Cyber crimes and data breaches have become far too widespread in the recent times. Technological progress has taken the risk to new levels, with newer techniques to exploit vulnerable organizations, corporations and governments being discovered every day.
The global economic crime survey report for 2016 ranked cyber crime as the second most reported economic crime during the year. But some question remains about how under reported cyber crime is, particularly hacking. In some instances companies do not seem to even know they were hacked until well after the fact, and in other cases great effort is expended to keep such events secret, or at least minimized in significance.
A considerable number of organizational respondents to the survey, approximately 32%, reported being affected by cyber crime. Nearly 34% felt that they would be affected within the next 2 years. While 61% of the top executives feared cyber attacks, only 37% of organizations claimed to have a cyber incident response plan in place. Obviously, this represents a significant disconnect between the level of fear and the level of preparedness in the industry.
Perhaps the problem with the level of preparedness is that many continue to think that a cyber attack will not happen to them. Such a view is hard to understand given that some of the biggest organizations in the world have been victimized by cyber crimes in the recent years. For example:
- Internet giant Google’s corporate servers were hacked in China for the procurement of intellectual property in 2009
- In 2014, fraudsters hacked into the company server of Home Depot, one of the well-known home improvement retailers in United States. They exposed data from over 50 million credit cards using malwares.
- JP Morgan Chase saw a massive data breach of 76 million household users and 7 million small businesses. The thieves apparently cashed on the stock profits by manipulating its prices and sending fake emails to the customers for investments.
- Two major data breach revelations were made by Yahoo in September 2016. According to the report, over a billion Yahoo! users’ data was compromised in August 2013, and at least 500 million user data was exposed in 2014.
- In 2015, millions of customer data was stolen from health care companies for insurance and medical information. Amongst the worst hit were – Anthem with 79 million, Premera Blue Cross with over 11 million and CareFirst BlueCross BlueShield with almost a million of compromised data.
- Identity thieves stole over 700,000 social security numbers from the U.S. Internal Revenue Service (IRS) in 2015.
- In 2016, 21.5 million public records were exposed in one of the largest government data breach, in the U.S Office of Personnel Management (OPM), due to ‘outdated technology’.
- Wikileaks, known for publishing secret information, had exposed a series of emails taken from the servers of Democratic National Committee that contained sensitive financial data on high profile donors to Hillary Clinton’s campaign. The disclosure may have impacted the U.S Presidential election in 2016.
- A cyber attack called a ‘distributed denial of service (DDOS)’ shut down several popular sites like Paypal, Twitter, Netflix and Spotify. The attackers seemingly, utilized common Internet devices like baby monitors and digital recorders to bombard the sites with requests coming from millions of Internet addresses.
Looking at these instances, the state of affairs certainly looks gloomier. However, this information should not act as a deterrent to investing in cyber security. Instead, the threat of cyber attacks is very real and should provoke companies to increasingly take security more seriously in the coming years.
The security situation has improved, with organizations today adopting cutting-edge tools and platforms that help them to interact with customers and internal surveillance teams in real time. But the need of the hour is the adoption of a collaborative and consistent approach.
Moving forward, targeted organizations and corporations must seek out and then actually implement the recommendations of security professionals and cyber security teams. Deployment of an in-house risk management group can also significantly help. They anticipate the measure of insecurity, assess the efficacy of counter resources and guide towards identifying and addressing potential risks. The team can focus on progressive trends and new technologies, and the erring side of a new technology should be the focal point in order to ascertain the exploitable areas.
Businesses having a versatile portfolio of product and services should also refrain from investing too heavily, or at least too quickly, in multi-channels. While profitability must always be a concern, the issue here is expanding before truly getting a handle on the scope of the security risks associated with offerings, particularly new offerings or updated offerings. The spotlight should be creation of a fail-safe and a robust product than to make the offerings wide-ranging.
Any plans to expand a businesses visibility, such as with respect to having or increasing a mobile presence, should involve reliance on robust platforms, strong architectural guidelines and trustworthy developers. Data security is equally imperative for apps Similarly, employees holding critical access should be at least educated on social engineering threats and the appropriate use of social media. Indeed, it is now no longer important to just educate employees on what may be patentable, what should be kept as a trade secret and how, but also on how hackers operate and engage in a variety of tactics, including tried and true low-tech strategies such as social engineer.
While businesses and organizations across the global remain exposed to cyber crime, the criminals must not recognize it as a happy hunting ground. Government, cyber security professionals, law enforcement agencies and organizations themselves must work together in responsible ways, taking responsibility for what each can accomplish to minimize future attacks.