[BreachExchange] Something wicked this way comes; the cyber security issues that scare people most
Audrey McNeil
audrey at riskbasedsecurity.com
Thu Oct 27 20:14:17 EDT 2016
http://opensources.info/something-wicked-this-way-comeshellip-the-cyber-
security-issues-that-scare-people-most/
“There is a time to take counsel of your fears,” General George S. Patton
once famously said. Halloween marks the end of National Cyber Security
Awareness Month (NCSAM). Let’s make this the time to take counsel of the
cyber security fears that keep us up at night.
We asked more than 250 business professionals from across the country to
share their concerns. Their answers seem influenced by recent headlines,
the pending election, and the coming shopping season.
Biggest concern for business: hackers
More than half (52 percent) of respondents pointed to foreign hackers and
domestic “hacktivists” as the greatest threat to US businesses. Recent
discoveries and headlines about Russian and Chinese hackers feed an already
charged atmosphere heading into the November elections.
What we should worry about: insiders
Do malicious outsiders really pose the biggest IT risk to companies?
Numerous data breach reports and studies indicate otherwise.
According to a recent study conducted by Ponemon Institute [PDF], negligent
insiders are more than twice as likely to cause a data breach as external
culprits.
Biggest concern for consumers: identity theft
Heading into the holiday shopping season, three of the top four cyber
security worries for individuals who responded to the Authentic8 survey
were related to criminals stealing their identity: identity theft (80
percent), credit cards theft (78 percent), and phishing (66 percent).
Even an emotionally charged topic like surveillance seems to be less of a
concern for business professionals. 59 percent were concerned about privacy
violations and only 33 percent worried about government surveillance.
What we should worry about: malware
ID theft or phishing are merely abstract concepts for many consumers. Such
schemes are hard to spot, which is exactly why they are so successful.
Malware is what makes them all work. Cyber criminals rely on malicious
software, such as password-stealing keyloggers, to pull off their scams and
heists. Malware like Zeus or Dyre can steal banking usernames and
passwords. Such stealthy programs can cause major data breaches that result
in millions of credit cards being stolen over the course of months or years.
Most at risk: government, banks?
60 percent of respondents think the government and banks are the biggest
targets for hackers — 30 percent see Government agencies, another 30
percent the Finance sector most at risk of a cyber attack.
Makes sense, doesn’t it? The government runs the country and controls vital
information, and banks are where the money is, to paraphrase “Slick” Willie
Sutton. The data breach at the federal Office of Personnel Management (OPM)
alone affected more than 22 million federal employees and their families.
What we should worry about: healthcare and retail
Banks and government agencies make it increasingly difficult for hackers to
infiltrate their IT. Because of the efforts required, healthcare
organizations and retailers are a much more lucrative target.
That means that health insurance networks, hospitals, retail chains and
restaurants are much more likely to experience major data breaches, with
often devastating impact for patients, customers or patrons.
Highly visible consumer brands are frequently targeted by cyber crime
syndicates, because they have access to the credit card information of tens
of millions of people. Recent examples include Target and Wendy’s. Personal
health information (PHI) stolen from healthcare providers can be used for
medical identity theft and insurance fraud.
Such incidents can lead to financial losses for the victims, and even
damage their health.
Victims of medical ID theft have to pay more than $ 13,000 on average to
get their life back. Some are even denied medical care, due to unpaid bills
run up by someone else in their name.
What can you do? Fight back based on facts, instead of fear.
Which brings us to the second part of the General Patton quote: “…and there
is a time to never listen to any fear”.
Now that Cyber Security Awareness Month is almost behind us, with ample
opportunity to take counsel of our fears, let’s take action.
It’s okay to be scared on Halloween. But when working away at your
computer, don’t listen to diffuse fears of data vampires lurking in the
Dark Web, or digital zombies. Instead, push back Patton-style, based on the
facts.
As pointed out earlier, the real threats are often mundane and overlooked.
The good news is that they, unlike some bogeyman in the shadows, can be
dealt with.
Professionals should take to heart the basics: upgrade your passwords,
monitor your accounts, and keep your software up-to-date, especially your
browser.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20161027/829dabad/attachment.html>
More information about the BreachExchange
mailing list