Canadian Survey Finds Firms Vulnerable To Internet ... 

 CANADA, TORONTO, ONTARIO, 1998 JUN 30 (Newsbytes) -- By Martin Stone, 
Newsbytes. A survey conducted by one of the world's largest security  firms
has disclosed that, despite concerns among business leaders that  the
Internet is not a secure way to send information, it is still  widely used
by Canadian companies to do just that. 
   According to security and investigation organization KPMG's 7th  annual
Canadian Fraud Survey Report, which polls the chief executives  of Canada's
top 1,000 companies on fraud and corporate security, only  11 percent of
respondents believe that the Internet is a secure way to  send information.

   However, the study shows 43 percent stated their company uses the 
Internet to transmit sensitive or private information, anyway. 

   For the first time in its seven-year history, KPMG's Fraud Survey  asked
about the security measures for computers and the transmittal of 
information by Canada's largest companies. Inkster points to warning  signs
from the results that indicate that Canadian businesses are  vulnerable to
fraud through the Internet. "I believe that business  leaders are putting
their companies at risk," he said. "Eighty-two  percent of respondents
consider their computer systems to be a  potential security risk for fraud.
But less than half reported using  security measures when transmitting
information over the phones or  Internet." 
   Inkster said that many companies don't realize that when you are  hooked
up to the Internet, the Internet is hooked up to you. "It's a  two-way
street," he said, "and you need adequate firewall protection." 
   Another of the survey's major findings is that 57 percent of all 
respondents admitted that their firm had been a victim of fraud. 
   Also, 47 percent of respondents believe that fraud will increase in 
1998. This number rose to 62 percent within the financial services  sector.
When asked for a reason why fraud would increase, over half of  the survey
participants blamed regulatory deficiencies. 
   However, less than five percent attributed the problem to a lack of 
government intervention. "One of the conclusions that I think we can  draw
from these results is that many business leaders blame the  increase in
fraud on the lack of self-regulation in their industries,"  Inkster
concluded. "They don't want government regulation, but they  recognize the
need to take responsibility for fraud prevention." 
   While fraud techniques may be more sophisticated, the source appears  to
be the same as recorded by KPMG surveys in previous years.  Overwhelmingly,
the greatest single source of fraud, according to  respondents, is their
company's own employees. Seventy-seven percent of  respondents cited their
employees as the principal source of fraud.  Customers were considered by
respondents to be the second highest  source. 
   The most common types of fraud perpetrated by employees included 

[snip..]

   The study also queried respondents on their vulnerability to money 
laundering. Only 14 percent of survey participants stated they had been 
impacted by this illegal activity. However, almost half the firms  admitted
they accept forms of payment that make them vulnerable to  money
laundering. 
   Moreover, 83 percent of respondents acknowledged they do not conduct 
background checks on investors. Vulnerability to money laundering was 
highest in the financial services sector. Fifty-nine percent of 
respondents from this sector believe their company is affected by 
international money laundering, while 56 percent accept forms of  payment
that make them vulnerable to money laundering. 
   Companies are, however, taking measures to prevent fraud among 
employees. The survey reveals 98 percent of respondents state it is 
important to screen new employees, while 88 percent actually have 
pre-employment screening procedures already in place. However, only 50 
percent of respondents say they ran background checks on new suppliers  and
contractors. Even fewer -- less than 20 percent -- conduct  background
checks on new investors or franchisees. 
   Other survey findings support the fact that companies should have 
procedures in place to prevent fraud. Most respondents report that  fraud
was discovered by the company through internal mechanisms such as  internal
audits and "whistle-blowers." 
   Inkster said that adequate firewall technology is available and that 
"there is some excellent encryption software." However, he said that  many
companies have not taken a hard enough look at their security  arrangements
and are thus vulnerable. 
   He suggested companies conduct a "threat-risk analysis -- what their 
assets are, where they stored, where they are vulnerable -- and build 
their security network around the findings." 
   The KPMG survey polled chief executives of Canada's top 1,000 public 
and private companies as ranked by the Financial Post newspaper. The 
response rate was 21 percent. 
   Copies of the survey are available by phone from Stephen Schneider at 
416-777-8465 or through KPMG's Web site at http://www.kpmg.ca