Survey: CEOs Fail To Grasp Importance of Security

Mon Sep 27, 2:11 PM ET Add Business - NewsFactor to My Yahoo!

By Erika Morphy, www.enterprise-security-today.com

You'd think that after reading about -- if not getting actually hit -- by one of the thousands or so virus variants making the rounds, C-suite executives would place just a little more importance on security.

To be sure, most executives do talk the talk about security -- not just in cyberspace but in actual operations as well, since the September 11th terrorist attacks. However, a new survey from Ernst & Young suggests that it is mostly talk.

"There is still an awareness issue among C-level executives about how integral I.T. security is to the fabric of an organization," Kent Kaufield, partner, technology and security risk services at Ernst & Young tells NewsFactor.

"It is easy for a CEO to say security is important," he acknowledges. "But in actuality, I think they view it much like purchasing insurance -- something that is good to have in place for disasters but hopefully will never be needed -- so they try to spend as little as possible on it."

The survey found that information security does not rank on high on CEOs' lists of priorities.  Read the whole article, Click here:  http://story.news.yahoo.com/news?tmpl=story&u=/nf/20040927/bs_nf/27191&cid=620&ncid=1730&sid=96479370

01 August 2004

New Threats to NYC Reported

NYC, NY: ABC News has learned that federal and New York City officials have received credible intelligence that al Qaeda has been plotting to carry out suicide attacks on corporations based in the city.

Sources at several law enforcement agencies tell ABC News that an "overseas source" has provided the information about the threat to New York and that it is more significant than the usual "chatter" intercepted from likely terrorists that has prompted warnings in the past.

Officials from dozens of local and federal agencies met into the night Friday and again this morning.

"Intelligence reporting indicates that al Qaeda continues to target for attack commercial and financial institutions, as well as international organizations, inside the United States," the New York City Police Department said in a statement released today on the "ongoing al Qaeda threat."

"The NYPD recommends that corporate and institutional security directors review their protection of HVAC systems, parking installations, and security in general," the statement added. "The alert level for New York City remains unchanged at 'orange' or 'high.'"  Source: http://abcnews.go.com/sections/WNT/US/new_york_city_terror_threat_
040731-1.html

08 Apr 2004

FDIC warns of scam targeting consumers' Bank Accounts

UNITED STATES: Consumers and financial institutions are being warned of a new e-mail scam that purports to be from the Federal Deposit Insurance Corp. and that advises consumers to click on an attached file for more information about alleged fraudulent activity regarding their bank accounts, according to Computerworld.

Instead, according to FDIC spokesman David Barr, the attached file is either a computer virus or a program that can steal personal information from a computer and
send it to the scammer.

In an announcement yesterday, the Washington-based FDIC said the e-mails are sent from "security" at fdic.com, with a subject line called "fraud report." The e-mail tells recipients that their bank accounts have been temporarily closed because of fraudulent activity, then directs the recipients to open an attached file for details related to the fraudulent activity as well as for information on how to contact the FDIC.

The first report of the scam was made to the FDIC by a U.S.-based consumer yesterday morning, Barr said. "We got a complaint from a consumer that they had received one of these e-mails, and they wanted to know if it was true," he said.

06 June 2003

NEW YORK CITY: A new computer virus that could offer crackers full control of infected PCs, giving them access to critical information such as passwords and credit-card numbers, was spreading on the Internet as of Thursday night. The virus, called "BugBear.B" by virus experts, follows two other quickly spreading e-mail viruses seen in recent weeks -- "Sobig.B" and "Sobig.C" -- but far exceeds them in its ability to do harm and in the aggressiveness of its spread. It is also possible that this virus is aimed at U.S. financial services institutions. Several private research organizations (including ERRI) and federal law enforcement are looking into the possibility that BugBear is designed to target banks, brokerage houses, and other related businesses and steal passwords that would allow attackers to compromise user accounts.

E-mail filtering services company MessageLabs Inc. had blocked 37,400 copies of BugBear.B from 125 countries by midday Thursday, after barely registering a blip on Wednesday, when the first copies were seen. Reportedly, all it takes is one e-mailed copy of the virus entering a corporate network for havoc to ensue. Once inside, BugBear.B will spread throughout a network. ERRI computer analysts suggest updating your anti-virus/firewall software at the earliest opportunity...

14 May 2003

States At Risk Of Attack Shown On New Terror Map

CHICAGO, IL: A new assessment from one of the world's leading insurance brokers says most of western Europe and all of the United States and Russia are at "high risk" from terrorist attack. The global terrorism risk map has been prepared by Aon, the world's second largest insurance broker. On the map, all of the Central and South American countries are designated either "low" or "negligible" risk -- apart from Colombia, which is designated "extreme risk."

It is the first time the Chicago-based broker, which employs former military and security service specialists to help make its assessments, has compiled a map of terrorism risk, although it has done a similar exercise for political risks for the past ten years. Paul Dobbs, chairman of Aon's special risks division, said: "If you want to get mugged, go to Latin America -- but as far as explosions are concerned, the risks are practically negligible, outside Colombia."

Aon believes that one reason that Colombia now falls into its most dangerous category is because guerrillas from the Revolutionary Armed Forces of Colombia (FARC) have been receiving training from the Provisional IRA, and have switched their tactics from attacks in rural areas to large vehicle bombs in urban areas, which cause much greater damage.

Aon believes Northern Ireland faces a lesser threat than the rest of the United Kingdom because the al-Qaeda terror network is more likely to attack the British mainland. All of the UK remains vulnerable to attack from the Provisional IRA, but while Irish republicans retain terrorist capability, they appear to have no current intention of using it -- a key factor in the broker's risk assessment process.

Although the US Department of Homeland Security recently lowered its national terrorism threat level from "high" (orange) to "elevated" (yellow) following the end of serious fighting involving US troops in Iraq, Aon's Dobbs said he believed the outcome could encourage further terrorism. He said: "The Iraq war showed it is very difficult to match the US in conventional warfare, so asymmetric risks, such as terrorism, could be greater."

Although there are far fewer international terrorist incidents than in the mid-eighties, Aon points out that terrorist attacks are becoming more lethal. An Aon assessment says: "Most terrorist organizations active in the 1970s and 1980s had clear political objectives. They tried to calibrate their attacks to produce just enough bloodshed to get attention for their cause, but not so much so as to alienate public support. Now, a growing percentage of terrorist attacks are designed to kill as many people as possible."

The Emergency Response & Research Institute (ERRI) -- parent organization of this website -- offers comparable counter-terrorism and anti-terrorism advice, daily, weekly, and instantaneous news services and analysis, and statistical information.

From Information Week

Title: Improving Homeland Security Capabilities with Business Intelligence Software
Published: January 29, 2002
Type: White Paper
Format: PDF
Abstract: Learn about the increasing significance of business intelligence software in Homeland Security efforts and how government agencies and private organizations can leverage business intelligence technology to "detect, prepare for, prevent, protect against, respond to and recover from terrorist threats or attacks." Homeland Security includes the protection of operations and infrastructures critical to public health and safety and the national economy. In order to meet this challenge, agencies involved in Homeland Security are increasingly looking to sophisticated information technology (IT) and business intelligence, which is clearly necessary to facilitate the collaboration and sharing of information between public and private groups to ensure the safety of these infrastructures during a security crisis.

Click here to visit the site to download the report: http://infoweek.bitpipe.com/data/detail?id=1028232635_897
&type=RES&x=797220071

Real Estate: Disaster Centers: It's Location, Location

NYT, By DAVID W. DUNLAP

Ever since the attack on the World Trade Center, financial institutions downtown have struggled with the question of how big a logistical insurance policy they need.