Monday, May 16, 2005
Nearly Half of IT Decision Makers Surveyed Say Employees Have 'Fallen for the Phish'
SAN DIEGO, May 16 -- Websense, Inc. today announced the results of its Phishing Trends study, which is part of the company's annual Web@Work survey conducted by Harris Interactive. From February 21 to 28, 2005, 354 U.S. IT decision-makers who work for organizations with at least 100 employees were interviewed online and from February 28 to March 21, 2005, 500 U.S. employees who have internet access at work and who work for organizations with at least 100 employees were surveyed over the telephone on phishing and IT security in the workplace.
According to the survey, only one-third (33%) of employees polled said that they have heard of phishing. Similarly, 4% of employees surveyed admitted that they had "fallen for a phish" and clicked through a link to a phishing website at work. Conversely, 82% of IT decision- makers surveyed stated that their employees have received phishing attacks via email or instant messaging (IM). In addition, 45% of IT decision-makers surveyed who have had employees receive a phishing attack said that their employees did click through the URL on the phishing attack.
This discrepancy might suggest that employees have a difficult time deciphering whether a website accessed via a link in an email or instant message is legitimate or "spoofed" -- a fraudulent website that appears to be authentic. Not surprisingly, half (50%) of the IT decision-makers surveyed do not believe that employees can accurately identify phishing sites.
"Phishers are becoming more sophisticated in their deception techniques to lure employees to spoofed websites, as most employees cannot determine which is a valid site and which is a fake," said Dan Hubbard, senior director of security and technology research, and head of Websense Security Labs. "However, employees don't have to 'fall for the phish' and actually enter confidential information on a phishing website to be compromised. By simply clicking on a phishing URL, the site can install spyware, such as a malicious keylogger, on the employee's computer which has the ability to capture data such as network passwords or social security numbers without their knowledge."
Phishing is a relatively new phenomenon, but it is already viewed as an important security problem for IT decision-makers -- 32% of IT decision makers polled report that phishing attacks have caused security problems for their organizations in the past year. In addition, the majority of IT decision- makers surveyed do not feel their company is well protected from internet security threats, such as phishing attacks. Forty-three percent feel their company is only somewhat protected, and 14% feel their company is not very, or not at all, protected.
"Although the Websense survey shows that only four percent of employees admit to clicking on phishing URLs, this is actually a high number in the security community," says Brian Burke, research manager for security products at IDC. "It only takes one employee to click on a phishing site and accidentally give out confidential corporate data, customer records, network passwords, or trade secrets, to jeopardize an entire organizations' intellectual property."
To mitigate web-based threats such as phishing attacks, 60% of IT decision-makers surveyed reported they block executable programs (attachments) transmitted through email. However, only 14% said they block HTML within emails. Also, 47% of IT decision-makers surveyed said they block executables transmitted through IM, but only 24% indicated they block HTML within IM.
"Most organizations already prevent attachments coming in through email; however, HTML within emails is frequently left unblocked -- leaving employees vulnerable to attack from phishers hungry for confidential personal and company data," said Hubbard.
Websense Security Labs mines more than 50 million websites per day, searching for sites infected with malicious code, such as spyware and phishing sites. In fact, more than 13,000 infected sites were discovered in the first quarter of 2005 alone. Websense Security Labs researches today's advanced internet threats and delivers timely product and information updates to the security community and Websense customers to support them in making their infrastructure more secure.
2005 Phishing Trends Survey Results:
* PHISHING ATTACKS -- one-third (33%) of employees surveyed said that
they have heard of phishing, but only 4% said they had ever "fallen
for a phish" and clicked through a link to a phishing website at work.
However, half (50%) of IT decision-makers surveyed believe that
employees cannot accurately identify phishing sites. This may be the
case, as 82% of IT decision makers polled report their companies have
had employees receive a phishing attack via email or IM, and 45% of
these decision-makers polled said that employees did click through
* PROTECTION AGAINST PHISHING -- the majority of IT decision-makers
surveyed do not feel their company is well protected from internet
security threats, such as phishing attacks. Forty-three percent feel
their company is only somewhat protected, and 14% feel their company
is not very, or not at all, protected.
* SECURITY CONCERNS -- 32% of IT decision-makers surveyed believe that
phishing attacks have caused security problems for their organizations
in the past year. Spyware (65%), followed by employee use of
bandwidth-clogging applications, such as streaming media (42%), and
employee use of unlicensed/unsanctioned software (39%), were also
listed as security concerns.
* WHAT COMPANIES BLOCK -- when asked if they block executables and/or
HTML, 60% of IT decision-makers surveyed said they block executable
programs transmitted through email, but only 14% said they block HTML
within emails. Likewise, 47% said they block executables transmitted
through IM, but only 24% indicated they block HTML within IM. 47% of
IT decision-makers surveyed report that their companies block
executables transmitted through the internet.
* PHISHING EDUCATION -- the most popular sources of education for IT
decision-makers to learn about new web-based threats, such as the
latest phishing attack, are online media (44%) and security
* INTERNET SECURITY TRAINING -- 58% of IT decision-makers surveyed have
either an internet security awareness program, or an internet security
training program, or both. Larger companies tend to do more in terms
of internet security -- of those IT decision makers surveyed, fully
half (50%) of those who work for mid-sized companies (defined as
companies with 100-500 employees) said they do not have any sort of
security awareness or training program versus 36% of those who work
for large companies (501-1,000 employees) and 29% of those who work
for very large companies (1,001 or more employees).
About the Web@Work Survey
Web@Work is a comprehensive annual survey of internet and application usage in the workplace. By surveying both employees and IT decision-makers, the study reveals unique insights on employees' surfing habits as well as IT decision-makers' perspective on the top network problems facing today's organizations. Web@Work is commissioned by Websense, Inc. and conducted by Harris Interactive. This is the sixth annual Web@Work survey.
Data for these surveys were collected by Harris Interactive on behalf of Websense. Harris Interactive is solely responsible for the online and telephone data collected and Websense is responsible for the data analysis. Both parties collaborated on the survey questionnaire.
The employee survey was conducted by telephone within the United States between February 28 and March 21, 2005 among a nationwide cross sample of 500 adults aged 18+ who have Internet access at work and work at a company with at least 100 employees. The IT decision-makers survey was conducted online within the United States between February 21 and 28, 2005, among a nationwide cross section of 354 IT decision-makers in companies with more than 100 employees. Data are not weighted and are representative of those employees and IT decision-makers surveyed.
The New York Times Announces TimesSelect - New Online Offering to Launch in September
While most of the news, features and multi-media on NYTimes.com will remain free and available to users, the work of Op-Ed columnists and some of the best known voices from the news side of The Times and The International Herald Tribune (IHT) will be available only to TimesSelect subscribers beginning in September. Home-delivery subscribers will automatically receive TimesSelect as part of their benefits. TimesSelect will be priced at $49.95 for an annual subscription.
This offering marks an important step forward in the Company's overall digital strategy. Since the Times Company launched its digital operations in the mid 90s, it has had three business objectives for them - profitability, scale and revenue diversification. In 2001 the Company's digital properties achieved profitability and earlier this year, the acquisition of About, Inc. increased their scale.
TimesSelect's features include:
-- Special Voices - Access to some of the most influential and insightful voices today, including David Brooks, Maureen Dowd, Tom Friedman, Bob Herbert, Nicholas Kristof, Paul Krugman, Frank Rich, John Tierney, Dave Anderson, Peter Applebome, Harvey Araton, Dan Barry, Clyde Haberman, Gretchen Morgenson, Joe Nocera, Floyd Norris, Joyce Purnick, William Rhoden, Selena Roberts, George Vescey, Roger Cohen, and John Vinocur.
-- TimesPast - Easy and in-depth access to The Times's extensive archives.
-- Exclusive Multi-Media - Unique features for TimesSelect subscribers including audio and photo essays, video and podcasts.
-- TimesFile - A new tool that helps readers tag and organize articles from The Times.
-- Ahead of The Times - A first look at articles that will appear in sections such as Real Estate, The New York Times Magazine, Travel and Sunday Arts.
-- TimesNewstracker - An e-mail alert that enables readers to track news important to them. This successful product is currently sold separately but will be included as part of this new suite of benefits.
Silent 'Piano Man' poses beach riddle
LONDON (Reuters) - A smartly dressed man found wandering in a soaking wet suit near an English beach has baffled police and care workers after he refused to say a word and then gave a virtuoso piano performance.
The man, wearing a formal black suit and tie, was spotted by police in Kent on April 8 and taken to a psychiatric unit where it proved impossible to identify him because he stayed silent.
It was only after he was given a pen and paper that care-givers were given an intriguing clue to his possible background when he drew an intricate picture of a grand piano.
He was taken to the hospital's chapel where he played classical music on the piano for hours.
National Alert Registry Launches RegisteredOffendersList.org to Provide Information on Registered Sex Offenders
In addition to information on how to protect children from sexual predators, www.RegisteredOffendersList.org provides easy access to detailed information about the locations of registered sex offenders across the country through its "Predator Report" service.
The Predator Reports, also available at www.NationalAlertRegistry.com, provide concerned individuals with names, photos, appearance details, aliases, conviction information, offense dates, detailed maps and the street addresses of registered sex offenders who live in the subscriber's immediate area. The National Alert Registry also provides a "Red Alert" service that notifies subscribers by email when new offenders move into their neighborhood.
"Research shows that one in three girls and one in six boys will become a victim to a sexual predator, and people just aren't taking the adequate precautions to protect them," said Scott Adams, director of the National Alert Registry. "We felt it was important to provide a reliable and accurate medium for parents to become educated and aware of the possible threats in their area. With this knowledge, they can better safeguard their children and hopefully prevent more occurrences of sexual assault."
To ensure parents and concerned individuals are provided with the most accurate information possible, the Predator Report database (with listings of registered sex offenders in every state) is updated at least once a month. Information obtained from RegisteredOffendersList.org should not be used to harass, threaten or intimidate sex offenders or their families, and the misuse of this information can result in criminal prosecution or civil liability.
"Our goal is to increase awareness of the issue of child predation and protect more children," Adams said. "Many people will be surprised by just how many registered sex offenders live in close proximity to their homes, schools and communities."
Parents and other responsible adults can run a free ZIP code-targeted search for the number of registered sexual offenders in their neighborhood by visiting: http://www.RegisteredOffendersList.org. A complete report of sexual offenders within a three-mile radius of a resident's home can be purchased for $10. Concerned parents can also purchase the Red Alert service that will notify them monthly of any new registered offenders that move into their neighborhood. The Red Alert service is available at a subscription rate of $4.95 per month.
To get your Predator Report please visit:
Plextor Ships New Low Cost 16X DVD Burner
The PX-740A delivers state-of-the-art recording speeds of 8X DVD+R Double-Layer (DL) and 4X DVD-R Dual Layer (DL) DVD (8.5 GB), as well as 16X DVD+/-R on recommended single-layer DVD media. The internal drive features an ATA/ATAPI-5 (EIDE) interface for broad based PC-compatibility. Burst data transfer rates for the internal drive are 16.7 MB/sec for PIO Mode-4, 16.7 MB/sec for DMA-2, and 33.3 MB/sec for Ultra DMA33. A short drive length of 6.99-inches accommodates small form-factor PCs.
Plextor PX-740A Series DVD+/-R/RW Drive
The Plextor PX-740A Series drive is a highly versatile 10-in-1 DVD/CD burner that supports 8X DVD+R DL, 4X DVD-R DL, and 16X DVD+/-R Writing; 8X DVD+RW and 6X DVD-RW Rewriting; and 16X max DVD-Reading; as well as high-speed 48X CD-R Writing, 32X CD-RW Rewriting, and 48X max CD-Reading.
The PX-740A drive has a 2 MB buffer and features Buffer Underrun Proof Technology to prevent buffer underrun errors and allow multi-tasking. Lossless Linking/Zero Link technology enables users to perform basic editing tasks directly on the DVD disc.