Cybercrime: Is the Sky Really Falling?

Cybercrime is so rampant today that even as the director and chief examiner for Digital Forensics Inc., I am not immune.

In fact, last year’s data breach of the US Office of Personnel Management (OPM) made me a poster child for cybercrime. That hack exposed the data of more than 18 million former and current government employees, including me, a former National Security Agency cryptologist. To make matters worse, the OPM data is now rumored to be in the hands of ISIS.

So what is an enterprise to do? What can possibly be done in the face of this avalanche of cybercrime? Should we hide our heads in the sand? Never!

What can organizations do to fight this scourge? The answer is simple, and yet the solution is often maddeningly elusive. That is because humans are the weak link in all of this. The biggest threat, for example, is an employee who receives an email that looks legit. Maybe the message appears to be from UPS a day after he ordered something from Amazon. Maybe he clicks on a link that, in actuality, is a spear-phishing attempt that opens a backdoor Trojan malware.

The individual and the organization probably have no idea they are victims of a cybercrime. And until they do find the attack—which may take years—all of their data will be flowing out, on a daily basis, to the cybercriminals to use as they please.

Why does a simple click on an email turn into an epic data breach that will take the organization years to recover from, if it does at all? Because everyone is so concerned about what is coming in through the firewall that they are not looking at traffic that is exiting. Sometimes it is the “sloth effect” that gets organizations in trouble. A network administrator fails to patch a well-publicized hole and, as a result, cybercriminals harvest the organization’s data for years before the breach is even discovered.

What can you do? Educate employees on the fundamentals of cyber safety, of course. Provide continuous communications on the types of cybercrimes employees need to look out for. Teach them to never give other humans their personally identifiable information. Organizations also need to hire certified and skilled cybersecurity practitioners.

While much of this seems painfully obvious to the cybersecurity practitioner, I see every day that many companies are not even doing the basics of cybercrime prevention. If enterprises practiced the fundamentals of cybersecurity, the number of successful cybercrimes would be dramatically reduced.

Daniel Libby CFC ACE CHS-III is Director & Chief Examiner, Digital Forensics, Inc.

Information-Management: http://bit.ly/21myajv

« One-Third Of IT Staff Are Hackers
Predictive Analytics For Web Content »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

mile2

mile2

Mile2 develop and deliver proprietary vendor neutral professional certifications for the cyber security industry.

DKCERT

DKCERT

DKCERT (Danish Computer Security Incident Response Team) is a service of DeIC (Danish e-Infrastructure Cooperation).

MixMode

MixMode

MixMode's PacketSled platform delivers network monitoring, deep forensic analysis and incident response.

National Information Technology Development Agency (NITDA) - Nigeria

National Information Technology Development Agency (NITDA) - Nigeria

The National Information Technology Development Agency (NITDA) is committed to implementing the Nigerian National Information Technology Policy.

Cymulate

Cymulate

Cymulate is a SaaS-based breach and attack simulation platform that makes it simple to know and optimize your security posture any time, all the time.

Squalio

Squalio

Squalio is an information technology group that delivers solutions and services for secure and effective IT management.

Cycuity

Cycuity

Cycuity (formerly Tortuga Logic) is a cybersecurity company that is transforming the way we secure silicon with comprehensive hardware security assurance.

The Security Company (TSC)

The Security Company (TSC)

The Security Company is a leading provider of creative employee security awareness programmes.

Elron Ventures

Elron Ventures

Elron partner with early stage ventures to build companies that transform lives and industries. Our main areas of focus are enterprise software, cybersecurity, and healthcare.

Palitronica

Palitronica

Palitronica build cutting-edge hardware and breakthrough software that revolutionizes how we defend critical infrastructure and key resources.

Muscope Cybersecurity

Muscope Cybersecurity

Muscope CYSR platform performs a risk assessment and offers a comprehensive overview of the potential cyber attack risks.

AddSecure

AddSecure

AddSecure is a leading European provider of secure IoT connectivity and end-to-end solutions.

ConvergePoint

ConvergePoint

ConvergePoint is the leading compliance software provider on the Microsoft Office 365 SharePoint platform.

Washington Technology Solutions (WaTech)

Washington Technology Solutions (WaTech)

WaTech operates the state’s core technology infrastructure – the central network and data center, provides strategic direction for cybersecurity and protects state networks from growing cyber threats.

BetterWorld Technology

BetterWorld Technology

BetterWorld Technology provides cloud solutions, managed services, SaaS, cybersecurity and virtual CIO, all customized to meet your needs.

Tracebit

Tracebit

Tracebit uses decoys to detect and respond to cloud intrusions in minutes.