Cybercrime: Is the Sky Really Falling?
Cybercrime is so rampant today that even as the director and chief examiner for Digital Forensics Inc., I am not immune.
In fact, last year’s data breach of the US Office of Personnel Management (OPM) made me a poster child for cybercrime. That hack exposed the data of more than 18 million former and current government employees, including me, a former National Security Agency cryptologist. To make matters worse, the OPM data is now rumored to be in the hands of ISIS.
So what is an enterprise to do? What can possibly be done in the face of this avalanche of cybercrime? Should we hide our heads in the sand? Never!
What can organizations do to fight this scourge? The answer is simple, and yet the solution is often maddeningly elusive. That is because humans are the weak link in all of this. The biggest threat, for example, is an employee who receives an email that looks legit. Maybe the message appears to be from UPS a day after he ordered something from Amazon. Maybe he clicks on a link that, in actuality, is a spear-phishing attempt that opens a backdoor Trojan malware.
The individual and the organization probably have no idea they are victims of a cybercrime. And until they do find the attack—which may take years—all of their data will be flowing out, on a daily basis, to the cybercriminals to use as they please.
Why does a simple click on an email turn into an epic data breach that will take the organization years to recover from, if it does at all? Because everyone is so concerned about what is coming in through the firewall that they are not looking at traffic that is exiting. Sometimes it is the “sloth effect” that gets organizations in trouble. A network administrator fails to patch a well-publicized hole and, as a result, cybercriminals harvest the organization’s data for years before the breach is even discovered.
What can you do? Educate employees on the fundamentals of cyber safety, of course. Provide continuous communications on the types of cybercrimes employees need to look out for. Teach them to never give other humans their personally identifiable information. Organizations also need to hire certified and skilled cybersecurity practitioners.
While much of this seems painfully obvious to the cybersecurity practitioner, I see every day that many companies are not even doing the basics of cybercrime prevention. If enterprises practiced the fundamentals of cybersecurity, the number of successful cybercrimes would be dramatically reduced.
Daniel Libby CFC ACE CHS-III is Director & Chief Examiner, Digital Forensics, Inc.
Information-Management: http://bit.ly/21myajv