Reconnex delivers accurate protection against known data loss and provides the only solution that automatically learns what your sensitive data is as it evolves in your organization.

Analysis of More Than 1.1 Terabytes of Data Shows That Use of Webmail, IM, and P2P File Sharing Is Widespread

MOUNTAIN VIEW, Calif., May 1, 2006—Reconnex, the expert in discovering both known and unknown electronic risks, today released its latest Insider Threat Index™ for the first quarter of 2006, which reveals the extensive use of remote access protocols as well as the growing use of rogue VOIP protocols such as Skype, and discusses the risk they pose to the corporation.  Leakage of Social Security numbers (SSN) and credit card numbers (CCN) continues to be a problem; 89 percent of corporations assessed exposed SSNs and 67 percent exposed CCNs.  This exposure occurs despite Federal and state privacy laws and on-going publicity about the risks of identity theft.  Reconnex compiled the current index from more than 1.1 Terabytes of raw data gathered from 48-Hour eRisk Rapid Assessments™ that Reconnex conducted from January to March 2006 in a variety of industries, including healthcare, finance, technology, and manufacturing.  The e-Risk Rapid Assessment allows corporations to quickly assess the insider threat and conduct immediate forensic investigations to determine the sources of threats and the motivations behind them.

[To download the full Reconnex Insider Threat Index in PDF format, please visit:  http:www.Reconnex.net/Threat/]

Leading Risk Indicators Widespread in Latest Analysis

The results of Reconnex’s latest e-Risk Rapid Assessments show that organizations are still at high risk of having personal and confidential information leaving their networks undetected.

• Webmail – In line with previous Insider Threat Index findings, 89 percent of companies assessed had Webmail running over their networks.
• SSN – 89 percent of companies leaked Social Security numbers.
• CCN – 67 percent of companies exposed credit card numbers.
• Instant Messenger (IM) – Because IM can easily leave the network without detection, most organizations forbid its use, yet 78 percent of companies had IM on their networks.
• Peer-to-Peer (P2P) – P2P file sharing protocols, banned by most companies because they pose grave risks to corporate security, were found in 78 percent of companies, compared to 35 percent in all of 2005. 
• Remote access protocols – These were present in 66 percent of companies. 
• Rogue VOIP protocols – 22 percent of organizations had Skype on their networks.

Remote Access Protocols

The use of remote access protocols, which were found in 66 percent of companies assessed, can pose a very real risk to organizations. Tools such as Citrix/GoToMyPC create an SSL tunnel into the corporate network, which leads to multiple risks to its integrity.  Since these tools encrypt the data stream, it is difficult to determine what data is flowing in and out of the network.  If a remote access protocol is connected to a home PC, the user can easily transfer confidential documents from the corporate network to the home PC with very little risk of detection.  In the other direction, files transferred from the home PC to the corporate network could easily be infected with viruses or malware.  Since remote access protocols run through SSL or IPSec connections, they essentially subvert firewall policies and settings.

“No one is discussing the risks of remote access because every business routinely gives it to trusted employees, partners, consultants, and other third parties, but businesses really don’t know what users are accessing or viewing,” said Kevin Cheek, vice president of marketing at Reconnex.  “However, anyone who terminates SSL or IPSec VPN connections to the corporate network needs to monitor where they’re going and what files they’re touching.”

Rogue VOIP Protocols

Rogue VOIP protocols such as Skype, which are similar to viral IP clients, are a new type of threat to corporate data privacy.  The latest Insider Threat Index noted Skype in 22 percent of installations, and its popularity is growing rapidly—Skype recently reported it has more than 75 million registered users.  Many organizations forbid the use of such protocols, and awareness of the problems introduced by Skype is increasing rapidly. 

However, not all employees understand why Skype and its ilk should be banned from the corporate network.  In today’s portable society, employees take laptops home—and they or their family members may download Skype for use at home. But when the employee brings the laptop back to work, it comes with Skype’s encrypted P2P protocol, which prevents the organization from knowing what the laptop is transmitting over the network.  Because rogue VoIP protocols establish direct connections with other computers, they can provide a back door for Trojans, worms, and other viruses to jump over firewalls and into the corporate network.  In addition, Skype has multiple flaws that could allow hackers to take control of a compromised system and even access the network to which it is connected.  Skype is extremely easy to install and port agile; it uses secure ports that are almost never blocked, so point blocking solutions are ineffective.  Plus, it can move from port to port.  Only a solution that monitors all ports, all the time, can effectively find rogue VOIP protocols and help keep them off the corporate network.

Personal Information Still at Great Risk

Exposing private data such as Social Security and credit card numbers is a violation of several Federal and state regulations, and can cause serious damage to a company’s reputation.  Given the high public awareness of the threat and the penalties for violating regulations, one would expect to see more use of encryption and a quarter-by quarter downward trend in insider leaking. Yet the latest Reconnex e-Risk Assessments reveal that organizations are still struggling to prevent leaks of personal and private information.  Only about 19 percent of data leaving the assessed networks was encrypted.  Social Security numbers were exposed in 89 percent of Reconnex e-Risk Assessments performed in the first quarter of 2006, and credit card numbers were exposed in 67 percent. 

Frequently the exposed numbers are those of employees.  The trend toward outsourcing Human Resources functions such as payroll, pensions, life insurance, and 401K plans requires a great deal of communication outside the organization.  HR personnel often reference employees by name and SSN in clear text.  Employee CCNs are frequently leaked in communications with travel-related services, and new employees must often fill out a travel profile that includes their (or the corporate) CCN and send it to the travel agency in clear text.  Many companies have built automated systems that collect information about things such as vacation requests, 401k changes, and travel requests.  These systems use this information in unencrypted emails sent to partners.  The ability to monitor all email and Webmail, not just SNMP email, is crucial to maintaining privacy policies.

Risk Discovery Key to Finding and Remediating Critical Corporate Risks

The Reconnex 48-Hour e-Risk Rapid Assessments frequently reveal risks that strike at the very heart of the corporation—and the corporation may not even be aware of these risks.  Leakage of SSNs, CCNs, bank account information, Personal Health Information (PHI), and other data violates Federal and state regulations such as the Gramm-Leach Bliley Act (GLBA), the Health Insurance Portability and Accountability Act (HIPAA), and Sarbanes Oxley (SOX).  Lack of compliance can lead to fines and even jail sentences.  Corporate governance can be subverted—and the network clogged—by the use of P2P protocols, Webmail, IM, and inappropriate use of the Internet.  Critical infrastructure is put at risk when employees use rogue VOIP and remote access protocols, or send documents and media over non-standard ports.  Competitive advantage is compromised when insiders use the corporate network to send their resumes—and even leak confidential documents such as intellectual property—to competitors. 

The Reconnex iGuard is the only content-monitoring appliance with risk discovery capabilities that allows enterprises to capture, classify, and store all content; perform historical analysis on the captured data to detect unknown threats; and correlate with known (detected) threats.  Only the iGuard provides 100 percent visibility into network use because it monitors all information entering and leaving the corporate network.  The iGuard is also the only solution that works on any protocol, from any port, enabling it to provide the most comprehensive electronic risk protection.  Finally, the system is unique in offering both real-time incident capture and bi-directional content capture, enabling organizations to quickly discover, analyze, and address both known and unknown risks.

About Reconnex

Reconnex is the standard for electronic risk discovery for Fortune 1000 companies, government organizations, financial institutions, and healthcare providers who want to protect their brands, shareholder value, and mission-critical operations from the insider threat.  Reconnex offers complete visibility into both known and unknown threats to network and information security; provides intelligent capture, classification, and storage of all outbound and inbound content for risk discovery, correlation, and analysis; and enables open integration with existing enterprise security solutions.  Reconnex enables enterprises to know with certainty what content enters and leaves their networks and to quickly capture, identify, and remediate both known and unknown threats to compliance, competitive advantage, corporate governance, and critical infrastructure.

For more information, call Reconnex today at 1-866-940-4590 or visit us on the web at www.reconnex.net

“I can now sleep at night, because I know exactly where our sensitive customer and account information is going.”

Jeff Karafa
Senior Vice President and Chief Financial Officer
Community Bank
Dearborn, Michigan