Cybercrime… does it affect your business or you, personally? These series of
Q & A from Wade Baker, director of risk intelligence at Verizon and principal author of the 2011 Data Breach Investigations Report , offers some interesting insights. To see key findings, get access to the full DBIR report, listen to an audio podcast on this topic or to see additional graphs click this link.
Q: For those that aren’t familiar with the report, what is the Data Breach Investigation Report?
A: It is an annual study into the world of cybercrime that analyzes computer forensics to uncover how sensitive data is stolen from organizations, who’s doing it, why they’re doing it, and, of course, what might be done to prevent it.
And this year, we have the privilege of working with the U.S. Secret Service and the Dutch High Tech Crime Unit, which drastically increases the scope and depth of the report.
Q: What were the major findings from investigations during the past year?
A: In 2010, we analyzed more incidents than ever in which consumer data – payment cards, bank accounts, personal information, etc – was stolen. And cybercriminals appear to be changing the way they accomplish this. Rather than massive breaches against large organizations like we’ve seen in the past, we saw a huge number of lighter, faster, and more surgical strikes against smaller organizations. Since many of the criminals behind those larger thefts are in jail, this trend may represent a tactical shift toward less risky and lower-hanging fruit.
Q: It sounds as though you are suggesting that cybercriminals are pretty organized and savvy – is that true?
A: Absolutely. What many don’t realize is that there’s a very well-organized criminal underworld build around data theft and fraud. They want your information because they can sell it for profit or drain your bank account, make fraudulent purchases, conduct identity theft and all manner of evil. It’s definitely a business for them.
Q: How do these groups steal information and who is vulnerable?
A: Not to sound overly-dramatic, but they’ll use any tactic that works and pretty much anyone is vulnerable. We see everything from hacking into corporate networks, tricking employees, bribing insiders, and even physical theft and tampering. Some of these attacks are very sophisticated, but most of them less so than you might think. You’d be surprised at the kind of stuff used to successfully steal data from corporations and part of the value of this report is identifying what kinds of attacks occur most often and are therefore most critical to combat.
Q: Speaking of combating cybercrime – what are your top recommendations to businesses?
A: After studying thousands of data breaches, I can say with confidence that the overwhelming majority of them are avoidable through relatively basic countermeasures – ones that the victims probably thought were in place. Therefore, the most useful thing organizations can do is to implement procedures to check and recheck and even triple check that they are actually doing what they intend to do consistently and comprehensively.
Next, organizations need to increase their visibility into what occurs in their networks, systems, and applications. It usually takes a very long time for victims to know they’ve been breached and it is usually someone else that tells them about it. This is evidence of very poor situational awareness and that really needs to improve.
Q: And in similar fashion, what would you recommend to consumers?
A: Without a doubt, the most important tip I have is to be aware.
First, be aware of what MIGHT happen. Understand the risks doing business in the online and offline worlds. A lot of people ask me if I’m afraid of buying things online and my answer is always “No – but I am definitely wary of it and act accordingly.”
Second, be aware of what HAS happened. Check your bank and credit card statements. Monitor your credit. If you see something out of place, look into it. This is very important and can save you huge headaches and expense.
Third, use a credit card rather than a debit card when possible. There’s nothing wrong with debit cards per se, but there’s typically less risk to you if your CC# is stolen than your debit card.
Fourth, be stingy with your personal information. Don’t give or store more than you need or want to. For instance, I opt out of storing my CC# when making a purchase online unless I buy from that site frequently. The way I see it, the fewer entities that have my information, the less likely it is to be compromised.
Five – When using an ATM, gas pump, or any public payment kiosk, look for signs of tampering or components that don’t belong. These are common targets for thieves trying steal your payment card info and PIN.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.