Reconnex Insider Threat Index Reveals Unexpected Vulnerabilities for Enterprises Trying to Protect Confidential Data
Reconnex Analyzes Over 160 Gigabytes of Data; Warns that Corporate E-mail is Not the Culprit for Leaking Consumer or Company Confidential Data
MOUNTAIN VIEW, Calif., June 22, 2005— Reconnex, the expert in enterprise risk management systems, today unveiled its Insider Threat Index™ compiled using the results of over 160 gigabytes of data analyzed from its e-Risk Rapid Assessment service sampled from a number of U.S. businesses and government agencies over the last six months. The Index reveals that approximately ninety percent of all network traffic monitored was Web-based content that was sent via Instant Messager, Webmail, Hotmail, or traffic from a Web application. Contrary to popular opinion, only 1.1% of the total content leaving the corporate network was sent via e-mail.
[To download the full Reconnex Insider Threat Index in PDF format, please visit: www.reconnex.net /special/trends.asp]
Last week 40 million consumers’ private data was exposed in a hacking incident attacking a credit card processing center. Privacy Rights Clearinghouse has reported that since February 2005, another 4 million customers’ and patients’ private data has been exposed because of internal security breaches, including headline-making losses from ChoicePoint, LexisNexis, Bank of America, San Jose Medical Group, and Ralph Lauren. In each of these instances, e-mail was not the number one channel for leaking confidential customer and patient data. Instead, consumers were exposed in one of four ways: h ackers grabbed it off the network; e mployees maliciously sold it for monetary gain; employees accidentally disclosed it; or c ompanies lost it via unencrypted back-up tapes, misplaced laptops, and similar physical breaches.
"The Reconnex risk assessments provide the first hard data on proprietary information loss," said Dan Verton, author of the forthcoming book, The Insider: A True Story, which highlights the results of dozens of Reconnex risk assessments. "Until now, all we had was anecdotal surveys to base the threat on. But this changes everything. Companies and government agencies are hemorrhaging secrets and they don't even know it."
Results Disclose Confidential Data is Being Exposed as Web Content
Reconnex’s sample of the content leaving the networks of major corporations revealed these startling results:
- One F500 bank learned 200 customer names were sent in a spreadsheet to an employee’s personal Earthlink account
- A healthcare organization learned the private data of 500 patients at an AIDS hospice was disclosed in a Webmail and sent to a Yahoo account
- A F500 financial institution found insider trading taking place in an AOL Instant Message
- A F1000 consumer goods company had unencrypted FTP sessions disclosing financial information about their customers between the company’s web servers and web servers conducting bill paying and processing at two F500 financial institutions
- One F500 high-tech company learned an employee was disclosing proprietary design documents in Webmails to start his own business in the same industry
Solely protecting sensitive customer data with an e-mail blocking solution would have left these companies vulnerable. However, by deploying the Reconnex inSight platform, each of these companies were able to conduct immediate forensic investigations to learn the motive behind the disclosures and take the appropriate remediate action that they would not have been able to take with e-mail blocking solutions.
Reconnex Threat Index Warns E-mail is Not the Culprit
Surprisingly, only 1.1% of the content leaving the corporate network was e-mail. Most information analyzed was sent in Webmails, Hotmails, instant messages, Web posts to Web servers, or other Web-based traffic. This means e-mail blocking technologies capable of preventing confidential information leaks are only addressing 1% of the total traffic containing this data. Customers’ private data and corporate secrets are still exposed.
Reconnex’s Insider Threat Index is compiled using the data from Reconnex’s 48-Hour e-Risk Rapid Assessments which monitor all traffic flowing over a corporate network, regardless of file type or communication channel to provide a complete view of enterprise risk. This month’s Insider Threat Index reports the following trends:
- 89.5% of all electronic data monitored was Web-based traffic
- Only 4% was SMTP-based e-mail traffic (approved corporate email)
- Of all content, only 2.2% was encrypted
- 97.8% of all content was unencrypted
- Only 1.1% was information emailed outside the corporate network.
"We were surprised by the types of sensitive data leaving our network, including customers’ private data," said Jeff Karafa, senior vice president and CFO of Community Bank in Dearborn, Michigan. "After Reconnex performed a 48-hour assessment, we knew we had to protect our reputation, our customers, and also meet the tough requirements set forth by the banking industries compliance laws. With the Reconnex iGuard deployed in our network, I can now sleep at night."
Surprisingly, the majority of information coming into and leaving the corporate network is not encrypted and is not sent via corporate e-mail. Instead, the majority of traffic content is unencrypted data sent via Webmail, Instant Message, and other Web applications. A large government agency with a zero-tolerance policy for adult content and a strict appropriate use policy learned their employees had visited the following websites in the first 48 hours of monitoring viewing:
- Over 1,000 adult content Web pages
- Over 4,300 gambling Web pages
- Over 400 hate/racism Web pages
- Over 58,000 sports Web pages
- Over 70,000 shopping Web pages
"Simply blocking e-mail would not have prevented identity-theft or leaks of proprietary information. It is literally a waste of time," said Donald J. Massaro, CEO and president of Reconnex Corporation. "Damage to a company’s brand or reputation occurs when you can’t see the hidden risks. In almost 100% of the assessments conducted to date, we found trusted insiders sending confidential information over the web. The good news is that with continued monitoring and superior forensic capabilities, companies are able to protect their customer’s private data, protect their competitive advantage, establish higher corporate governance standards, and close the loop on information security vulnerabilities that stem from hackers or spyware."
Forensics Capabilities Allow Reconnex to Dissect and Store Disclosed Data
The Reconnex iGuard product family are the only content-monitoring appliances on the market that provides this caliber of after-the-fact forensic analysis. While competitive products discard content objects, the Reconnex inSight platform provides a comprehensive view into the events taking place in an enterprise using iGuard’s Forensic Event Correlation™ engine. Now, organizations needing to comply with various industry regulations can store all electronic communication sessions, including e-mails, Webmails, Instant Message and chat communications, and any content forwarded or attached. They can also analyze this information with instantaneous "Google-like™" quick search queries into the stored data and create a complete audit trail using iGuard’s easy and intuitive Web-based interface. All forensic searching queries can be replayed for investigation by auditors, lawyers, and compliance experts, fulfilling an important need in this new age of compliance and complex requirements regarding disclosure of non-public information.
About Reconnex
Reconnex is the leading provider of enterprise risk management (ERM) systems that reveal and address the insider threat to compliance risks, competitive risks, corporate governance risks and critical infrastructure risks. Reconnex enables Fortune 1000 companies, government organizations, and smaller healthcare and financial services companies to protect their brands, shareholder value and mission critical operations by revealing hidden risks in the first 48 hours of deployment. Without exception, every deployment has enabled these organizations to quickly remediate the risks that could have damaged or destroyed their organization.
Give us two days, you’ll know™ . Call Reconnex today at 1-866-940-4590 or visit us on the web at www.reconnex.net.
