Cybercrime: Is the Sky Really Falling?

Uploaded on 2016-03-01 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

Cybercrime is so rampant today that even as the director and chief examiner for Digital Forensics Inc., I am not immune.

In fact, last year’s data breach of the US Office of Personnel Management (OPM) made me a poster child for cybercrime. That hack exposed the data of more than 18 million former and current government employees, including me, a former National Security Agency cryptologist. To make matters worse, the OPM data is now rumored to be in the hands of ISIS.

So what is an enterprise to do? What can possibly be done in the face of this avalanche of cybercrime? Should we hide our heads in the sand? Never!

What can organizations do to fight this scourge? The answer is simple, and yet the solution is often maddeningly elusive. That is because humans are the weak link in all of this. The biggest threat, for example, is an employee who receives an email that looks legit. Maybe the message appears to be from UPS a day after he ordered something from Amazon. Maybe he clicks on a link that, in actuality, is a spear-phishing attempt that opens a backdoor Trojan malware.

The individual and the organization probably have no idea they are victims of a cybercrime. And until they do find the attack—which may take years—all of their data will be flowing out, on a daily basis, to the cybercriminals to use as they please.

Why does a simple click on an email turn into an epic data breach that will take the organization years to recover from, if it does at all? Because everyone is so concerned about what is coming in through the firewall that they are not looking at traffic that is exiting. Sometimes it is the “sloth effect” that gets organizations in trouble. A network administrator fails to patch a well-publicized hole and, as a result, cybercriminals harvest the organization’s data for years before the breach is even discovered.

What can you do? Educate employees on the fundamentals of cyber safety, of course. Provide continuous communications on the types of cybercrimes employees need to look out for. Teach them to never give other humans their personally identifiable information. Organizations also need to hire certified and skilled cybersecurity practitioners.

While much of this seems painfully obvious to the cybersecurity practitioner, I see every day that many companies are not even doing the basics of cybercrime prevention. If enterprises practiced the fundamentals of cybersecurity, the number of successful cybercrimes would be dramatically reduced.

Daniel Libby CFC ACE CHS-III is Director & Chief Examiner, Digital Forensics, Inc.

Information-Management: http://bit.ly/21myajv

« One-Third Of IT Staff Are Hackers
Predictive Analytics For Web Content »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Conscio Technologies

Conscio Technologies

Conscio Technologies is a specialist in IT security awareness. Our solutions allow you to easily manage innovative online IT awareness campaigns.

Duane Morris LLP

Duane Morris LLP

Duane Morris is a global law firm with offices in the USA, UK and Asia. Practice areas include Cybersecurity.

Bastille

Bastille

Bastille’s patented software and security sensors bring visibility to devices emitting radio signals (Wi-Fi, cellular, IoT) in your organization.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Corsha

Corsha

Corsha is on a mission to simplify API security and allow enterprises to embrace modernization, complex deployments, and hybrid environments with confidence.

LOGbinder

LOGbinder

LOGbinder eliminates blind spots in security intelligence for endpoints and applications.

Canopius Group

Canopius Group

Canopius is a global specialty lines insurance and reinsurance company and one of the top 10 insurers in the Lloyd’s insurance market.

Hawk AI

Hawk AI

Hawk AI’s mission is to help financial institutions detect financial crime more effectively and efficiently using AI to enhance rules and find anomalies.

Skyhigh Security

Skyhigh Security

Skyhigh Security enables your remote workforce while addressing your cloud, web, data, and network security needs.

Jericho Security

Jericho Security

Jericho Security is on a mission to defend the world from the new threats of generative AI cyber attacks.

Jitterbit

Jitterbit

Jitterbit integrates critical business processes and enables application development to deliver the experiences and insights needed by enterprises of all sizes to accelerate their digital journey.

Xeliumtech Solutions

Xeliumtech Solutions

Xeliumtech Solutions are a Digital Transformation partner with quality offerings in Mobile App Development, Ecommerce, Devops, RPA, AI, IoT development, Cybersecurity and more.

OryxAlign

OryxAlign

OryxAlign offer managed IT and cyber security, cloud and digital transformation, and tailored professional and consulting services.

DuploCloud

DuploCloud

DuploCloud offers an end-to-end DevOps software platform for dev teams that don’t have dedicated DevOps engineers and augments those that do.

SecuRedact

SecuRedact

SecuRedact is an AI-powered tool to detect and pseudonymize personal data in text and images. Fast, local, secure, and free to try.

Zeroday Ops

Zeroday Ops

At ZeroDay Ops, our vision is to democratize cybersecurity by making enterprise-grade vulnerability assessment accessible, continuous, and actionable for every organization in the digital world.