Cybercrime: Is the Sky Really Falling?

Cybercrime is so rampant today that even as the director and chief examiner for Digital Forensics Inc., I am not immune.

In fact, last year’s data breach of the US Office of Personnel Management (OPM) made me a poster child for cybercrime. That hack exposed the data of more than 18 million former and current government employees, including me, a former National Security Agency cryptologist. To make matters worse, the OPM data is now rumored to be in the hands of ISIS.

So what is an enterprise to do? What can possibly be done in the face of this avalanche of cybercrime? Should we hide our heads in the sand? Never!

What can organizations do to fight this scourge? The answer is simple, and yet the solution is often maddeningly elusive. That is because humans are the weak link in all of this. The biggest threat, for example, is an employee who receives an email that looks legit. Maybe the message appears to be from UPS a day after he ordered something from Amazon. Maybe he clicks on a link that, in actuality, is a spear-phishing attempt that opens a backdoor Trojan malware.

The individual and the organization probably have no idea they are victims of a cybercrime. And until they do find the attack—which may take years—all of their data will be flowing out, on a daily basis, to the cybercriminals to use as they please.

Why does a simple click on an email turn into an epic data breach that will take the organization years to recover from, if it does at all? Because everyone is so concerned about what is coming in through the firewall that they are not looking at traffic that is exiting. Sometimes it is the “sloth effect” that gets organizations in trouble. A network administrator fails to patch a well-publicized hole and, as a result, cybercriminals harvest the organization’s data for years before the breach is even discovered.

What can you do? Educate employees on the fundamentals of cyber safety, of course. Provide continuous communications on the types of cybercrimes employees need to look out for. Teach them to never give other humans their personally identifiable information. Organizations also need to hire certified and skilled cybersecurity practitioners.

While much of this seems painfully obvious to the cybersecurity practitioner, I see every day that many companies are not even doing the basics of cybercrime prevention. If enterprises practiced the fundamentals of cybersecurity, the number of successful cybercrimes would be dramatically reduced.

Daniel Libby CFC ACE CHS-III is Director & Chief Examiner, Digital Forensics, Inc.

Information-Management: http://bit.ly/21myajv

« One-Third Of IT Staff Are Hackers
Predictive Analytics For Web Content »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Itaccel

Itaccel

IT Accel began a decade ago as a band of technical recruiters who wanted to bring our experience and depth of knowledge to solving complex human resou

Barracuda

Barracuda

Barracuda provides a comprehensive cybersecurity platform to protect organizations from all major attack vectors that are present in today’s complex threats.

Herjavec Group

Herjavec Group

Herjavec Group's Managed Security Services practice defends your organization from increasingly sophisticated, targeted cybercrime threats.

Infiltrate

Infiltrate

INFILTRATE is a deep technical conference that focuses entirely on offensive security issues.

Ericsson

Ericsson

Ericsson is a leading provider of telecommunications services and network infrastructure solutions including all aspects of network security.

Me Learning

Me Learning

Me Learning provides engaging, informative and clearly explained learning materials for complex and challenging professional environments in areas including GDPR and Information Governance.

Agility Networks

Agility Networks

Agility Networks is a technology company providing integrated services and solutions for Digital Transformation and Cyber Security.

e.Kraal Innovation Hub

e.Kraal Innovation Hub

e.Kraal is a Cybersecurity Innovation Hub whose mission is to secure the future of Cybersecurity in Kenya by accelerating innovation and creativity in the cyberspace ecosystem.

WebSec B.V.

WebSec B.V.

WebSec is a Dutch Cybersecurity firm mainly focused on offensive security services such as pentesting, red teaming and security awareness and phishing campaigns.

Ethyca

Ethyca

Ethyca builds automated data privacy infrastructure and tools for developers and privacy teams to easily build products that comply with GDPR, CCPA Privacy Regulations.

Maxxsure

Maxxsure

Maxxsure provides a platform for executive management, leveraging proprietary technology that identifies, measures, and scores a company’s cyber risks.

OryxLabs

OryxLabs

OryxLabs provide advanced enterprise digital risk protection solutions. Learn more about how 24x7 continuous assessment, monitoring, and improvement can secure your network.

CXI Solutions

CXI Solutions

CXI Solutions: Your trusted partner in cybersecurity. We offer a full range of cybersecurity solutions to protect your business from digital attacks and virtual threats.

Entitle

Entitle

Entitle's SaaS-based platform automates how permissions are managed, enabling organizations to eliminate bottlenecks and implement robust cloud least privilege access.

Haiku

Haiku

Haiku stands at the forefront of cybersecurity upskilling, leveraging video games to immerse you in a flow state for accelerated, enduring learning.

Thero6

Thero6

Thero6 develop dynamic financial analysis algorithms that help prevent coin collapses and theft of cryptocurrency funds by identifying the transaction absolutely throughout the chain.