Cybercrime More Profitable Than Drug Trading

Uploaded on 2015-04-17 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

As reported by the 2013 Europol Serious & Organized Threat Assessment, the “Total Global Impact of Cybercrime has risen to US $3 Trillion, making it more profitable than the global trade in marijuana, cocaine and heroin combined.”
 

This growing cost of cyber crime partially reflects the different laws that define countries’ breach disclosure policies. For example, whereas the United States has mandatory disclosure laws, the European Union has none. 

European-based companies that have been affected by an incident, including TK Maxx, Loyaltybuild, Stay Sure and CEC Bank, are therefore under no obligation to notify their customers of an incident. This lack of visibility may limit the affected company’s incentives to invest in detection measures that facilitate a timely response.

Clearly, computer criminals are interested in stealing customers’ payment card information, which helps to explain the uptick in breaches we are seeing today. This begs the question: How can we make sure a company does not succumb to large-scale payment card theft?

The answer has to do with compliance. Information protection policies were created to ensure the protection of sensitive information. In this case, compliance with one such policy, known as the Payment Card Industry Data Security Standards (PCI DSS), helps to protect customers’ payment card information. To be sure, companies vary in their approach to the issue of compliance. Some organizations look at compliance as just a checkbox, implementing security controls in an effort to merely pass their security audit and thereby continue to do business. As I discussed in a recent post, however, this approach more often than not values a cheap solution to compliance at the expense of improving the organization’s security. It is therefore no surprise that many companies that implement the “checkbox” approach are predominantly those affected by large security breaches.

Just to be clear, a comprehensive approach to compliance cannot prevent attackers from infiltrating a company’s networks. On the contrary, as the growing number of breaches has shown, it is inevitable that attackers will find a way in. But where PCI DSS compliance makes a difference is in a company’s detection and response time.

Having the capabilities to quickly detect and remove an attacker from one’s network allows a company to resume business as usual in a matter of weeks. This is a preferred outcome when one considers the case of Target, which recently agreed to a multi-million dollar settlement after losing millions of customers’ data back in 2013.

Tripwire:  

« Insurance Experts Say Adequate Cyber Cover Is Now Available.
Cloud-based Business Intelligence Goes Mainstream »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Identiv

Identiv

Identiv is a global security technology company that establishes trust in the connected world, including premises, information and everyday items.

DataLocker

DataLocker

DataLocker offers both hardware based external storage and software based cloud storage encryption solutions.

European Organisation for Security (EOS)

European Organisation for Security (EOS)

EOS represents all domains of security solutions and services.providers including ICT information and communications technologies.

BioCatch

BioCatch

BioCatch uses behavioral biometrics for fraud prevention and detection. Continuous authentication for web and mobile applications to prevent new account fraud.

Innotec Security

Innotec Security

Innotec Security is a Spanish company specializing in cybersecurity-as-a-service, cyber resilience and cyber risk management.

mPrest

mPrest

mPrest is a global provider of mission-critical monitoring and control solutions for the defense, security, utility and Industrial Internet of Things (IoT) sectors.

SK IT Cyber Security

SK IT Cyber Security

SK IT provide services and solutions for cybersecurity and advanced information system engineering.

H3Secure

H3Secure

H3 Secure focuses on Secure Data Erasure Solutions, Mobile Device Diagnostics and Information Technology Security Consulting.

Tromzo

Tromzo

Tromzo's mission is to eliminate the friction between developers and security so you can scale your application security program.

SecAlliance

SecAlliance

SecAlliance is a cyber threat intelligence product and services company.

Intelligent Technical Solutions (ITS)

Intelligent Technical Solutions (ITS)

We help businesses manage their technology. Intelligent Technical Solutions provide you with the right technical solution, so you can get back to running your business.

Althammer & Kill

Althammer & Kill

Althammer & Kill offers pragmatic solution concepts for data protection and digitization. We advise in the field of data protection, information security and compliance.

Sitehop

Sitehop

Sitehop is a cybersecurity technology company developing and supplying FPGA hardware-enforced cyber security solutions for networks.

Phylum

Phylum

Phylum provides powerful, automated software supply chain risk analysis that protects organizations, defends developers and enables secure innovation.

Accelerynt

Accelerynt

Accelerynt was founded with a singular purpose: help teams like yours build cybersecurity resilience.

Blackwired

Blackwired

Blackwired has established a new category in cyber security with an intelligence-led model based on the USMC’s Combat Hunter programme ‘Left of Bang’.