hacking attacks and what they teach us

The recent attacks on major retailers have made it clear: The pace of cybercrime and online fraud is accelerating, costing consumers and small business owners more each year.

According to the 2013 Cost of Cyber Crime Study, which was conducted by Ponemon Institute, LLC, the average annualized cost of cybercrime for the 60 U.S. organizations that participated in the study was $11.6 million, nearly 78% more than the cost estimated in the first analysis conducted 4 years ago. What’s more, small organizations in the study incurred a significantly higher per capita cost for cybercrime ($1,564) than larger organizations ($371). It took an average of 32 days for the cyber attacks reported in the study to be resolved, during which time the organizations lost an average of more than $32,000 per day.

In addition, three out of four companies that responded to the 2014 U.S. State of Cybercrime Survey, which was co-sponsored by PricewaterhouseCoopers LLP (PwC), said they had experienced at least one cybercrime security breach over the past year, with more than one-third saying that the number of security breaches increased in the past year over the previous year.

National Cyber Security Awareness Month

To raise awareness of the risks of cybercrime to consumers and businesses, the U.S. Department of Homeland Security (DHS) has designed October as National Cyber Security Awareness Month. “As a nation, we face constant cyber threats against our critical infrastructure and economy,” states the DHS on its website. “Since our way of life depends on critical infrastructure and the digital technology that operates it, cyber security is one of our country’s most important national security priorities.”

Specific events and resources designed to increase awareness of cyber security are planned for each week in October. Visit the National Cyber Security Awareness Month website to learn more about these events and how you can participate.

In the meantime, there are some things you can do right now to help protect your company from cybercrime. First, educate yourself on the different types of cybercrime that you might be vulnerable to. While cyber thieves have come up with numerous different scams and tricks, most of these fall under one of three main categories of cybercrime:

  1. Malware - This is the deliberate infection of corporate IT systems and computers with malicious software designed to wreak computer havoc and steal sensitive corporate information. Man-in-the-Browser (or MitB) attacks are a common malware infiltration: These install Trojans on corporate computers that are designed to capture and steal online banking credentials and other sensitive corporate information.

    New strains of malware are constantly being released, which makes staying ahead of cyber thieves difficult. More than 58 million new malware strains were released last year alone, and this is projected to top 100 million next year.

  2. Phishing - Most people are now aware of phishing attacks, in which emails usually from a supposed financial institution are sent asking for sensitive account access information so cyber thieves can wipe out bank accounts. A more sophisticated scam referred to as spear phishing sends highly targeted emails to people the thieves know already have a relationship with the supposed institution. This sometimes lures victims into letting down their guard and clicking on links that take them to bogus websites designed to capture sensitive information.
  3. Hacking - Good old-fashioned hacking is still alive and well. Hackers look for weak spots in IT systems and network defenses they can breach to steal sensitive company data and login credentials, like online banking user names and passwords. Back doors into corporate networks can inadvertently be opened to hackers via common programming languages like Adobe and Java, who then load stolen login credentials and other sensitive information into automated bots that are sent out to multiple online properties.

The Best Cybercrime Defense

The unfortunate reality is that even companies that are hyper diligent about cyber security probably can’t ensure 100 percent cybercrime protection, 100 percent of the time. If a sophisticated cyber thief wants to break into your system badly enough, he or she will probably be successful eventually.

So the key, many cybercrime experts say, is to make it so difficult to break into your system that cyber thieves move on to another less-protected company. The best way to do this is to implement multi-layered cybercrime defenses, including:

  • Encrypting all sensitive data that is stored and transmitted electronically.
  • Adopting a layered, rather than a single-point, approach to authentication to protect both sessions and transactions.
  • Using tools from your bank that can help prevent cybercrime, like token codes for wire transfers.
  • Dedicating a single computer in your office that is not used for personal email or web surfing to do your online banking, which will help protect your company against Trojans, viruses and denial of service attacks.
  • Setting up account activity notifications with your bank so you’re alerted via text or email whenever suspicious activity occurs on your accounts.
  • Changing your online banking and other online passwords regularly, making them difficult to guess, and never sharing them with anyone.

When it comes to cyber security, you can’t do it by yourself. All of your employees need to be made aware of the risks and dangers of cybercrime and trained in these and other cybercrime defense tactics. Working together as a team is the best way to guard your company against cybercrime and online fraud.

To discuss cybercrime and other fraud protection tools you can implement for your company, give us a call at (800) 773-7100 or contact us to request that a Relationship Manager contact you.

Also, please visit our Fraud Prevention Center for additional cyber security and fraud prevention tips and information.