En ny undersökning* från säkerhetsföretaget Check Point ® Software Technologies visar att 48 procent av de tillfrågade företagen utsatts för så kallad social engineeering under de senaste två åren – det vill säga intrång från hackers som i första hand manipulerar människor istället för datorer. Företagen uppskattar att detta kostar dem mellan 150 000 till över 600 000 kronor per incident.  För att minimera antalet attacker och kostnaderna för dessa, uppmanar Check Point alla företag att kartlägga de vanligaste anledningarna till hot som riktas mot nätverket och kombinera sina tekniska säkerhetslösningar med att aktivt öka riskmedvetenheten hos sina anställda.

Socialt konstruerade attacker riktas oftast mot människor som antas ha kunskap om eller tillgång till känslig information. Dagens hackers använder en rad olika tekniska hjälpmedel såväl som sociala nätverk för att samla information om enskilda individer, i syfte att hitta den svagaste länken i en organisation. Av de undersökta IT- och säkerhetsansvariga svarar 86 procent att de känner en växande oro för sociala attacker. 

– Branschen står inför en ständig ökning av riktade hot. För att göra de tekniska säkerhetslösningarna smartare och mer effektiva, måste vi lyckas med att öka användarnas delaktighet. Många organisationer arbetar inte aktivt med de anställdas roll för att öka säkerheten, när personalen i själva verket bör vara högst delaktiga i säkerhetsprocessen för att kunna förhindra och åtgärda säkerhetshot i realtid, säger Lars Berggren, försäljningschef, Check Point.

Fler nyckelresultat från undersökningen: 

– 48 procent av de tillfrågade företagen medgav att de har varit utsatta för sociala attacker över 25 gånger under de senaste två åren.

– Nätfiske via e-post angavs vara den vanligaste tekniken för sociala attacker (47%), följt av personlig och professionell information som avslöjats via sociala nätverk (39%) och osäkra mobila enheter (12%).

– Den vanligaste orsaken till sociala attacker angavs vara ekonomisk vinning (51%), följt av tillgång till konfidentiell information (46%), få konkurrensfördelar (40%) och ren hämnd (14%).

– Nyanställda antas ha minst kännedom om organisationens säkerhetspolicy och anges som mest tänkbara mål för sociala hackare (60%).

– 34 procent av de undersökta företagen har ingen säkerhetsutbildning för de anställda eller någon säkerhetspolicy för att förhindra intrång.

Check Point 3D Security
Med hjälp av Check Points säkerhetsvision 3D Security kan företag bygga en komplett plan för sin säkerhet som inte bara bygger på tekniska lösningar utan även inkludera utbildning för medarbetare och involverar dem i säkerhetsprocessen. Med Check Points UserCheck-teknik kan medarbetarna får varningar och utbildas i företagets säkerhetspolicy realtid. Det hjälper företag att minimera frekvensen, risken och kostnaderna i samband med attacker.

*) Undersökningen, The Risk of Social Engineering on Information Security, genomfördes under juli och augusti 2011. Över 850 IT- och säkerhetsansvariga i USA, Kanada, Storbritannien, Tyskland, Australien och Nya Zeeland intervjuades. Urvalet i undersökningen representerar organisationer av alla storlekar från flera branscher, inklusive finans, industri, försvar, detaljhandel, hälsovård och utbildning. För tillgång till hela undersökningen: http://www.checkpoint.com/surveys/socialeng1509/socialeng.htm

För frågor och mer information, kontakta:
Lars Berggren, försäljningschef på Check Point Sverige
Tel: 070-667 95 10
larsb@checkpoint.com

För ytterligare information om undersökningen se fullständigt pressmeddelande på engelska nedan.

—————————————————————————————————-

CHECK POINT SURVEY REVEALS NEARLY HALF OF ENTERPRISES ARE VICTIMS OF SOCIAL ENGINEERING

Social engineering attacks can cost businesses more than $100,000 per incident, emphasizing the importance of better security and user awareness

REDWOOD CITY, Calif.  – Check Point® Software Technologies Ltd. (Nasdaq: CHKP), the worldwide leader in securing the Internet, today announced the results of a new report revealing 48 percent of enterprises surveyed have been victims of social engineering, experiencing 25 or more attacks in the past two years, costing businesses anywhere from $25,000 to over $100,000 per security incident. The report, The Risk of Social Engineering on Information Security, shows phishing and social networking tools as the most common sources of socially-engineering threats – encouraging businesses to implement a strong combination of technology and user awareness to minimize the frequency and cost of attacks.

Socially-engineered attacks traditionally target people with an implied knowledge or access to sensitive information. Hackers today leverage a variety of techniques and social networking applications to gather personal and professional information about an individual in order to find the weakest link in the organization. According to the global survey of over 850 IT and security professionals, 86 percent of businesses recognize social engineering as a growing concern, with the majority of respondents (51%) citing financial gain as the primary motivation of attacks, followed by competitive advantage and revenge.

”The survey results show that nearly half of enterprises surveyed know they have experienced social engineering attacks. Knowing that many of these attacks go unnoticed, suggests that this is a very wide and dangerous attack vector that must not be ignored,” said Oded Gonda, vice president of network security products at Check Point Software Technologies.

While social engineering techniques rely on taking advantage of a person’s vulnerability, the prevalence of Web 2.0 and mobile computing has also made it easier to obtain information about individuals and has created new entry points to execute socially-engineered attacks. New employees (60%) and contractors (44%) who may be less familiar with corporate security policies were considered to be the most susceptible to social engineering techniques, in addition to contractors, assistants, human resources and IT personnel.

”People are a critical part of the security process as they can be misled by criminals and make mistakes that lead to malware infections or unintentional data loss. Many organizations do not pay enough attention to the involvement of users, when, in fact, employees should be the first line of defense,” added Gonda. ”A good way to raise security awareness among users is to involve them in the security process and empower them to prevent and remediate security incidents in real time.”

To achieve the level of protection needed in modern day IT environments, security needs to grow from a collection of disparate technologies to an effective business process. Check Point 3D Security helps companies implement a blueprint for security that goes beyond technology and can educate employees by involving them in the process. ”Just as employees can make mistakes and cause breaches or threats within the organization, they can also play a large role in mitigating risks,” added Gonda. With Check Point’s unique UserCheckT technology, businesses can alert and educate employees about corporate policies when accessing the corporate network, data and applications – helping companies minimize the frequency, risk and costs associated with social engineering techniques.

Key Findings from the Report:

• The Threat of Social Engineering is Real – 86 percent of IT and security professional are aware or highly aware of the risks associated with social engineering. Approximately 48 percent of enterprises surveyed admitted they have been victims of social engineering more than 25 times in the last two years. 
• Social Engineering Attacks Are Costly – Survey participants estimated each security incident costing anywhere from $25,000 to over $100,000, including costs associated with business disruptions, customer outlays, revenue loss and brand damage.
• Most Common Sources of Social Engineering – Phishing emails were ranked the most common source of social engineering techniques (47%), followed by social networking sites that can expose personal and professional information (39%) and insecure mobile devices (12%).
• Financial Gains are the Primary Motivation of Social Engineering – Financial gain was cited as the most frequent reason for social engineered attacks, followed by access to proprietary information (46%), competitive advantage (40%) and revenge (14%).
• New Employees are Most Susceptible to Social Engineering Techniques – Survey participants believe new employees are at high risk to social engineering risks, followed by contractors (44%), executive assistants (38%), human resources (33%), business leaders (32%) and IT personnel (23%). Regardless of an employee’s role within an organization, implementing proper training and user awareness is critical component of any security policy.
• Lack of Proactive Training to Prevent Social Engineering Attacks – 34 percent of businesses do not have any employee training or security policies in place to prevent social engineering techniques, although 19 percent have plans to. 

The survey, The Risk of Social Engineering on Information Security, was conducted in July and August 2011, surveying over 850 IT and security professionals located in the U.S., Canada, U.K., Germany, Australia and New Zealand. The survey sample represents organizations of all sizes and across multiple industries, including financial, industrial, defense, retail, healthcare and education. Interested in learning more about social engineering and want to add your input? Access the full report and take the online survey here: http://www.checkpoint.com/surveys/socialeng1509/socialeng.htm.

”Security is not just a problem for IT administrators; it must be part of every professional’s role. As the industry faces a rise in sophisticated and targeted threats, user involvement makes security technology smarter and more effective,” concluded Gonda.

Pressreleasen kommer från: Newsdesk