[BreachExchange] Why businesses must think like criminals to protect their data

Audrey McNeil audrey at riskbasedsecurity.com
Fri Apr 6 21:51:18 EDT 2018


https://www.computerweekly.com/opiion/Why-businesses-
must-think-like-criminals-to-protect-their-data


A jeweller’s most valuable items aren’t left in the window – they are
stored in a vault behind several levels of security. To protect their most
valuable data in the same way, businesses first need to know what cyber
criminals most want to steal.

Data is valuable and businesses need to do everything they can to ensure it
is all highly secure. To secure the data a business holds properly,
managers must understand what is most valuable to criminals and prioritise
their protection accordingly.

In the simplest sense, there are three main ways that cyber criminals use
stolen data to make money.

The first is the classic data heist. By stealing huge quantities of data,
hackers can sell large packages of information very quickly to the highest
bidder.

Those who buy their cyber loot will then unpick the package and use it in
different ways, often alongside other stolen information, to build
sophisticated frauds.

But because thefts of large amounts of data at once are often quickly
identified, the shelf life of the stolen information is very short – often
just a few days.

As well as making it as difficult as possible to steal information on this
scale, businesses also need to raise the alarm quickly to stop the data
being misused. This, in turn, limits the value of the heist and businesses
with a reputation for acting quickly become significantly less attractive
targets.

As the heist suggests, there is a black market for data whereby criminals
are happy to pay for information they can use to create more sophisticated
frauds. This is the second common way of making money out of stolen
information.

Lie in wait

By stealing passwords and other security details, criminals can break
unnoticed into other businesses’ systems and simply lie in wait for someone
to share bank details, or to reveal information that could be used to
create false identities.

This allows them to divert payments or apply for fraudulent loans.

These crimes leave less of a footprint, so the stolen information can often
retain its value for several months before the alarm is raised. Businesses
can respond, for example, by using multi-channel security systems that
cannot be accessed simply by stealing a password.

Finally, there are the low-and-slow fraudsters whose primary aim is to
avoid detection for as long as possible.

One example would be cyber criminals who target retailers by diverting
small numbers of deliveries from real customers to themselves.

As long as they steal only a small number of deliveries, the “lost” items
are not enough to raise the alarm and the criminals can carry on stealing
undetected for many months. Simply by identifying this as a threat,
would-be victims can set up alerts to spot the fraud earlier and intervene.

In each case, the data that criminals want to steal, and the warning signs
that businesses are looking for, are very different.

Better protection

So how do businesses use this knowledge to protect themselves better?

The first step is for managers to understand what data they hold is most
valuable.

For some, this might be the passwords consumers use to log in to their
site, knowing that people often use the same passwords elsewhere.

For others, the invoice data and bank details they hold for clients might
be significantly more valuable.

Knowing how criminals make money out of the type of data you hold is a good
start, but developing detailed and sophisticated priorities might require
more specialist advice.

The second step is to understand that cyber crime is not a problem that
firms can fix with one IT update, or by revisiting security every time data
breaches make the news.

Cyber criminals are constantly working to outwit their victims, and so
businesses need to see this as an ongoing battle where security is under
permanent review.

With that approach, and by knowing what is most valuable to criminals,
businesses can prioritise their resources to ensure that the crown jewels
of data they store are not only heavily protected, but under constant guard.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180406/70dfcbe2/attachment.html>


More information about the BreachExchange mailing list