Reconnex delivers accurate protection against known data loss and provides the only solution that automatically learns what your sensitive data is as it evolves in your organization.

Latest Study Shows Continued Exposure of Personal Information is Increasing the Risks for Customers and Employees

MOUNTAIN VIEW, Calif., November 8, 2005—Reconnex, the expert in enterprise risk management systems, today released statistics from its third monthly Insider Threat Index™. The latest Index reveals that Instant Messaging (IM) is a common tool for leaking confidential information that is not being monitored, increasing companies’ risk of insiders exposing sensitive data. Though companies continue to experience data leaks and as news of identity theft continues to make headlines, customer and employee personal information remains exposed via IM and other Web-based communications. In the past two months, 78 percent of companies monitored exposed social security numbers and 33 percent exposed credit card numbers. This month’s index was compiled from over 500GB of blind data statistics collected from Reconnex’s e-Risk Rapid Assessments performed during the months of August and September at Fortune 1000 companies in all industries, as well as government agencies.

[To download the full Reconnex Insider Threat Index in PDF format, please visit: http://www.reconnex.net/Threat/]

Reconnex has found leaks of confidential data in 100 percent of its e-Risk Rapid Assessment deployments to date.  Reconnex’s e-Risk Assessments enable companies to conduct immediate forensic investigations to learn the motive behind each disclosure and determine if it was accidental, intentional, or even a hacker posing as a trusted employee.

Instant Messaging is Commonplace and Creates Increased Risks to Businesses

Regarding the use of Instant Messaging applications, this issue of the Reconnex Insider Threat Index concludes that:

• Instant Messaging was prevalent in 78 percent of the e-Risk Assessments performed in the past two months.
• Instant Messaging was prevalent in 69 percent of all e-Risk Assessments conducted since January, 2005.
• This line of open communications is not being properly monitored and is being used as an avenue for insiders to share key non-public information. 
• Additionally, IM allows the attachment of files, putting businesses at even more risk of losing large amounts of confidential information in one communication.

Many companies have attempted to lock IM out of the corporate network, but client software for working around this type of blocking has advanced, making this activity very difficult to monitor.  The ability to monitor all Web-based communications, including IM, is essential to any comprehensive risk management plan.

“We continue to find that insiders are finding new ways to bypass the corporate network. This is evident in the massive amount of confidential data that is being sent over IM, an online application which is not dependent on a single port to communicate with others,” said Kevin Cheek, vice president of marketing at Reconnex. “The ability to monitor all network traffic in real time, regardless of content type or protocol, and store, report, and remediate electronic incidents is a huge advantage of Reconnex’s appliance-based approach to risk management.  In order to remediate risks effectively, though, a solution must also provide users with a Knowledge Discovery Event Correlation™ tool that takes advantage of automatic rotating data retention intervals of 30, 60, or 90 days, to provide the ability to easily search collected data for mitigation purposes after an event occurs.”

Continued Exposure of Confidential Information Leaves Employees and Customers at Risk

Headlines continue to proliferate on the massive amounts of identity theft as well as breaches occurring at well-known and respected businesses. According to Tower Group, there were 160,000 incidents of identity theft last year, notwithstanding plain credit card fraud, which federal figures estimate at 10 million instances a year. Reconnex’s e-Risk Assessments have validated that customer and employee information continues to be exposed. Based on e-Risk Assessments since January of this year, Reconnex has seen:

• 83 percent of companies expose social security numbers
• 38 percent of companies expose credit card numbers

Companies using content monitoring and risk management technology, however, can ensure the protection of confidential data and intellectual property while maintaining both corporate and regulatory compliance.

Blocking Technologies Are Not Stopping Adult Content

Most corporations undertaking e-Risk Assessments had employed some sort of blocking technology to prevent the downloading of pornography. Despite these efforts, Reconnex found that:

• The downloading of inappropriate images was discovered in 89 percent of e-Risk Assessments conducted over the last two months.
• 71 percent of all e-Risk Assessments conducted to-date have revealed the downloading of inappropriate images. 

It is evident in the data found that blocking technologies cannot keep up.  Additionally, employees are receiving more inappropriate content through Webmail and other sources, disrupting workflow and productivity.  Blocking technologies are creating a false sense of security. Companies must monitor traffic as a supplement to minimize the risk of sexual harassment suits and productivity loss.

Knowledge Discovery Event Correlation Capabilities Allow Companies to Remediate Risks at the Root Cause

Reconnex offers the only content-monitoring appliance on the market today that provides a complete knowledge discovery trail by capturing and temporarily retaining, over a user-configurable time window, all data entering or leaving the corporate network . Competitive products filter about ninety-five percent and store less than five percent of the information leaving the corporate network. This means less than five percent of the information critical to an electronic threat investigation is actually available.  The Reconnex iGuard takes a different approach by capturing and analyzing everything entering or leaving the network, so companies have new visibility into all insider threats and the ability to conduct a complete investigation after a threat event occurs. 

Using the Knowledge Discovery Event Correlation™ engine of the Reconnex iGuard system, organizations needing to comply with various industry regulations can conduct immediate forensic investigations on all electronic communication sessions, including e-mails, Webmails, Instant Message, FTP, P2P, chat communications and much more.  Organizations can also analyze this information with instantaneous real-time quick search queries into the stored data and create a complete audit trail using iGuard’s easy and intuitive Web-based interface.  Auditors, lawyers, and compliance experts can replay all forensic searching queries for investigation, fulfilling an important need in this new age of compliance and complex requirements regarding disclosure of non-public information. 

About Reconnex

Reconnex is the leading provider of enterprise risk management (ERM) systems that reveal and address the insider threat to compliance risks, competitive risks, corporate governance risks and critical infrastructure risks.  Reconnex enables Fortune 1000 companies, government organizations, and smaller healthcare and financial services companies to protect their brands, shareholder value and mission critical operations by revealing hidden risks in the first 48 hours of deployment.  Without exception, every deployment has enabled these organizations to quickly remediate the risks that could have damaged or destroyed their organization.

Give us two days, you’ll know™. Call Reconnex today at 1-866-940-4590 or visit us on the web at www.reconnex.net.

“I can now sleep at night, because I know exactly where our sensitive customer and account information is going.”

Jeff Karafa
Senior Vice President and Chief Financial Officer
Community Bank
Dearborn, Michigan