29 Jul Why Is Targeted Data Theft on the Increase?
In the seedy underbelly of the dark web, stolen data is being exchanged for a surprising amount of money. Credit card details, bank records, social media account information, and even medical records now change hands at an unprecedented pace. As well as the people data theft affects, many organisations are spending vast sums of money to recover lost records, and that’s before they count the intangible costs incurred through lost customers and negative press coverage.
Horrifyingly, data theft is increasing by leaps and bounds. Cases are up 26% in the last 12 months, and that’s after an increase of 23% in the 12 months prior to that. Worse still is that 47% of breaches in an IBM study of data theft are malicious, targeted, criminal attacks.
So what is driving this and what can you do about it?
Customer Records in the Cloud
This is a simple fact of the online world, and it goes without saying that there are vulnerabilities inherent in this. From credit card details to loyalty cards, the information your customers provide is likely to be sitting on a cloud server.
In spite of the admirable security efforts of many organisations providing cloud software, the Cloud Security Alliance (CSA) still holds data theft as the number one risk associated with virtual environments. The conundrum here is that businesses become less agile when they use more than one virtual supplier, but also can expose their customers’ data to attack by keeping their eggs in one basket.
The only way around this is to be scrupulous in who you choose to provide your Cloud software.
Trading Criminal Secrets
You wouldn’t think that the underworld shares trade secrets, but that’s exactly what they do when it comes to data theft techniques.
Malware is constantly being developed, hackers are growing increasingly sophisticated, and criminal collaboration is rife. Organised crime syndicates pay malware developers and hackers handsomely for their skills, and this is resulting in stealthier malware that can remain undetected on even the most sophisticated of organisational systems.
The Enemy Within
For all the talk of how the economy is getting better, there are a lot of employees who aren’t seeing the dividends. Against this backdrop of austerity and increased negative rhetoric, your willingness to provide remote access software to each and every employee can create a perfect storm where data theft is simply too tempting to resist.
Corporate fraud has risen at all levels, so be vigilant when it comes to watching your employees and scrupulous about who you offer remote access. See remote access as a privilege that your employees must earn and only hand it to those you trust.
Old School Methods in Action
In 2013, customers of US retail giant Target were rocked by a data theft attack that was carried out with military precision. Although Target have been less than forthcoming with details, it appears that their multi-million dollar anti-hacking operation, which includes security monitoring from teams in Bangalore and Minneapolis, was no match for a crudely devised chunk of exfiltration software placed on their security and payments system.
The end result was one of the most successful card skimming scams in history, netting 40 million card numbers and 70 million pieces of personal information from 1,797 stores. When Target’s million pound anti-malware software was scrutinised, it showed that it had detected the attack and informed Bangalore, who in turn informed Minneapolis.
However, somewhere in the line of communication, things went awry. While Forbes suggests that customer numbers to Target have remained undamaged, they still had to face 90 lawsuits from customers and banks for negligence and damages.
Data theft is here to stay with annual figures making it obvious that it’s only going to get worse. While it’s tempting to point the finger at anti-malware software, cloud computing, and remote access technology, the onus truly relies on your organisation’s ability to be vigilant and scrupulous when choosing cloud providers and security personnel.
Furthermore, monitoring the online actions of staff members, investigating any anomalies or red flags, and being intelligent around those who can access your data is now essential. The criminals aren’t going anywhere. Your job is to make sure they don’t come for you.
For more information about how Tricostar can help you to keep your business’s data secure, please call 0208 292 2660 or contact us online.