Human error and criminal cleverness still beating data security

Although often criticized for amplifying scares on which the sponsors trade, new surveys show that online data theft is changing with new service delivery trends, as well as outpacing most companies' security efforts.

New research from Deloitte confirms that your company's security is far more likely to be breached through its doors than its online portals. Two-thirds of respondents to its annual financial-service company survey say they have suffered repeated external security breaches, mostly via customers. One-third say employees have also caused them. The lapses are often accidental - materials being removed without documentation or authorization, or systems being accessed without the specified precautions.

Despite the concern, one in five companies admitted they haven't given employees any security training in the past year; and the training they do give is assessed as "too high-level and generic to have the desired impact." While two-thirds of IT executives reported security breaches involving customers, mainly owing to their failure to guard against such threats as computer viruses and hoax emails leading to identity theft, few companies do anything to improve their customers' security.

Critics of such surveys point out that the sponsoring company has an interest in highlighting the need for new systems and training to improve data security. Skepticism tends to be even greater when the evidence of rising IT security threats arrives from companies that specialize in selling solutions to them. But the latest of these highlight an important trend, of cyber-crime following the trends of legitimate data-based business.

The migration of corporate software from proprietary to hosted solutions – 'software as a service' – appears to have brought a matching move by malware practitioners. According to the latest Internet Security Threat report from software group Symantec, most cyber-attacks and identity thefts now occur not when the user encounters a virus or Trojan on the in-house system, but when they log in to a trusted internet site.

Among the thieves' most effective tricks is to paste a false page over a recognized site, so that information input by the user (including account numbers and PIN or password details) finds its way into hostile hands. Most target home users, presenting a threat to any companies that deal with customers directly through their website. Plugging an ActiveX control into the browser multiplies the user's risk of a security breach, according to this survey, which links them to almost 90% of observed encounters with infected applications.

Last month Errata Security, another IT security specialist, went beyond the mere reporting of new threats to their public demonstration, showing how hackers can monitor the traffic from portable computers and smartphones to wireless internet connections, and 'hijack' email or social networking sessions. The demonstration was co-organized by Tier 3, a 'behavioral analysis' IT security provider, which inevitably recommends its own behavior-monitoring software as well as the usual encryptions and secure layers to avoid such invasion.

All such surveys agree that online crime is moving from lone hackers, acting mainly for the technical challenge, to organized groups that are after companies' and customers' cash. Software for phishing, pharming and other types of online theft is now circulating on the internet, as are files of the subsequently stolen information. As well as adopting 'service-oriented architecture' for their latest fact-finding, criminals appear to have replicated the online B2B hub for wider web-based re-trading of stolen personal data. The survey questions may often be asked to sharpen the sales pitch for online security, but the 66% of senior executives who told Deloitte that security is a "key imperative" aren't likely to be victims of an unnecessary scare.
Reprinted from our sister site, FinanceWeek

You may like these other stories...

Event Date: May 29, 2014 In this presentation Excel expert David Ringstrom, CPA brings you up to speed on the Excel feature you should be using, but probably aren't. The Table feature offers the ability to both...
No field likes its buzzwords more than technology, and one of today's leading terms is "the cloud." But it's not just a matter of knowing what's fashionable. Accounting professionals who know how to use...
There is a growing trend of accountants moving away from traditional compliance work to more advisory work. Client demand is there, but it is up to the accountants to capitalize on that. What should accountants' roles be...

Upcoming CPE Webinars

Apr 22
Is everyone at your organization meeting your client service expectations? Let client service expert, Kristen Rampe, CPA help you establish a reputation of top-tier service in every facet of your firm during this one hour webinar.
Apr 24
In this session Excel expert David Ringstrom, CPA introduces you to a powerful but underutilized macro feature in Excel.
Apr 25
This material focuses on the principles of accounting for non-profit organizations' revenues. It will include discussions of revenue recognition for cash and non-cash contributions as well as other revenues commonly received by non-profit organizations.
Apr 30
During the second session of a four-part series on Individual Leadership, the focus will be on time management- a critical success factor for effective leadership. Each person has 24 hours of time to spend each day; the key is making wise investments and knowing what investments yield the greatest return.