Risk consulting

An ethical investigation into cyber security across the Forbes 2000.

Tags: KPMG International
  • E-Mail
Risk consulting
By  Georgina Enzer Published  March 18, 2013

An ethical investigation into cyber security across the Forbes 2000.

With so many cyber attacks in the news recently, executives are becoming increasingly concerned about their organisation’s exposure to hackers.

And so they should. According to KPMG research, more than three-quarters of the Forbes 2000 companies leak potentially dangerous data. The sources of this information are varied and widespread.

Some are within the direct control of the corporation (websites, documents and web servers) and – with effort – can be directly addressed. Other channels such as popular search engines and forums, are outside of the usual enterprise security curtain and pose a much more complex challenge. Interestingly, many of the sectors that normally display exceptionally strong cyber security controls seem to be at the highest risk, namely banks, financial services and telecoms companies.

The problem is also not unique to one region or market type in particular. Indeed, looking at the ‘Heat Map’ of global information leakage across the Forbes 2000, higher-risk countries span both the developed world (US, Switzerland, Japan, and Germany to name a few) and the emerging markets (such as Brazil, Thailand and Saudi Arabia), according to KPMG.

What is meta-data?
Document meta-data is information ‘about’ a document, or information on its properties. It often informs who created a document, when and where on a device or network.

What is the risk?
When serving test, upload or hidden functionality, many companies face the associated risk of cyber attackers defacing websites, or assuming control of these sites. Cyber attackers may also use this newly gained functionality to inject malware into the sites which will infect all subsequent visitors of those sites.

71% of the Forbes 2000 companies may be using potentially vulnerable and out-dated versions of Microsoft and Adobe software

15% of the Forbes 2000 corporate websites offer hackers access to test functionality and private login portals that potentially allow file upload apabilities

78% of the Forbes 2000 companies corporate websites leak some form of potentially useful information through document meta-data

Top 10 information leaking sectors:
- Banking 30%
- Diversified financials 12%
- Materials 10%
- Telecoms services 8%
- Utilities services 8%
- Technology hardware 8%
- Media 6%
- Construction 6%
- Oil & Gas operations 6%
- Insurance 6%

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code