Daily Archives: 11/12/2013

RAND Corporation Report: ‘Rates of PTSD twice as high in UK private security workers than military personnel’

According to a new report issued by the RAND Corporation, rates of post-traumatic stress disorder (PTSD) are much higher in private security contractors than in UK military personnel. The study also also identifies that private security workers are offered little psychological support.

The RAND Corporation has undertaken a survey-based study on the health and well-being of private military and security contractors (PMSCs) – the largest study to date to examine the physical and mental health status and health care use among PMSCs.

It’s also the first study of its kind to examine the issue among all PMSCs.

Findings suggest that PTSD rates are more than double for PMSCs compared to UK military personnel. Other key findings are that few private security organisations have psychological support mechanisms in place, but those that do fare better in terms of their contractors’ mental health.

The report points to the measures an organisation can take to mitigate these mental health risks, including the introduction of a peer support programme.

Rates of post-traumatic stress disorder (PTSD) are much higher in private security contractors than in UK military personnel

Rates of post-traumatic stress disorder (PTSD) are much higher in private security contractors than in UK military personnel

Important role in highly challenging conditions

Professor Neil Greenberg – an academic psychiatrist with King’s College London, leading UK expert in traumatic stress (including PTSD) and founder of psychological health consultancy March on Stress – commented: “I very much welcome the important work that the RAND Corporation has carried out to systematically examine the psychological health of private security contractors. The psychological health of this important occupational group has previously been under-researched given that its cohort performs an important role in highly challenging conditions.”

Greenberg continued: “As the report states, the majority of security contractors have previously served their nations in the Armed Forces and thus the public should rightly be interested in their mental health. The results of the research show clearly that those who work in the industry report more mental health problems than do their military counterparts who are still serving in the Armed Forces.”

The research also shows that many contractors report being poorly supported by the organisations who are making use of their services. Importantly, contractors who report receiving good support from their employers (in the form of specific trauma-related training or mental health briefings) enjoy better mental health.

Professor Neil Greenberg

Professor Neil Greenberg

Professor Greenberg went on to explain: “The results strongly suggest that security companies, and those who employ security companies, should do more to ensure that they mitigate the psychological risks associated with working in the industry. I also welcome the suggestions for further research into this topic to ensure that improved support provision is effective.”

The survey was open to contractors of all nationalities who had deployed on contract to an area of conflict at any point from 2011-2013, and covered topics such as military history, contractor work history, experience of working on contract in a conflict zone, health status, health care use and demographic information.

A full copy of the research is available on the RAND website via this link: http://www.rand.org/pubs/research_reports/RR420.html#key-findings

About March on Stress

March on Stress operates worldwide in close partnership with clients who typically place their people ‘in harm’s way’ – in security, media, Government, the oil and gas sector and the emergency services.

The company helps to build resilience by safeguarding the psychological well-being of those personnel through the prevention, detection and treatment of occupational and operational stress, including post-traumatic stress disorder (PTSD).

Established in 2001, March on Stress is a UK leader in Trauma Risk Management (TRiM) training and provides a menu of options of other first class psychological support services (including psychological monitoring)

Leave a comment

Filed under IFSECGlobal.com News

Kaspersky Lab “detects 315,000 new malicious files every day”

Kaspersky Lab’s Security Bulletin ‘Review of the Year’ shows that the overall global Internet threat level has grown by 6.9 percentage points. During 2013, 41.6% of user computers were attacked at least once.

In order to conduct all of these attacks, cyber criminals used 10,604,273 unique hosts (60.5% more than were used in 2012).

The USA and Russia are the leading hosts of malicious web resources. 45% of web attacks neutralised by Kaspersky Lab products were launched from these countries.

2013 also saw a further increase in security issues around mobiles, with a new level of maturity in terms of the sophistication and number of these threats. Most malicious mobile apps principally aimed to steal money and, subsequently, personal data. Android is still the main target, attracting a massive 98.05% of known malware.

Kaspersky Lab’s 2013 Security Bulletin focuses on the rise in malware throughout the year, especially that aimed at mobile devices

Kaspersky Lab’s 2013 Security Bulletin focuses on the rise in malware throughout the year, especially that aimed at mobile devices

Christian Funk, senior virus analyst at Kaspersky Lab, said: “There’s unlikely to be any slowing down in the development of malicious apps, especially for Android. To date, the majority of malware has been designed to gain access to the device. In the future, there’s also a high probability that the first mass worm for Android will appear. Android ticks all the boxes for cyber criminals. It’s a widely-used OS that is easy to use for both app developers and malware authors alike.”

Day-by-Day: the picture in 2013

Kaspersky Lab detects 315,000 new malicious files every day. Last year’s figure was 200,000 each day

Kaspersky Lab’s products repelled an average of 4,659,920 attacks on users every day when they were online

Twice as dangerous

The number of browser-based attacks over the last two years has almost doubled to 1,700,870,654

Kaspersky Lab detected 104,427 new modifications of malicious programs for mobile devices, which is 125% more than in 2012

In October 2013 alone, Kaspersky Lab saw 19,966 mobile malware new modifications. That’s 50% of the total that Kaspersky Lab found in the whole of 2012 uncovered in just a single month

Who’s at the highest risk?

Based on 2013’s figures, 15 countries can be assigned to a high risk group based on their risk level while surfing the Internet.

Russia, Austria, Germany, several former Soviet republics and several Asian countries had 41-60% of Kaspersky Lab users reporting attempted web attacks on their computers

Most popular vulnerable applications exploited by cyber criminals

90.52% of all detected attempts to exploit vulnerabilities targeted Oracle Java. These vulnerabilities are exploited in drive-by attacks conducted via the Internet, while new Java exploits are now present in many exploit packs.

Top malicious programs on the Internet

Seven of the Top 20 malicious programs on the Internet were threats that are blocked during attempted drive-by attacks. This is currently the most common attack method for web-based malware.

Kaspersky Lab’s ranking includes scripts that redirect to exploits as well as to the exploits themselves.

Villain of the Year

Obad, probably the most remarkable discovery in the mobile field in 2013, is distributed by multiple methods (including pre-established mobile botnets). This is probably the most versatile piece of mobile malware found to date, including a staggering total of three exploits: a backdoor, SMS Trojan and bot capabilities and further functionalities. This could be compared to a Swiss Army knife, as it comprises of a whole range of different tools.

Local threats

Kaspersky Lab products detected almost three billion malware attacks on user computers. A total of 1.8 million malicious and potentially unwanted programs were detected in these attacks.

The full Kaspersky Lab report is available to view on www.securelist.com

Leave a comment

Filed under IFSECGlobal.com News

Global security chiefs offer five recommendations for overhauling outdated information security processes

RSA has issued a Security for Business Innovation Council (SBIC) report on transforming outdated security processes in order to help neutralise cyber risks and threats. The Council’s report reveals how stronger collaboration between business process owners and security teams to identify and evaluate cyber risks can become a new source of competitive advantage.

RSA – the Security Division of EMC – has released the latest Security for Business Innovation Council (SBIC) report providing guidance as to how organisations can enable new competitive advantages in their business by transforming outdated and inflexible processes that govern the use and protection of information assets.

The report highlights key challenges, upgraded techniques and actionable recommendations that can be used to plan and build new processes designed to help organisations gain business advantage and more effectively manage cyber risks.

In this latest report – entitled: Transforming Information Security: Future-Proofing Processes – the Council observes that business groups within organisations are taking greater ownership of information risk management. However, outdated security processes are hindering business innovation and making it difficult to combat new cyber security risks.

The SBIC’s report outlines how improvements in security processes can make it easier for productivity and innovation to flourish within a business

The SBIC’s report outlines how improvements in security processes can make it easier for productivity and innovation to flourish within a business

The Council offers guidance calling for information security teams to collaborate more closely with functional business groups in order to establish new systems and processes that will help identify, evaluate and track cyber risks faster and with greater accuracy.

Areas for security process improvement

The new report spotlights areas ripe for security process improvement including risk measurement, business engagement, control assessments, third party risk assessments and threat detection.

The Council also offers five recommendations for how to move information security programs forward to help business groups exploit risk for competitive advantage. These recommendations are as follows:

Shift Focus from Technical Assets to Critical Business Processes
Expand beyond a technical, myopic view of protecting information assets and establish a broader picture of how the business uses information by working with business units to document critical business processes

Institute Business Estimates of Cyber Security Risks
Describe cyber security risks in hard-hitting, quantified business terms and integrate these business impact estimates into the risk advisory process

Establish Business-Centric Risk Assessments
Adopt automated tools for tracking information risks so business units can take an active hand in identifying danger and mitigating risks (and thus assume greater responsibility for security)

Set a Course for Evidence-Based Controls Assurance
Develop and document capabilities to amass data that proves the efficacy of controls on a continuous basis

Develop Informed Data Collection Techniques
Set a course for data architecture that can enhance visibility and enrich analytics. Consider the types of questions data analytics can answer in order to identify relevant sources of data

Download an infographic that highlights the Council’s five recommendations

The new report spotlights areas ripe for security process improvement including risk measurement, business engagement, control assessments, third-party risk assessments and threat detection

The new report spotlights areas ripe for security process improvement including risk measurement, business engagement, control assessments, third-party risk assessments and threat detection

Art Coviello, executive vice-president for EMC and executive chairman at RSA (The Security Division of EMC) commented: “For the enterprise to successfully innovate in today’s digital world, security teams must re-evaluate cyber risk management efforts, steering away from reactive, perimeter-based approaches that are inflexible and focus instead on proactive collaboration with the business. Updated processes as described by the Council can help organisations achieve a greater visibility of risk that can be harnessed to benefit the business.”

Dave Martin (vice-president and CISO at the EMC Corporation) added: “Documenting business processes has to be a collaborative effort so that there’s an accurate reflection of the risks to the system. We’ll never understand the business value of the information to the same degree as the business owner, and they’ll never understand the threats to the same degree as the security team.”

About the Security for Business Innovation Council

The Security for Business Innovation Council is a group of top security leaders from Global 1000 enterprises committed to advancing information security worldwide by sharing their diverse professional experiences and insights.

The Council produces periodic reports exploring information security’s central role in enabling business innovation.

This report is the second in a three-part series on building a next generation information security program. The first report was entitled: Transforming Information Security: How to Build a State-of-the Art Extended Team.

Contributors to this report include 19 security leaders from some of the largest global enterprises, including: ABN Amro, ADP Inc, Airtel, AstraZeneca, Coca-Cola, eBay, the EMC Corp, FedEx Corp, Fidelity Investments, HDFC Bank Ltd, HSBC Holdings plc, Intel, Johnson & Johnson, JP Morgan Chase, Nokia, SAP AG, TELUS, T-Mobile USA and Walmart.

Additional resource

RSA Blog: ‘Five Ways to Future-Proof Information Security Processes’ by Laura Robinson, chairman, SBIC

Leave a comment

Filed under IFSECGlobal.com News