As Cybercrime Evolves… So Should We
Just as cyber defenses evolve, so do cyber criminals. They have made cyberattacks the fastest growing crime in the United States, and their attacks continue to become more sophisticated. When you pair this insight with our reliance on third party applications and cloud service providers, you understand that we’re more vulnerable than ever before.
The FBI’s Internet Crime Complaint Center (IC3) has been collecting complaints since 2000. According to the 2018 Internet Crime Report, cybercrime complaints in 2018 rose to 351,937 from 301,580 in 2017, a 16.7% increase. Financial losses in 2018 rose to $2.7 billion from $1.4 billion in 2017, a whopping 91% increase. Cybercrime is a burgeoning business model, and the financial success criminals have had is nothing short of spectacular. Attacks on email (phishing) lead the pack with the highest dollar adjusted losses of over $1.2 billion in 2018. Tech support fraud, payroll diversion, and extortion, often requesting bitcoin in payment, are also hot trends for hackers.
The fraud losses for financial institutions was so high that the IC3 setup a special unit in February of 2018 called the Recovery Asset Team (RAT) to streamline communication with financial institutions and assist FBI field offices with the recovery of funds for victims who made transfers to domestic accounts under fraudulent pretenses.Some of the leading industry reports highlight the cost, cause, and instances of cybercrime today.
The “2019 Verizon Data Breach Investigations Report” provides insight into the victims of data breaches, who is behind them, what tactics were utilized, and commonalities between attacks. 16% of the victims were breaches of public sector organizations, 15% of the breaches involved healthcare organizations, 10% were financial institutions, and 43% of the breaches involved small businesses. We’ll talk about the tactics and who perpetrated the attacks a bit later.
The “2018 Cost of a Data Breach Study: Global Overview,” sponsored by IBM Security and conducted by Ponemon Institute LLC, analyzed costs associated with data breaches. The study found that the highest per-capita cost of a breach occurred in the health industry sector, followed by the financial sector, and then the pharmaceutical sector. The average cost of a data breach and associated responses was $3.86 million. The average cost per lost or stolen record was $148, and the average number of lost or stolen records was 26,000. The study found that third party involvement in a breach, as well as extensive cloud migration, increases the cost of a breach. Organizations with a senior-level leader, such as a Chief Privacy Officer (CPO) or Chief Information Security Officer (CISO), directing efforts to protect customer information reduces customer turnover and the cost of a breach. Data breach costs are also reduced with high-functioning incident response teams and extensive use of encryption for data at rest and in transit. Insurance is an effective way to transfer some of the financial risk, but never the reputation risk.
How to Get Smarter
Simply put, we benefit when we think like a cyber-criminal and plan defenses around their tactics and attack methods. From leveraging threat intelligence to using computer modeling techniques, with the tools and data at our disposal, we can use an enlightened approach to security assessments to improve understanding of security posture and make more strategic security decisions. It’s an arms-race out there, and constant vigilance and evolving strategies are needed to win.