The power of ten - enterpriseinnovation.net

BACKPAGE ROBERT CLARKHow to avoid being a cyber victimRobert Clark analyzes the changing economics of stolen dataIthey licensed out their brand to other gangs. To protect its value,they would severely punish any franchisee who made a threatand failed to carry it out.over the past two decades—exposes the corporatized naturesays the unprecedented scale of looting in the Soviet collapseprovided the foundation for today’s global criminal operations.The barely-regulated communities of cyberspace are an irresistiblehoneypot for well funded gangs.Organized cybercrimewere exposed or stolen last year, and of those thefts, 91% werelinked to organized crime groups.Stolen credit card data that was worthUS$16 in 2007 is now worth just 50 centsdata networks. Enterprise IT organizations and their superiorsknow this. Presumably they have all deployed the perimeterward off—or at least be alerted to—malicious attacks.Yet, according to Verizon Business’ 2009 Data Breach Inves-69% of breaches were discovered by a third party. The reportis based on the experiences of Verizon’s own customer base in“The majority of breaches still occur because basic controlswere not in place or because those that were present were notconsistently implemented across the organization,” the reportstates. “In the more successful breaches, the attacker exploitedsome mistake committed by the victim, hacked into the network,records breached included at least one of these attributes.”Targeted breachesare looking for: the 17% of attacks deemed to be “highly dif-other business, criminals must seek higher value-added product—stolencredit card data that was worth as much as US$16in 2007 is now worth just 50 cents.The big money now is in stealing PINs and associated ac-businesses. Finance ranked third in 2007, but last year 93% ofThe nearest other sector was food and beverage, the target ofjust 14% of successful attacks.One part of the problem is that users have become used toof global professional services for Verizon Business. “Peopleused to be extremely wary about using a credit card online,” hesaid. “Now they’re very trusting.”This underlines the fact that so much of personal and businessactivity has gone online, which means enterprises becomeexposed to partners and suppliers.it has concluded that data breaches are not primarily insidebreaches, and only on 11% of these were they acting alone.Watch your partnersPartners such as suppliers, contractors and customers accountedfor 32% of all thefts. In most cases, it was lax securityby the partner that enabled the attacks.Yet partners are overshadowed by external threats—criminalgangs and hackers—representing 74% of all thefts and 94% of theactual volume of stolen records (a total ofover 100% due to overlap). The real threatis from well-resourced teams of criminals valuable corporate and private data.pleof suggestions from Verizon’s Riskteam stand out. One is to not just adopta security policy, but to actually enforceit. The other is “Achieve essential, thenworry about excellent”: don’t focus onjust a few areas and leave other areasless protected.tricspeech.com50 Computerworld Hong Kong Sept 2009 www.cw.com.hk