Hackers steal customer information and then demand money in return for not disclosing the compromise. How common is this scenario? A recent study shows that 17 of 100 companies surveyed have been so threatened, and many of those threats came from insiders. Almost a quarter of respondents said they would contact their legal department if so threatened, yet 59 percent were unsure whether their legal counsels were qualified to give advice (another 12 percent said they definitely were not). @ The Carnegie Mellon study, Enumerating and Reducing the Threat of Transnational Cyber Extortion against Small and Medium Size Organizations .
A Government Accountability Office report recommends that the Transportation Security Administration no longer fund its behavior detection programs because they are generally ineffective. Its meta-analysis of hundreds of studies found that the ability of human observers to accurately identify deceptive behavior based on behavioral cues is the same as or slightly better than chance.
The IT Risk/Reward Barometer, conducted by the nonprofit global association ISACA, examines the gaps between what people believe and what they do when it comes to the Internet and sharing information online. For example, people tend to fear that their information is at risk, but most continue to be careless with their passwords.