Forwarded From: Nicholas Charles Brawn <ncb05@uow.edu.au>
CANADA, TORONTO, ONTARIO, 1998 JUN 30 (Newsbytes) -- By Martin Stone,
Newsbytes. A survey conducted by one of the world's largest security firms
has disclosed that, despite concerns among business leaders that the
Internet is not a secure way to send information, it is still widely used
by Canadian companies to do just that.
According to security and investigation organization KPMG's 7th annual
Canadian Fraud Survey Report, which polls the chief executives of Canada's
top 1,000 companies on fraud and corporate security, only 11 percent of
respondents believe that the Internet is a secure way to send information.
However, the study shows 43 percent stated their company uses the
Internet to transmit sensitive or private information, anyway.
"I think where the worry comes in is, as more companies move to an
electronic-based economy they need to be more concerned about the security
of their Internet transactions," KPMG Investigation and Security Inc.
President Norm Inkster told Newsbytes.
"The Internet is a very easy and convenient way to conduct business and
send information. People are busy and electronic commerce and mail appeals
to them because it's fast and saves time," Inkster continued. "However,
the Internet presents risks for fraud if companies do not implement
adequate information security measures. The increase in electronic
commerce provides opportunity for fraud in all industries."
For the first time in its seven-year history, KPMG's Fraud Survey asked
about the security measures for computers and the transmittal of
information by Canada's largest companies. Inkster points to warning signs
>from the results that indicate that Canadian businesses are vulnerable to
fraud through the Internet. "I believe that business leaders are putting
their companies at risk," he said. "Eighty-two percent of respondents
consider their computer systems to be a potential security risk for fraud.
But less than half reported using security measures when transmitting
information over the phones or Internet."
Inkster said that many companies don't realize that when you are hooked
up to the Internet, the Internet is hooked up to you. "It's a two-way
street," he said, "and you need adequate firewall protection."
Another of the survey's major findings is that 57 percent of all
respondents admitted that their firm had been a victim of fraud.
Also, 47 percent of respondents believe that fraud will increase in
1998. This number rose to 62 percent within the financial services sector.
When asked for a reason why fraud would increase, over half of the survey
participants blamed regulatory deficiencies.
However, less than five percent attributed the problem to a lack of
government intervention. "One of the conclusions that I think we can draw
>from these results is that many business leaders blame the increase in
fraud on the lack of self-regulation in their industries," Inkster
concluded. "They don't want government regulation, but they recognize the
need to take responsibility for fraud prevention."
While fraud techniques may be more sophisticated, the source appears to
be the same as recorded by KPMG surveys in previous years. Overwhelmingly,
the greatest single source of fraud, according to respondents, is their
company's own employees. Seventy-seven percent of respondents cited their
employees as the principal source of fraud. Customers were considered by
respondents to be the second highest source.
The most common types of fraud perpetrated by employees included
inflated expense accounts, theft, secret commissions, and personal use of
company supplies. Customer-related fraud is predominantly committed
through check-forgery, credit card schemes, automatic teller machine
fraud, misstated accounts, and withholding cash receipts.
The sectors where fraud had the greatest impact and where the level of
concern is the highest are utilities, food and packaged goods, and
financial services, the survey shows.
The study also queried respondents on their vulnerability to money
laundering. Only 14 percent of survey participants stated they had been
impacted by this illegal activity. However, almost half the firms admitted
they accept forms of payment that make them vulnerable to money
laundering.
Moreover, 83 percent of respondents acknowledged they do not conduct
background checks on investors. Vulnerability to money laundering was
highest in the financial services sector. Fifty-nine percent of
respondents from this sector believe their company is affected by
international money laundering, while 56 percent accept forms of payment
that make them vulnerable to money laundering.
Companies are, however, taking measures to prevent fraud among
employees. The survey reveals 98 percent of respondents state it is
important to screen new employees, while 88 percent actually have
pre-employment screening procedures already in place. However, only 50
percent of respondents say they ran background checks on new suppliers and
contractors. Even fewer -- less than 20 percent -- conduct background
checks on new investors or franchisees.
Other survey findings support the fact that companies should have
procedures in place to prevent fraud. Most respondents report that fraud
was discovered by the company through internal mechanisms such as internal
audits and "whistle-blowers."
Inkster said that adequate firewall technology is available and that
"there is some excellent encryption software." However, he said that many
companies have not taken a hard enough look at their security arrangements
and are thus vulnerable.
He suggested companies conduct a "threat-risk analysis -- what their
assets are, where they stored, where they are vulnerable -- and build
their security network around the findings."
The KPMG survey polled chief executives of Canada's top 1,000 public
and private companies as ranked by the Financial Post newspaper. The
response rate was 21 percent.
Copies of the survey are available by phone from Stephen Schneider at
416-777-8465 or through KPMG's Web site at http://www.kpmg.ca
-o-
Subscribe: mail majordomo@sekurity.org with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
Received on Wed Jul 1 09:33:11 1998