LADYDRAGON.COM - Majority of Fraud Professionals Want New Regulation, More Information Sharing and Same-Day Notification of Data Breaches

Thursday April 16, 2009

Majority of Fraud Professionals Want New Regulation, More Information Sharing and Same-Day Notification of Data Breaches

New Survey of Fraud Professionals by RSA^®Conference eFraud Network^SM Forum Finds Attacks Increasing in Current Economic Climate, Data Breaches Continuing to Impact Organizations

RSA Conference 2009

LadyDragon --RSA^® Conference (www.rsaconference.com) eFraud Network^SM Forum, a one-day event facilitating cross-industry information sharing to enable better detection and prevention of fraud, today released the results of a recent survey of fraud professionals.

On the topic of data breaches, top-line findings include:

67 percent of respondents feel they should be notified the same day if an organization falls victim to a data breach and their customers are compromised.
57 percent felt that attacks had increased due to the global economic situation.
50 percent would like revised legislation and 28 percent want more regulation.
35 percent said their organization had experienced a data breach in the last 12 months, compared with 21 percent who didn’t know and 44 percent who said they had not had a single breach in the last 12 months. (see Chart 1)

“Data breaches are not a rarity anymore; they are part of business,” said Sandra Toms LaPedis, Area Vice President and General Manager of RSA Conference. “Furthermore, these findings show that current regulations to help organizations cope with data breaches and protect their customers are not enough. In fact, we found that spending to prevent fraud is actually up for half of the organizations surveyed.” (see Chart 2)

The survey also found that more cross-industry information sharing is needed.

93 percent of people surveyed agreed information sharing does help prevent fraud and 78 percent of those surveyed would like to see more information sharing.
81 percent of those polled work with local police – the most popular law enforcement agency in the survey. The FBI (60 percent) and Secret Service (48 percent) were the second and third most popular respectively.
In addition to sharing information with law enforcement, 68 percent share information with competitors within their industry and 40 percent share information with organizations outside their industry. Nine percent of respondents said they “didn’t share information about attacks” outside their company.
Those impacted by the Heartland Payment Systems breach had more frequent communication with law enforcement than those who had not been impacted.

Another trend uncovered by the survey showed that organizations are being attacked differently.

Larger organizations with more than one million customer accounts are more likely to experience phishing attacks using their brand (90 percent), account takeover attacks (72 percent) and new account enrollment attacks (71 percent).
Smaller organizations are primarily targeted with malware (73 percent), viruses (73 percent) and phishing attacks using their brand (68 percent).

Additionally, victims of the Heartland breach are experiencing higher percentages of malware, social engineering, Nigerian scams, new account enrollment, data breach leading to identity theft, skimming, SQL injections and attacks over the mobile phone.

The survey of 104 fraud professionals was conducted in March 2009. More than 60 percent of respondents represent the financial services industry and more than half are from organizations that manage more than one million customer accounts. The full report can be found at: https://365.rsaconference.com/community/efraudnetwork.

About eFraud Network^SM Forum

eFraud Network^SM Forum (eFN) is a one-day event that brings together senior executives from the global anti-fraud ecosystem representing the law enforcement, financial services, payment, and merchant communities. As a closed-door, invitation-only meeting of anti-fraud practitioners, eFN is designed to enable candid information-sharing to create a unique opportunity for open dialogue within the entire global anti-fraud ecosystem. eFN’s goal is to facilitate cross-industry information-sharing to enable better detection and prevention of fraud. Driven by a global program committee of anti-fraud professionals, eFN meetings are held twice a year in conjunction with RSA Conference in the US and Europe. More information can be found at https://365.rsaconference.com/community/efraudnetwork.

About RSA Conference

RSA Conference helps drive the global information security agenda with annual events in the U.S., Europe and Japan. Throughout its 18-year history, RSA Conference consistently attracts the world’s best and brightest in the field, creating opportunities to learn about information security’s most important issues through face-to-face and online interactions with peers, luminaries and emerging and established companies. As information security professionals work to stay ahead of ever-changing security threats and trends, they turn to RSA Conference for a 360-degree view of the industry. RSA Conference seeks to arm participants with the knowledge they need to remain at the forefront of the information security business. More information on events, online programming and the most up-to-date news pertaining to the information security industry can be found at www.rsaconference.com.