If you want to make enterprise executives sweat, just whisper “security breach” in their ear.
While the widespread motive for data breaches remains financial winnings for the cyber criminals, it has lately been observed that there is a new shift in incentives — obtaining sensitive, private, and personal data. This compromised data can be used to manipulate organizations or individuals, and even to embarrass nations. Rest assured, beyond the immediate economic cost; data breaches can cause an incalculable loss in customer confidence.
There have been a total of 6,333 breaches from 2005 to July 12, 2016. And a total of 864,236,208 records has been compromised.
The cyber crimes of late show an upward trend in the number of data breaches.
Let us shed some light on few cyber security crimes of 2015:
In February, hackers had broken into Anthem’s servers and stolen over 37.5 million records that consisted of personal files and sensitive data. The compromised information contained social security numbers, names, emails, address, income data, etc. This type of hack is usually associated with theft done to sell personal information on the black market. The data breach had extended to various brands of Anthem (e.g. Anthem Blue Cross, Blue Cross, Blue Shield, etc.), which it uses to market the health plans. Over 78.8 million people’s personal information was affected. It is speculated that the hack was made possible, in no small part, due to the weaknesses in their own security system.
Highly confidential information was stolen over a period of few weeks, a whole month before the data breach was exposed. Anthem had offered free credit monitoring right after they realized the hack had happened. Additionally, Anthem advised people whose information was stolen to monitor their accounts and be wary.
When a cyber breach hit the mobile operator company T-Mobile, hackers stole personal data of over 15 million customers. This information breach included the theft of ‘encrypted’ social security numbers, names, driver’s licence numbers, passport numbers, birth dates, and addresses. Experian, a vendor that processes T-Mobile’s wireless carrier’s credit checks, saw a downfall in its shares by 1.3%.
The data breach was an outcome of unauthorized access to a server where T-mobile customer information was stored. The company’s data security protocols weren’t up to snuff to begin with, and the credit monitoring company has also had its share of problems with indirect data leakage.
After the revelation of the data breach, the company took steps to mitigate the adversities of the incident by removing the malware, increasing monitoring of affected systems, isolating affected servers, and working with lawsuits. T-mobile also cautioned its customers about emails and messages that could be used to gain their personal information for identity theft and other kinds of fraud.
In June 2015, Kaspersky Lab revealed that it had uncovered an infiltration in many of its internal systems. The attack was named Duqu 2.0, and was believed to be a nation-state-sponsored attack– which is a category of hackers who operate in cyber domains, who are directly employed by national government or from a crime entity employed by national government. This type of attack involves a malware which doesn’t write any files to disk, instead it exists in the affected computer’s memory, which made it relatively difficult to detect for a long time. The compromise of data included information on the company’s latest technologies, such as Anti-APT solutions and services, Kaspersky Security Network, Kaspersky’s Secure Operating System, and Kaspersky Fraud Prevention. The attack was aimed to snoop on investigations into other advanced targeted attacks. Other victims of this breach included venues and events with links to world power meetings(which included recent negotiations for an Iranian nuclear deal).
The malware was escalated using Microsoft Software Installer files, which are usually used by IT staff to install programs on computers. Kaspersky said that it was “certain” that its customers and partners remained safe.
The attack on JPMogran Chase, a well established household name, jeopardized accounts of 7 million small businesses and 76 million homes. JP Morgan Chase’s database of customers’ stored credit card details, as well as several other pieces of highly sensitive information. The attackers gained access to phone numbers, names, emails, passwords, and social security numbers. Though there was no fraud involving the use of the customer data, the hackers appeared to have attained a list of programs and applications that run on JPMorgan’s systems – which they could cross-check with known weaknesses in each program and application. What the company lacked was having multiple levels of passwords to access any database storing customer data. By the time the bank’s IT security team discovered the breach, attackers had already obtained the highest level of administrative access to dozens of the company’s servers.
After the disastrous attack, JPMorgan Chase was forced to refurbish its regulators, like the Federal Reserve, depending on the extent of the breach. Faced with rising threat of cybercrime, JPMorgan also said it plans to spend $250 mn on digital security yearly.
Even after acknowledging several thousands of cyber crimes and organizations making desperate attempts to secure themselves, why is online crime still on the rise?
Laws restricting digital crime vary globally. A majority of cybercrime is initiated across national borders. This makes solving it an intensely convoluted issue. International cooperation is extremely crucial to bring cyber criminals to justice, especially with the UN reporting that a third to half of all nations have a deficient legal framework to criminalize cyber crimes outside their country’s borders
Are you immune to cyber crime?
With over 1.5 million annual cyber attacks and expert predictions that this figure will only move upward, online crime is a real hazard for any organization.
Large and small to medium size businesses alike have a long hard uphill battle to fight against cyber attacks. Perhaps, one of the best defensive strategies an organization can implement is to engage an IT security expert, who can evaluate potential loopholes and threats to help secure your data and applications, as best as possible.