Print This Story  Email This Story  Save this Link View PR Newswire's RSS Feed  Blogs Discussing this News Release  Search Blogs that Mention this News Release  Click this link to view linked Bookmarking Services Click this link to view linked Blogging Services

Reconnex Insider Threat Index Reveals That Majority of Fortune 1000 Companies Assessed in 2005 Exposed Social Security Numbers and Confidential Information
 
Over 187 Terabytes of Data Analyzed to Determine the Seven Leading Indicators
                              of Insider Threats

    RSA Conference, SAN JOSE, Calif., Feb. 15 /PRNewswire/ -- Reconnex, the
proven standard in Enterprise Risk Management solutions, today released its
latest Insider Threat Index(TM), which reveals that 78 percent of companies
assessed in 2005 exposed social security numbers and 52 percent leaked
confidential data during a 48-hour period through three key media-Webmail,
Instant Messaging (IM), and e-mail. Reconnex has identified the seven leading
indicators of risk by analyzing more than 4 billion content objects and over
187 terabytes of data. The analysis was performed by the Reconnex iGuard
content monitoring appliance, the only content monitoring product with the
ability to monitor and index content regardless of port, protocol, or content
type to provide a complete view of an enterprise's risk.  The data was sampled
during 100 48-Hour e-Risk Rapid Assessments(TM) that Reconnex conducted from
January to December 2005. The e-Risk Rapid Assessment is the quickest and
easiest way for a corporation to assess the insider threat and then begin a
longer-term process of risk mitigation to protect its brand, shareholder
value, and competitive advantage.
    [To download the full Reconnex Insider Threat Index in PDF format, please
visit:  http://www.reconnex.net/Threat/ ]

    Reconnex Identifies Seven Leading Indicators of Insider Threat Risks in
Fortune 1000
    After analyzing over 4 billion content objects of data collected in 2005,
Reconnex saw important trends emerge that allowed it to detect the seven
leading indicators of risk.  The findings below are based on the real traffic
that Reconnex monitored and analyzed over the past year.
     --  Webmail -- The majority of the corporations assessed had banned the
         use of Webmail on the corporate network.  Nevertheless, 83 percent of
         companies assessed had Webmail running over their networks;
         28 percent of Webmail transmissions included attachments.
     --  SSN -- 78 percent of companies leaked Social Security numbers.
     --  CCN -- 40 percent of all companies monitored sent unencrypted
         employee or customer credit card information outside their networks.
     --  Adult content -- An overwhelming number of corporate networks --
         68 percent -- contained adult content.  This has a huge impact on
         worker productivity and could result in sexual harassment or unsafe
         work environment lawsuits.
     --  Instant Messenger (IM) -- Because the majority of corporations
         monitor email and not IM, IM is often used by employees to sneak
         confidential or inappropriate data outside of the network. About
         66 percent of companies assessed had IM running.
     --  Peer-to-Peer (P2P) -- The majority of companies assessed have banned
         the use of P2P file sharing over their networks because it
         dangerously tunnels through corporate firewalls.  In 35 percent of
         companies monitored, Reconnex found these protocols running.
     --  Leakage of confidential documents -- Employees sent confidential
         documents over the corporate network in 52 percent of companies
         monitored, and employees often sent materials such as intellectual
         property to competitors.

    IM and Webmail Prevalent at Corporations; Webmail with Attachments Also
Common
    Most corporations today have a zero-tolerance policy for the use of
Webmail and IM at work.  Webmail sites often offer organizations no protection
in case of data theft, and the "Terms of Service" disclaim all warranties for
any losses related to data stored on these sites. The terminology used on some
Webmail hosting sites may even give them the right to use any data uploaded by
users.  Thus when employees send confidential company documents via Hotmail,
MSN, Yahoo, gmail, and AOL, they are placing unencrypted confidential
information onto a public server not hosted by their corporation.  Often, they
are placing the competitive advantage and intellectual property of a company
in serious jeopardy.
    About 83 percent of companies evaluated in 2005 had people inside the
corporation using Webmail to get information outside the corporate firewall;
66 percent had people inside using IM to get information outside.  Worse, at
28 percent of the companies assessed, employees were sending Webmails that
included attachments -- a leading indicator that sensitive information is
being transferred out of the corporation.
    The motivation for breaking a company's Webmail policy is often innocent.
In 2005, Reconnex found corporations that set limits on the size of
attachments that could be sent outside of the company actually encouraged
users to find other ways to communicate large files to get their jobs done.
Webmail services offer employees an easy solution because they have increased
storage limits over the years.

    Exposing Social Security and Credit Card Numbers Puts Employees, Customers
at Risk for Identity Theft
    While 39 percent of the companies assessed ran e-Commerce websites
allowing them to collect personal information for banking, shopping, or data
processing, most corporations are exposing Social Security and credit card
numbers to their partners the old fashioned way -- via unencrypted email.
This behavior continued despite well-publicized privacy breaches at large
F1000 companies in 2005.  Distributing private data in unencrypted format is a
violation of several Federal and state regulations and can seriously damage a
company's brand or reputation.
    Because outsourcing is now common in human resources, much private
information is communicated outside of the corporation to providers of
services such as payroll, pension, life insurance, and 401k plans.  Many times
employees are referenced by name and Social Security number in clear text.
Employee credit card numbers are frequently leaked to travel-related services.
New employees are often instructed to fill out a travel profile that includes
their own or the corporate credit card number and send the profile in clear
text to the travel agency.  Automated systems that collect information such as
vacation requests, 401k changes, and travel requests often automatically
generate unencrypted e-mails and send them to partners.

    Inappropriate-Use Policies Violated at Majority of Corporations
    Employees violated internal use policies in three ways:  Webmail was
present in 83 percent of corporations monitored even though it was against
their internal use policies; 68 percent of companies monitored had evidence of
adult content being sent over the corporate network; 66 percent found
employees were using IM. In most instances, organizations had web-blocking
tools to stop these inappropriate activities.  However, blocking technologies,
which generally rely on a database of URLs or keywords, have given companies a
false sense of security.  Using these technologies, it has been impossible to
keep up with the thousands of new adult content and anonymizer websites that
pop up each day.
    The ability to monitor all Web-based communications and IM is thus
essential to any comprehensive risk management plan. In addition, companies
must monitor their networks for inappropriate adult content to minimize the
risk of sexual harassment, unsafe work-environment lawsuits, and productivity
loss.

    Over Half of Companies Assessed Exposed Confidential Documents
    In 52 percent of the assessments conducted in 2005, confidential documents
were sent outside of the corporate network.  A variety of forms were used to
communicate confidential documents including email, Webmail, and IM.  In some
instances, this sensitive information was sent directly to competitors.

    One Third of Corporations Have Backdoor in Firewalls
    The Reconnex Risk Assessments detected P2P file-sharing protocols in
35 percent of the organizations evaluated.  File sharing places the
corporation at significant risk for two important reasons.  First, P2P works
by punching a hole through a corporation's firewall to make a connection with
a desktop.  Once the connection is made, files can be transferred between a
desktop inside the corporate firewall with a stranger on the outside.  If the
desktop contains company sensitive data, this puts the corporation in
tremendous risk.
    Second, while P2P can be used to distribute sensitive files, it is most
often used to distribute copyrighted media like music and movies.   This puts
a company in jeopardy for copyright infringement lawsuits by the Recording
Industry Association of America (RIAA) or the Motion Picture Association of
America (MPAA) at $125,000 a file.  Most of the time, companies running P2P
are not responsible for the distribution of one or two files, but often the
number of files distributed can be in the thousands to hundred of thousands in
a 48-hour period.

    Enterprises Understand and Solve Internal Security Issues with Risk
Discovery
    Reconnex offers the only content-monitoring appliance on the market today
that captures both known and unknown risks entering or leaving the corporate
network. Reconnex's iGuard includes key Risk Discovery capabilities that allow
enterprises to capture, classify, and store all content; perform historical
analysis on the captured data to detect unknown threats; and correlate with
known (previously detected) threats. Organizations needing to comply with
various industry regulations can use Risk Discovery capabilities to conduct
immediate investigations on all electronic communication sessions, including
e-mails, Webmails, IM, FTP, P2P, chat communications, and much more, providing
a complete audit trail.

    About Reconnex
    Reconnex is the leading provider of enterprise risk management (ERM)
systems that reveal and address the insider threat to compliance, competitive
advantage, corporate governance, and critical infrastructure.  Reconnex
enables Fortune 1000 companies, government organizations, and smaller
healthcare and financial services companies to protect their brands,
shareholder value and mission-critical operations by revealing hidden risks in
the first 48 hours of deployment.  Without exception, every deployment has
enabled these organizations to quickly remediate the risks that could have
damaged or destroyed their organization.
    Call Reconnex today at 1-866-940-4590 or visit us on the web at
http://www.reconnex.net.

     Kevin Cheek                           Robb Henshaw
     Reconnex Corporation                  Engage PR
     650-940-7705                          510-748-8200 ext. 217
     kcheek@reconnex.net                   rhenshaw@engagepr.com
SOURCE Reconnex



Back to Topback to top

Related links:
  • http://www.reconnex.net
    CONTACT:
    Kevin Cheek of Reconnex Corporation,
    +1-650-940-7705, or kcheek@reconnex.net; or Robb Henshaw of
    Engage PR, +1-510-748-8200, ext. 217, or rhenshaw@engagepr.com
    www.technorati.com Blogs Linking to this News Release at Technorati
    Issuers of news releases and not PR Newswire are solely responsible for the accuracy of the content.
    Terms and conditions, including restrictions on redistribution, apply.
    Copyright © 1996- PR Newswire Association LLC. All Rights Reserved.
    A United Business Media company.