Hi-Tech-Consulting

Tech Gadgets Help Corporate Spying Surge in Tough Times
USA Today (07/29/09) Acohido, Byron

Corporate espionage has become increasingly more prevalent as companies have taken to storing massive amounts of data, and many are not careful about who has access to that data. As the economy has fallen, layoffs have also increased the opportunity for insiders to leave the company with sensitive information. Employees worried about job security face rising temptations to seek out and hoard proprietary data that could help boost their job performance, or at least make them more marketable should they get laid off, says Adam Bosnian, vice president at Cyber-Ark Software, another identity management systems supplier. Of the 400 information technology pros who participated in a recent Cyber-Ark survey, 74% said they knew how to circumvent security to access sensitive data, and 35% admitted doing so without permission. Among the most commonly targeted items: customer databases, e-mail controls and CEO passwords. Mobile device and social networking sites have also made the covert transfer of this data much easier. For companies who are not careful about handling passwords, the risk in even greater. Security experts warn that companies should ensure they educate employees about how to be cautious about password protection. Unfortunately, even these precautions cannot protect from more advanced forms of spy equipment that can be easily placed by janitors or other support staff. For example, one such device looks like an ordinary USB cable, but also picks up audio information that can be transmitted to a receiver up to 160 feet away.

Lawmakers: Electric Utilities Ignore Cyber Warnings
Computerworld (07/21/09) Gross, Grant

U.S. Rep. Yvette Clarke (D-N.Y.), chair of the U.S. House Homeland Security Committee’s Subcommittee on Emerging Threats, Cybersecurity, and Science, warned at a July 21 hearing that if the U.S. completely ignores the possibility of a cyber or electromagnetic pulse (EMP) attack against the electric grid, the possibility of an attack gets much higher. Clarke complains the electric utility industry has fought federal cybersecurity standards, noting some utilities have avoid industry self-regulatory efforts by declining to designate their facilities or equipment as critical assets that need special protection. “This effort seems to epitomize the head-in-the-sand mentality that seems to permeate broad sections of the electric industry,” says Clarke. The panel heard from experts on threats to the U.S. electric grid to gain their perspectives on vulnerabilities of the electric sector prior to consideration of the Critical Electric Infrastructure Act. The bill would authorize the Federal Energy Regulatory Commission to issue emergency rules to protect the electric grid after a determination by the secretary of Homeland Security that the grid faces an imminent threat. The bill has the support of Republicans as well as Democrats on the Homeland Security Committee. Representatives of the electric industry said they’ve worked hard to improve cybersecurity. Steven Naumann, vice president of wholesale market development at Exelon, said the most important thing about preventing either a cyber or EMP attack is clear communication from the private sector to the public sector when there is a perceived threat. Part of the problem with cyberattacks is that the U.S. government doesn’t share enough up-to-date information, Naumann added. “In general, the North American grid is well-protected against cyberattacks - at least those attacks that we know about,” he said. “It’s hard to protect against something you don’t know.”

Insiders Becoming Source of Hacking and ID Theft Threats
Computer Business Review (07/15/09) White, Kevin

A new Cisco report has brought attention to insider hacking and identity theft attempts as legitimate security concerns, which can be expected to escalate this summer and fall. In its most recent audit of global security threats and trends, the firm said that considering the recession during which many workers have lost their jobs or become disillusioned, the increase of insider attacks seems especially likely. Cisco’s Maurizio Taffone said that companies need to reexamine their security strategies and vulnerabilities to possible insider thefts. “Data leakage protection technology has a part to play, as do systems that help identify unauthorized access to enterprise resources,” he said. The report also verified a resurgence of spam, while social networking attacks are set to persist and attacks on legitimate Web sites are increasing. Cisco noted that cybercrooks are increasingly taking advantage of current events, while spamdexing is expanding, in which cybercrooks load Web sites with keywords to exploit users’ trust of search engine rankings.

NYPD Aims Anti-Terror Guide at High-Rise Owners
GlobeSt.com (07/06/09) Bubny, Paul

The New York Police Department last week issued “Engineering Security: Protective Design for High Risk Buildings,” a 130-page, counter-terrorism handbook aimed at owners of medium- and high-risk buildings. The report provides guidelines for both existing structures and future ones. In a preface, Mayor Michael Bloomberg wrote that the report “provides sensible guidelines for balancing the important need for security and the realities of urban development.” Prepared by the NYPD’s counter-terrorism bureau, “Engineering Security: Protective Design for High Risk Buildings” assigns the city’s buildings to either low-, medium- or high-risk categories. Furthermore, it provides recommendations for mitigating these risks. Although it does not identify any specific buildings as high-risk, the study says there are structures that present a number of risk factors at once. They range from location to structural design, including: proximity to other high-risk buildings or to major infrastructure; a lack of controlled access; the inability to withstand specific blast pressures at certain distances; and, finally, key financial or government tenants.

Workplace Fraud More Widespread Than You Think
The Chronicle-Herald (06/29/09)

Workplace fraud involving smaller amounts of money and missing inventory is a common, ongoing problem in Canada, according to a spring survey by KPMG’s forensic practice. This survey has also found that nearly 75 percent of such fraud is carried out by men, with 69 percent of the fraudsters between the ages of 30 and 49. Although workplace fraud can be committed by employees in all areas of a company, most fraudsters are at an age when their financial concerns are greatest and when they have enough experience to carry out a theft. Joyce McGeehan and Sarah Drysdale, both of the forensic accounting group with Grant Thornton LLP in Halifax, have developed a list of suggestions to help companies avoid workplace fraud. For starters, management should inform all employees of the expectations for ethical behavior and maintain a culture of openness within the organization. In addition, an anonymous hotline for whistleblowers can make it easier for employees and customers to alert the management to any problems. Appropriate due diligence should also be conducted on new hires, and managers should be aware of any behavioral changes among existing employees. Finally, fraud risk assessments, whether formal or informal, should be conducted regularly. Whoever performs these assessments should consider that intangible assets such as customer information can be stolen too, McGeehan and Drysdale said.