Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Call for same-day data breach notification

RSA Conference : 20 April, 2009  (Technical Article)
eFraud network forum survey discloses requirements from fraud professionals regarding the handling of data breaches
Call for same-day data breach notification
The RSA Conference eFraud Network Forum, a one-day event facilitating cross-industry information sharing to enable better detection and prevention of fraud, released the results of a recent survey of fraud professionals.

On the topic of data breaches, top-line findings include:

* 67 percent of respondents feel they should be notified the same day if an organization falls victim to a data breach and their customers are compromised.
* 57 percent felt that attacks had increased due to the global economic situation.
* 50 percent would like revised legislation and 28 percent want more regulation.
* 35 percent said their organization had experienced a data breach in the last 12 months, compared with 21 percent who didn't know and 44 percent who said they had not had a single breach in the last 12 months.

"Data breaches are not a rarity anymore; they are part of business," said Sandra Toms LaPedis, Area Vice President and General Manager of RSA Conference. "Furthermore, these findings show that current regulations to help organizations cope with data breaches and protect their customers are not enough. In fact, we found that spending to prevent fraud is actually up for half of the organizations surveyed." (See illustration)

The survey also found that more cross-industry information sharing is needed.

* 93 percent of people surveyed agreed information sharing does help prevent fraud and 78 percent of those surveyed would like to see more information sharing.
* 81 percent of those polled work with local police - the most popular law enforcement agency in the survey. The FBI (60 percent) and Secret Service (48 percent) were the second and third most popular respectively.
* In addition to sharing information with law enforcement, 68 percent share information with competitors within their industry and 40 percent share information with organizations outside their industry. Nine percent of respondents said they "didn't share information about attacks" outside their company.
* Those impacted by the Heartland Payment Systems breach had more frequent communication with law enforcement than those who had not been impacted.

Another trend uncovered by the survey showed that organizations are being attacked differently.

* Larger organizations with more than one million customer accounts are more likely to experience phishing attacks using their brand (90 percent), account takeover attacks (72 percent) and new account enrollment attacks (71 percent).
* Smaller organizations are primarily targeted with malware (73 percent), viruses (73 percent) and phishing attacks using their brand (68 percent).

Additionally, victims of the Heartland breach are experiencing higher percentages of malware, social engineering, Nigerian scams, new account enrollment, data breach leading to identity theft, skimming, SQL injections and attacks over the mobile phone.

The survey of 104 fraud professionals was conducted in March 2009. More than 60 percent of respondents represent the financial services industry and more than half are from organizations that manage more than one million customer accounts.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo