Reconnex delivers accurate protection against known data loss and provides the only solution that automatically learns what your sensitive data is as it evolves in your organization.

Insiders Account for 70 Percent of Losses Amounting to $2.4 Billion Says Author Dan Verton

MOUNTAIN VIEW, Calif., August 3, 2005—Today’s bank robbers usually do not get their money the old-fashioned way, using guns to hold up a bank office. They get it the high-tech way, accessing financial institutions’ IT systems to commit crimes such as ID theft, credit card fraud, phishing scams, securities fraud, embezzlement, and more. According to The Insider: A True Story, a new book by security expert Dan Verton, all too often the cyber-criminals robbing these institutions actually work for them. Verton uses real-life examples to illustrate the seriousness of the insider threat and reveals its extent using terabytes of hard data collected and analyzed by Reconnex Corporation using its unique iGuard content-monitoring security appliance. The Insider: A True Story, published by Llumina Press, is available from on-line retailers such as www.amazon.com and www.barnesandnoble.com and at bookstores across the U.S.

The new book details security problems found in the financial industry, including the weakness of existing policies, procedures, and controls and outdated information security technology. As a result, security personnel often cannot detect ID theft and other frauds because they lack the tools that provide visibility into the content flowing through the IT infrastructure. Without new technology, financial services institutions will not be able to stay ahead of identity-theft. Verton uses data from the FBI to bring home the extent of the insider threat. In fiscal 2004, for example, nearly one in every five financial fraud convictions were insiders. Even more troubling, insiders accounted for about 70 percent, or $2.4 billion, of the $3.4 billion that banks lost due to fraud and hacker incidents in 2004.

"The financial industry should be a leader in securing customer data against malicious insiders, but it’s failing," said Verton. "Some of the most notorious recent cases of ID theft are suspected to be the work of insiders. Some recent high-profile losses resulted from sheer carelessness. Either way, ‘state-of-the-art’ security systems used by the financial industry have not been designed to prevent the transmission of sensitive information originating inside the organization. In the wake of Gramm-Leach-Bliley, financial services companies need to rethink their security strategies to not only protect customer data, but to avoid damaging legal consequences."

Verton cites a U.S. Secret Service study and data trends gathered from Reconnex Corporation, to conclude that most insiders used simple and legitimate user commands to carry out their crimes. Verton’s message is simple: anyone in an organization, from low-level clerks to senior vice presidents and other corporate officers, can easily transmit sensitive data outside of these institutions’ networks without being detected by intrusion detection, firewalls, or email monitoring technologies.

Extent of Insider Threat Revealed
by the Reconnex iGuard

The Insider: A True Story shows how the latest security technologies can enable financial institutions to determine whether insiders are using their IT resources to deliberately or inadvertently leak sensitive customer information—and prevent the leaks. Verton discusses Reconnex’s pioneering work in developing its iGuard content monitoring appliance, which analyzes all content leaving a network – down to the credit card number – to find out what information is at risk and who is transmitting it. Reconnex has collected terabytes of blind data statistics from more than 100 deployments to date, giving the company unprecedented insight into the insider threat.

"The financial services industry is leading the number of Reconnex risk assessment deployed to date," said Donald J. Massaro, the founder and CEO of Reconnex. "Statistical trends gathered from these assessments have shown that social security numbers, credit card numbers, and other sensitive financial data are routinely communicated outside of the network, in clear text, even when official policy requires encryption. Financial institutions are quickly adopting Reconnex technology to monitor the activities of malicious insiders and protect their brand, reputation and shareholder value from this large and hidden risk."

About Dan Verton

In addition to The Insider: A True Story, Dan Verton wrote the highly acclaimed book Black Ice: The Invisible Threat of Cyber-Terrorism (McGraw-Hill, 2003), endorsed by some of the nation’s top experts as one of the best descriptions of the terrorist threat to critical cyber infrastructure to date. He has presented his research on cyber-terrorism to the Department of Homeland Security, the U.S. Secret Service, The Air Force War College, and to other organizations as well as to colleges and universities. Verton is former Marine Corps intelligence officer.

About Reconnex

Reconnex is the leading provider of enterprise risk management (ERM) systems that reveal and address the insider threat to compliance risks, competitive risks, corporate governance risks, and critical infrastructure risks. Reconnex enables Fortune 1000 companies, government organizations, and smaller healthcare and financial services companies to protect their brands, shareholder value, and mission critical operations by revealing hidden risks in the first 48 hours of deployment. Without exception, every deployment has enabled these organizations to quickly remediate the risks that could have damaged or destroyed them.

Give us two days, you’ll know™ . Call Reconnex today at 1-866-940-4590 or visit us on the web at www.reconnex.net.

“I can now sleep at night, because I know exactly where our sensitive customer and account information is going.”

Jeff Karafa
Senior Vice President and Chief Financial Officer
Community Bank
Dearborn, Michigan