[BreachExchange] 2019 is the year we discover the true cost of poor data protection
Audrey McNeil
audrey at riskbasedsecurity.com
Fri Jan 25 18:42:20 EST 2019
https://www.techradar.com/news/2019-is-the-year-we-discover-the-true-cost-of-poor-data-protection
Data breaches affected more than one billion people in 2018, and that
number is only set to increase as hackers continue to develop new and
innovative ways of carrying out cyber theft.
As we near the first anniversary of its introduction, 2019 has already
become the year in which the first serious GDPR-related fine was handed
out. The £50 million penalty meted out to Google this month by French
regulator CNIL is no doubt a sign of things to come.
As such, data – how it is stored, analysed and applied – will be a key
theme for 2019, so understanding what is most valuable to criminals, and
prioritising protection accordingly will only become more important. Key to
prioritising which areas of your business you protect, is understanding how
hackers monetise data.
1. Data heist
By stealing huge quantities of data, hackers can sell large packages of
information very quickly to the highest bidder. Those who buy their
cyber-loot will then unpick the package and use it in different ways, often
alongside other stolen information, to build sophisticated frauds. But
because thefts of large amounts of data at once are often quickly
identified, the shelf-life of the stolen information is very short – often
just a few days.
As well as making it as difficult as possible to steal information on this
scale, businesses also need to raise the alarm quickly to stop that data
being misused. This in turn limits the value of the heist, and businesses
with a reputation for acting quickly become significantly less attractive
targets.
2. Using data for complex fraud
The second common way of making money out of stolen information is by
selling it on the black market. By stealing passwords and other security
details, criminals can break unnoticed into other businesses’ systems and
simply lie in wait for someone to share bank details, or to reveal
information that could be used to create false identities.
This allows them to divert payments or apply for fraudulent loans. These
crimes leave less of a footprint so the stolen information can retain its
value for months, giving the hacker plenty of opportunity to find
black-market buyers. Businesses can respond, for example, by using
multi-channel security systems that can’t be accessed simply by stealing a
password.
VPN services will protect your privacy. Check some of the best VPN out
there.
3. Low and slow fraud
Finally, there are the low-and-slow fraudsters whose primary aim is to
avoid detection for as long as possible. One example would be those
cybercriminals who target retailers by diverting small numbers of
deliveries from real customers to themselves.
Providing they only steal a small number of deliveries, the ‘lost’ items
aren’t enough to raise the alarm and the criminals can carry on stealing
undetected for many months. Simply by identifying this as a threat,
would-be victims can set up alerts to spot the fraud earlier and intervene.
Forewarned is forearmed
In each case, the data that criminals want to steal, and the warning signs
businesses are looking for, are very different. So how do businesses use
this knowledge to better protect themselves?
The first step is for managers to understand which data they hold is most
valuable. For some, this might be the passwords consumers use to log in to
their site, knowing that people often use the same passwords elsewhere. For
others, the invoice data and bank details they hold for clients might be
significantly more valuable.
The second step is to understand that cybercrime isn’t a problem you can
fix with one IT update, or by revisiting security every time data breaches
make the news. Cybercriminals are constantly working to outwit their
victims, and so businesses need to see this as an ongoing battle where
security is under permanent review.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20190125/6091871a/attachment.html>
More information about the BreachExchange
mailing list