1
#1: pathetic Passwords #6: HOOKING UP WITH ANOTHER MAN’S WI-FI #7: A LITTLE TOO SOCIAL #5: RECKLESS ABANDON OF MALWARE IS KEY LOGGER OR APPLICATION- SPECIFIC – WHICH OFTEN REQUIRES DETAILED KNOWLEDGE OF OR PHYSICAL ACCESS TO A TARGETED SYSTEM 26.4% #2: Peeping ROM WORKERS SURVEYED THAT SAY THEY HAVE BEEN ABLE TO SNEAK A PEEK AT A CO-WORKER’S OR STRANGER’S WORK STATION IN THE WORKPLACE OR A PUBLIC PLACE 71 % ONE IN THREE WORKERS LEAVE THEIR COMPUTERS LOGGED ON TO NETWORK RESOURCES AND UNLOCKED WHEN THEY ARE AWAY FROM THEIR DESK USERS TRAINED IN AVOIDING PHISHING AND SCAM EMAILS FELL FOR THESE MALICIOUS EMAILS 42% LESS THAN THOSE WITHOUT TRAINING #4: PHISH BITING OF IT SECURITY PROS SAY THEY COME ACROSS PHISHING MESSAGES THAT GET PAST SPAM FILTERS OF IT ORGANIZATIONS HAVE TOP EXECUTIVES OR PRIVILEGED USERS WHO HAVE FALLEN FOR MALICIOUS EMAIL ATTACKS 69 % 27 % OF YOUNG WORKERS THINK CORPORATE SOCIAL MEDIA POLICIES ARE OUTDATED OF ENTERPRISES HAVE SEEN AN INCREASE OF MALWARE INFECTIONS DUE TO EMPLOYEES’ USE OF SOCIAL MEDIA 9DZ BY 2015, THE NUMBER OF WIFI HOTSPOT DEPLOYMENTS WILL INCREASE BY 350% ONLY 18 PERCENT OF USERS USE A VPN TOOL WHEN ACCESSING PUBLIC WI-FI 18% THE FBI RECENTLY RELEASED AN ALERT TO TRAVELERS WARNING AGAINST AN UPTICK IN MALWARE PASSED OFF AS SOFTWARE UPDATES ON HOTEL INTERNET CONNECTIONS 67% REGULARLY IGNORE IT POLICIES 70% 52% #3: USB STICK UP OF USERS REPORT HAVING EXPERIENCED A VIRUS INFECTION THROUGH A USB DEVICE OF USERS WHO FIND RANDOM USB STICKS IN A PARKING LOT WILL PLUG THEM INTO THEIR COMPUTERS ADD THE COMPANY LOGO, AND THAT NUMBER INCREASES TO 60 % 35 % 90 % Uneducated Employees 7 deadly sins AND THEIR TODAY'S ORGANIZATIONS EXPERIENCE AN AVERAGE OF 14.4 INCIDENTS/YEAR OF UNINTENTIONAL DATA LOSS THROUGH EMPLOYEE NEGLIGENCE THE TOP CAUSE OF ORGANIZATIONAL DATA BREACHES: "NEGLIGENT INSIDERS" EMPLOYEES THAT SAY THEY WERE EDUCATED ON SECURITY POLICIES BUSINESSES BREACHED THAT DID NOT HAVE SECURITY POLICIES IN PLACE THAT INCLUDED SECURITY AWARENESS EDUCATION PUBLICLY REPORTED INSIDER BREACHES THAT ARE EXECUTED WITH MALICIOUS INTENT IT PROFESSIONALS THAT REPORT SECURITY POLICIES ARE COMMUNICATED TO NEW HIRES DURING ORIENTATION 87% 32% 15% 56% THE MOST COMMON CORPORATE PASSWORD IS Password1 BECAUSE IT JUST BARELY MEETS THE MINIMUM COMPLEXITY REQUIREMENTS OF ACTIVE DIRECTORY FOR LENGTH, CAPITALIZATION AND NUMERICAL FIGURES IN APPROXIMATELY 15% OF PHYSICAL SECURITY TESTS PERFORMED AT CLIENT SITES IN 2011, WRITTEN PASSWORDS WERE FOUND ON AND AROUND USER WORKSTATIONS 15% OF USERS DO NOT PASSWORD PROTECT THEIR SMARTPHONES OF PEOPLE WHO FIND LOST CELL PHONES RUMMAGE THROUGH THE DIGITAL CONTENTS TO LOOK AT SENSITIVE INFORMATION 89 % 70 % SOURCES: www.darkreading.com/identity-and-access-management/167901114/security/application-security/240005123/study-phishing-messages-elude-filters-frequently-hit-untrained-users.html http://ecs.arrow.com/suppliers/documents/IDCWhitePaper-InsiderRiskManagement.pdf; www.cisco.com/en/US/solutions/collateral/ns170/ns896/ns895/white_paper_c11-503131.html www.cisco.com/en/US/solutions/collateral/ns170/ns896/ns895/white_paper_c11-499060.html; www.kaspersky.com/downloads/pdf/kaspersky-lab_ok-consumer-survey-report_eng_final.pdf www.wi-fi.org/media/press-releases/wi-fi%C2%AE-security-barometer-reveals-large-gap-between-what-users-know-and-what; http://net-security.org/secworld.php?id=12634 http://digitallife.today.msnbc.msn.com/_news/2012/03/08/10595092-exclusive-the-lost-cell-phone-project-and-the-dark-things-it-says-about-us#.T1jKmQSi0sM.email www.bloomberg.com/news/2011-06-27/human-errors-fuel-hacking-as-test-shows-nothing-prevents-idiocy.html; www.corpmagazine.com/technology/digital/itemid/9828/pageid/2/how-to-mitigate-insider-threats; www.bbb.org/blog/2011/08/70-percent-dont-password-protect-their-phones/; www.wballiance.com/resource-center/wba-industry-report/; www.chariotsfire.com/thesis/Chapter6.pdf www.trustwave.com/global-security-report www.trustwave.com
