Increase in fraud by senior managers |
New Zealand was ranked eighth highest for rate of fraud out of
the 54 countries surveyed in the latest PricewaterhouseCoopers
Global Economic Crime Survey.
|
In 2007, 75% of fraud was carried out by junior staff. In 2009,
that figure had dropped by almost 20%. |
Business fraud committed by middle and senior management
increased by almost 20% over the past year. |
“This shift is a cause for concern, as senior staff have the
ability to override internal controls and can potentially cause
greater financial loss to organisations,” Eric Lucas, a forensic
services partner, said. Read more at tvnz.co.nz |
Has your security policy been updated to cover minimum security requirements for use of third-party services such as Twitter? Telstra’s Twitter account hijacked
|
| Australian telco Telstra’s ambitious foray into social media has backfired after its Twitter account was hacked and used to spread malicious links.
|
The messages said “hey, look at this” and included a link to a page that appeared to be an official “videos.twitter.com” link, but was actually a link to a phishing site designed to steal people’s Twitter user names and passwords. |
More and more employees are circumventing corporate controls to be more productive.
Tammy Erickson of nGenera says “The organizations of today are perfectly designed to meet the challenge of the 20th century. They’re not right for what we’re doing today.” | There’s a growing risk within most organisations today that is clearly an insider threat but is also clearly not caused by a disgruntled or disillusioned employee. In fact, the new insider threat is more likely to manifest itself as a gung-ho new employee or contractor. |
| The lifestyle hacker does not have malicious intent. Nevertheless, the lifestyle hacker is highly successful at skirting various corporate controls put in place to protect security-related websites and critical endpoints |
| This conundrum exists as the inherent conflict between those who make the rules and those who break the rules, both of whom are driven by the exact same motivation–being more productive in the work environment. |
| One Wall Street firm we’re both very familiar with estimated that 45 percent of all security incidents in the past two years were lifestyle hacks.Read more at cio.co.nz |
Maths detected fraud in Canadian lotteries, undertaken opportunistically by lottery store clerks. A classic security case study of them having the three security factors: the motivation, the means, and the opportunity.
The fraud was detected by analysis of lottery winner data requested under a Freedom of Information type act , ie open data.
The fraud was not related to technology, but highlights the need to properly design business processes, to remove/reduce one of the factors. my involvement in a recent investigation into lottery fraud has convinced me that statistical analysis can indeed be used to uncover fraudulent behaviour that might otherwise pass undetected.
Many lottery players simply hand their tickets over to the local store clerk, asking if they have won anything. This opens the door for unscrupulous clerks to pretend that a winning lottery ticket won nothing (or just a tiny prize), then later claim the big lottery jackpot for themselves.
Does such fraudulent behaviour actually occur? |
It was clear that lottery sellers were winning significantly more major lottery prizes than could be accounted for by chance alone. The statistics proved the existence of widespread lottery fraud. |
| The probability of their winning 200 or more by pure luck alone would be unimaginably small — less than one chance in a trillion trillion trillion trillion.Read more at www.rcmp-grc.gc.ca |
The definition of insanity is doing the same thing over and over and expecting different results.How could we do things differently to authenticate users? 30 years of failure: the username/password combination |
We’ve known for decades that humans have a limited ability to associate passwords with specific accounts, and compensate by using what might be termed worst practices. A new survey of IT users at a large organization shows that little has changed, and the most sophisticated users behave no different than an average one. |
What is perhaps most striking about the new study, which is being published in the Proceedings of the Human Factors and Ergonomics Society, is its background section, which details just how long we’ve been aware of the password problem. It cites a study of Unix passwords from 1979, which showed that about 30 percent of the passwords were four characters or less, and about 15 percent being words that appear in the dictionary. Fast forward to 2006, when a separate survey of 34,000 MySpace passwords revealed that the most common were “password1″, “abc123″, “myspace1″, and “password”.
Read more at arstechnica.com |
Promising research for ways to continue processing while your network is under a DDoS attack. Computer Network Denial Of Service Denial |
| A way to filter out denial of service attacks on computer networks, including cloud computing systems, could significantly improve security on government, commercial, and educational systems. |
Their protocol - Identity-Based Privacy-Protected Access Control Filter (IPACF) - blocks threats to the gatekeeping computers, the Authentication Servers (AS), and so allows legitimate users with valid passwords to access private resources. |
| the researchers have tested how well IPACF copes in the face of a massive DDoS attacks simulated on a network consisting of 1000 nodes with 10 gigabits per second bandwidth. They found that the server suffers little degradation, negligible added information transfer delay (latency) and minimal extra processor usage even when the 10 Gbps pipe to the authentication server is filled with DoS packets. Indeed, the IPACF takes just 6 nanoseconds to reject a non-legitimate information packet associated with the DoS attack.Read more at www.sciencedaily.com |
This survey seems to support the need for data breach disclosure legislation. Survey: Half of businesses don’t secure personal data |
Around 55 percent of all businesses acknowledge that they secure credit card information but not Social Security numbers, bank account details, and other personal data, according to a survey of more than 500 companies released Wednesday by Imperva and Ponemon Institute. |
Of the companies surveyed, 71 percent acknowledged not making data security a top initiative, despite the fact that 79 percent of them said they’ve been hit by one or more data breaches. In fact, Ponemon and Imperva noted that since the PCI DSS standard was enacted in 2005, the number of breaches and cases of credit card fraud has actually risen. Read more at news.cnet.com |
Its meant for safety, but Is it secure - imagine the chaos that a hacker could cause by sending bogus messages to vehicles. On The Road To Secure Car-to-car Communications |
| A European research project works out how to keep car-to-car data transmissions private and secure from malicious hackers. |
ICT is driving forward a new era of more efficient and safer road travel for European citizens. Just as ABS brake technology dramatically cut accidents and fatalities in the 1980s, vehicle-to-vehicle and vehicle-to-infrastructure communication will make our roads safer still. |
But there is a big question to answer before the technology becomes widely adopted: is the communication link secure? |
| Imagine the chaos that a hacker could cause by sending bogus messages to vehicles. They could tell one car of an accident ahead, make the driver brake hard and actually cause an accident behind. Read more at www.sciencedaily.com |
Attack of the killer texts
|
The fact that text messages appear on mobile phones without any interaction from the user, and sometimes with limited interference from the cellular network operators, can give criminals an opening to break into those devices, as three teams of researchers showed Thursday at the Black Hat security conference in Las Vegas. |
Apple’s iPhones and phones running Microsoft’s Windows Mobile and Google’s Android operating systems were all shown to be vulnerable. In some cases, the problems weren’t with software, but the way cellular networks process messages. Read more at www.stuff.co.nz |
|
Increase in fraud by NZ senior managers?
