Tuck study shows risks of information leaks in the U.S. banking sector
FOR IMMEDIATE RELEASE—June 4, 2007
CONTACT: Kim Keating, 603-646-2733
HANOVER, N.H.—A new study from the Tuck School of Business at Dartmouth highlights the new risks banks face from inadvertent disclosures of sensitive information on the Internet. As part of a year-long effort, the study, led by Tuck's Center for Digital Strategies, demonstrates how sensitive bank information—including customer information and internal business documents—is leaking from the institutions, their suppliers, and customers. The researchers also show that criminals are aggressively pursuing this sensitive data, and that large banks, such as Bank of American and Citibank, are particularly vulnerable to information leaks.
On June 7, Professor M. Eric Johnson and Senior Research Fellow Scott Dynes will present results from the study, entitled "Inadvertent Disclosure—Information Leaks in the Extended Enterprise," at the Sixth Workshop on the Economics of Information Security (WEIS 2007), taking place at the Heinz School at Carnegie Mellon University. The study was conducted in conjunction with the information risk management firm Tiversa.
"While hackers regularly penetrate poorly secured networks and devices, many of the large recent security breaches were not technical break-ins, but rather inadvertent disclosures, sensitive information mistakenly posted on the web," says Johnson, who is director of the Center for Digital Strategies.
The study, funded in part by the Department of Homeland Security's support for the Institute for Information Infrastructure Protection (I3P), examines the vulnerability for large financial firms to these inadvertent disclosures, particularly through peer-to-peer file sharing networks. Focusing on the top 30 U.S. banks, the authors captured user-issued search information on these institutions, analyzed tens of thousands of relevant searches, and found an astonishing number of searches targeted to uncover sensitive documents and data—including employee training manuals, résumés, performance reviews, internal policies and procedure, and bank invoices, as well as auditing evaluations and customer documents. Many of the documents found contained enough information to commit fraud or identity theft.
The study shows that both the vulnerability and the threat are driven by institution size, with large firms having to work much harder to control these leaks than do small firms. The authors recommend solutions including employee and customer education, new measurement techniques, and monitoring to gauge progress and compare firm performance with peers.
The Center for Digital Strategies at the Tuck School promotes the development and practice of digital strategies—the use of technology-enabled processes to harness an organization's unique competencies, support its business strategy, and drive competitive advantage. The center addresses issues throughout the extended enterprise, including globalization, organizational change, and information security.
For more information about this and other center's research projects, contact the Center for Digital Strategies at 603-646-0899 or visit the center's website.
Founded in 1900, Tuck is the first graduate school of management and consistently ranks among the top business schools worldwide. Tuck remains distinctive among the world's great business schools by combining human scale with global reach, rigorous coursework with experiences requiring teamwork, and valued traditions with innovation.
|
