CYBER CRIME REPORTS 2011
Three reports published during the last 7 days point to significant increased cyber criminality aimed at online businesses.
I have one hot tip from reading through these reports – something most sane non-security people will have no time to do: Unless you have a very robust technology and security team at your disposal, my advice is to outsource your payment card processing and PCI Data Security compliance to a provider who knows what they’re doing and who will help manage the risks for you.
Here are just some of the highlights:
From the UK Government’s Cabinet Office Report – “The Cost of Cyber Crime”http://www.uc.com/Public/crime/THE-COST-OF-CYBER-CRIME-SUMMARY-FINAL.pdf
- The total estimated cost to UK business from cyber crime is £21bn per annum – in reality, this figure is expected to be significantly higher, due to under-reporting of cyber crime.
- Of this, it estimates that UK citizens have lost £3.1bn, including £1.7bn from identity theft and £1.4bn from online scams.
- The larger losses relate to £9.2bn from IP theft and £7.6bn from industrial espionage.
From Trustwave’s, SpiderLabs Global Security Report 2011: http://www.uc.com/Public/crime/GSR2011TrustWaveSpiderLabsReport.pdf
- 75% of all data breaches across industry sectors occurred in the food & beverage and retail sectors (see page 6 in the PDF report)
- Of all data breaches investigated, 85% of attacks were targeted at payment card data (see page 7 in the PDF report)
- If you are one of those online merchants that looks after your own PCI data and security, Trustwave identifies 11 key initiatives to adopt in 2011, including:
Assess, Reduce and Monitor Client-side Attack Surface
Virtually Patch Web Applications Until Fixed
Implement Network Access Control
Analyze All Events
From CISCO’s 4Q10 Global Threat Report:http://www.uc.com/Public/crime/Cisco_Global_Threat_Report_4Q10.pdf
- Spam volumes dropped considerably in 4Q10, with several key events throughout the year contributing to the decline.
- During the Christmas holiday period, an email holiday greeting purporting to be from the White House was sent to .mil and .gov addresses. Those recipients who clicked through to view the “greeting card” were instead greeted by a variant of the Zeus Trojan. This particular variant offloaded DOC, XLS, and PDF files to a remote server.
- Web malware grew by 139 percent in 2010 compared to 2009.
- The rate of web malware encounters peaked in October 2010, at 250 average encounters per enterprise for the month.
John Lyons – Head of Group Risk and Security – UC Group Limited