable to
    fraud through the Internet. "I believe that business  leaders are putting
    their companies at risk," he said. "Eighty-two  percent of respondents
    consider their computer systems to be a  potential security risk for fraud.
    But less than half reported using  security measures when transmitting
    information over the phones or  Internet." 
       Inkster said that many companies don't realize that when you are  hooked
    up to the Internet, the Internet is hooked up to you. "It's a  two-way
    street," he said, "and you need adequate firewall protection." 
       Another of the survey's major findings is that 57 percent of all 
    respondents admitted that their firm had been a victim of fraud. 
       Also, 47 percent of respondents believe that fraud will increase in 
    1998. This number rose to 62 percent within the financial services  sector.
    When asked for a reason why fraud would increase, over half of  the survey
    participants blamed regulatory deficiencies. 
       However, less than five percent attributed the problem to a lack of 
    government intervention. "One of the conclusions that I think we can  draw
    >from these results is that many business leaders blame the  increase in
    fraud on the lack of self-regulation in their industries,"  Inkster
    concluded. "They don't want government regulation, but they  recognize the
    need to take responsibility for fraud prevention." 
       While fraud techniques may be more sophisticated, the source appears  to
    be the same as recorded by KPMG surveys in previous years.  Overwhelmingly,
    the greatest single source of fraud, according to  respondents, is their
    company's own employees. Seventy-seven percent of  respondents cited their
    employees as the principal source of fraud.  Customers were considered by
    respondents to be the second highest  source. 
       The most common types of fraud perpetrated by employees included 
    inflated expense accounts, theft, secret commissions, and personal use  of
    company supplies. Customer-related fraud is predominantly committed 
    through check-forgery, credit card schemes, automatic teller machine 
    fraud, misstated accounts, and withholding cash receipts. 
       The sectors where fraud had the greatest impact and where the level  of
    concern is the highest are utilities, food and packaged goods, and 
    financial services, the survey shows. 
       The study also queried respondents on their vulnerability to money 
    laundering. Only 14 percent of survey participants stated they had been 
    impacted by this illegal activity. However, almost half the firms  admitted
    they accept forms of payment that make them vulnerable to  money
       Moreover, 83 percent of respondents acknowledged they do not conduct 
    background checks on investors. Vulnerability to money laundering was 
    highest in the financial services sector. Fifty-nine percent of 
    respondents from this sector believe their company is affected by 
    international money laundering, while 56 percent accept forms of  payment
    that make them vulnerable to money laundering. 
       Companies are, however, taking measures to prevent fraud among 
    employees. The survey reveals 98 percent of respondents state it is 
    important to screen new employees, while 88 percent actually have 
    pre-employment screening procedures already in place. However, only 50 
    percent of respondents say they ran background checks on new suppliers  and
    contractors. Even fewer -- less than 20 percent -- conduct  background
    checks on new investors or franchisees. 
       Other survey findings support the fact that companies should have 
    procedures in place to prevent fraud. Most respondents report that  fraud
    was discovered by the company through internal mechanisms such as  internal
    audits and "whistle-blowers." 
       Inkster said that adequate firewall technology is available and that 
    "there is some excellent encryption software." However, he said that  many
    companies have not taken a hard enough look at their security  arrangements
    and are thus vulnerable. 
       He suggested companies conduct a "threat-risk analysis -- what their 
    assets are, where they stored, where they are vulnerable -- and build 
    their security network around the findings." 
       The KPMG survey polled chief executives of Canada's top 1,000 public 
    and private companies as ranked by the Financial Post newspaper. The 
    response rate was 21 percent. 
       Copies of the survey are available by phone from Stephen Schneider at 
    416-777-8465 or through KPMG's Web site at http://www.kpmg.ca 
    Subscribe: mail majordomot_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:57:26 PDT