 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
Pretexting: A Significant Threat that Requires Immediate Action
Organizations Lack Formalized Structure for Effective Prevention of Inbound and Outbound Risks
Cleveland, Ohio - November 27, 2006 - Axentis, the leading provider of governance, risk and compliance management solutions, announced today the results of its pretexting survey of over 100 GRC professionals. The results demonstrate that despite recent indictments and press coverage on the issue of pretexting, many companies do not have formalized programs which inform employees and business partners of their policies. While most companies have privacy training in place for employees that handle confidential information, a majority do not have specific training for business functions that are most likely to create exposures to pretexting. An even greater number of the companies surveyed lack specific programs for vendors, who not only have access to confidential information, but are often a risk for both inbound and outbound pretexting.
Key findings from the survey include:
- More than 51 percent of participants do not have corporate policies that specifically address pretexting
- Although over 80 percent of respondents train employees that hold or have access to sensitive or confidential information, close to 24 percent stated they did not train administrative personnel, individuals at the help desk, in customer service or in the market research department, with another 55 percent unable to provide a definitive answer
- Only 14 percent of participants stated that they had programs in place to address vendor practices around pretexting
Pretexting, the act of acquiring confidential information through fraudulent representation of one's identity, creates exposures on two sides; inbound, where companies fail to fully safeguard themselves against the pretexting tactics of others, and outbound, where they fail to effectively prevent the use of pretexting tactics by their employees and contractors. The survey results clearly demonstrate that many large global organizations lack the policies and programs required to address both sides of the pretexting issue.
According to panel participants, there are five core elements which will prevent pretexting exposure, both inbound and outbound. These include inventorying pretexting vulnerabilities, developing appropriate pretexting policies, comprehensively and appropriately educating and informing all necessary individuals within and beyond the enterprise about such policies, documenting all counter-pretexting activities and streamlining ongoing management of counter pretexting programs. For more information on establishing an effective pretexting program, download "Pretexting Prevention: Minimizing Inbound and Outbound Risks," co-authored by Matthew Leonard, CIPP and Senior Fellow of the Ponemon Institute, and Ted Frank, President and Co-founder, Axentis, Inc. The white paper can be downloaded from the following site: http://gw.vtrenz.net/?HTAJL5F09A=clicksrc:PR
The pretexting webcast and survey results can be accessed at: Pretexting Webcast and survey
About Axentis
Axentis delivers the only on-demand business performance optimization environment that empowers companies to turn governance, risk and compliance initiatives into better business performance and competitive advantage. With its unique software-as-a-service (SaaS) model, the Axentis Enterprise (Ae) Suite delivers a one-world view of the entire organization for better risk management, mitigation and compliance. Ae is easy-to-use and can be deployed quickly, delivering immediate impact and a quick return on investment (ROI). Axentis, which was recently named an industry leader and innovator by several leading analyst firms, touts over 700,000 users from leading Global 2000 companies including ADT and AstraZeneca Pharmaceuticals. Axentis is headquartered in Cleveland, Ohio with data centers in Boulder, Colorado and Basel, Switzerland. For more information, please visit http://www.axentis.com.
For Axentis
Doug Fraim
781-487-4621
dfraim@racepointgroup.com
