Fresh Insights

Information created to address your business’s top challenges and concerns. To spark transformative thinking and problem solving.
June62014

Cybercrime Is On the Rise: How to Protect Your Organization

cybercrime

Recent high-profile security breaches at Target and several other major retailers have cast cybercrime in a whole new light. Many people who previously did not think twice about swiping their credit or debit card at the point of sale are now more hesitant to pay for their purchases using plastic.

Likewise, many businesses are wondering what they can do to protect their sensitive information, including customers' payment information. But cybercrime doesn't just affect retailers and merchants. Cyber criminals are targeting all kinds of businesses in their quest to steal any and every kind of corporate information that could be profitable to them.

Sobering Cybercrime Stats

Statistics reported in the 2013 Cost of Cyber Crime Study illuminate just how big of a problem cybercrime has become for corporations. Cybercrime activity in the U.S. alone costs businesses up to $120 billion per year — worldwide, the cost is as high as $1 trillion. In 2013, the cost of cybercrime grew by 78 percent over the previous year, with an average cost of more than $1 million to resolve a single cyber attack.

Data theft accounted for the highest percentage (43 percent) of cybercrime costs, followed closely by business disruption and lost productivity (36 percent). The average time it takes to resolve a cyber attack is 32 days, and businesses lose an average of more than $32,000 per day during this time.

Highly structured organized crime rings are the source of a little over half (55 percent) of all cybercrime, according to the 2013 Verizon Data Breach Investigations Report, followed by state-affiliated entities (21 percent). Lone hackers (8 percent), hactivists (2 percent), and former and current employees (1 percent) are the other main sources of cybercrime activity. China (30 percent) and Romania (28 percent) together are the source of more than half of all cybercrime activity, with 18 percent of cybercrime originating in the U.S.

Primary Cyber Threats

Cyber criminals have devised numerous techniques for stealing sensitive information from unsuspecting businesses. The main cyber threats today include:

1. Malware — Infecting corporate computers and IT systems with malware is perhaps the most common type of corporate cyber attack. Cyber criminals are constantly releasing new strains of malware with new and different signatures. This makes staying ahead of them increasingly difficult — even for companies that are diligent about updating their antivirus and antispyware programs. More than 58 million unique new malware strains were released in 2013 alone, according to McAfee Labs and the Aite Group, and this is projected to top 100 million next year.

Man-in-the-Browser (MitB) attacks are one of the most common types of malware corporate infiltrations. Trojans are installed on corporate computers that capture employees' online banking credentials, which cyber thieves then use to wipe out corporate bank accounts. Thieves can also use malware to steal sensitive information for the purposes of corporate espionage and insider trading. And by downloading malware onto merchants' POS systems, thieves can easily steal unencrypted credit and debit card information.

2. Hacking — Computer hackers are simply looking for weak spots in a business' IT system and network defenses that can be breached to steal sensitive corporate data. This is often made easier for them by the sprawling and decentralized data architecture that has evolved over a number of years at many businesses. A back door into the network for hackers can be inadvertently opened via a new product release or common programming languages like Java and Adobe.

Hackers also try to steal login credentials, which they then load into automated bots that are sent out to as many online properties as possible. These credentials are especially valuable to them, given the fact that more than half (55 percent) of consumers use the same login credentials everywhere they go online.

3. Phishing — Even though it has been around for awhile, this cyber threat is still surprisingly common. A more sophisticated variation known as spear fishing can be even more effective. Here, cyber criminals send highly targeted emails to potential victims who they know have a relationship with the brand that's being hijacked. This often enables them to get past victims' initial suspicions and convince them to click on links that take victims to bogus websites and enter their personal information.

What You Can Do

The best defense is usually a multi-layered, risk-based approach that combines the latest anti-cybercrime technology with detailed corporate policies and procedures designed to deter cybercrime and detect it quickly when it does occur.

"It's all about multi-layering your defenses," says Cadence Bank Chief Information Officer Buddy Cox. "If a cyber thief wants to get into your system badly enough, they will probably get in. So you want to try to make harder for them to access your system than the data they are trying to steal is worth."

Among the cybercrime prevention steps that should be included in a multi-layered defense system are:

• Encrypting sensitive data, both in storage and transmission.

• Building a robust feedback loop so you can quickly assess the cause of any security breaches that do occur and adjust your defenses.

• Going beyond single point authentication solutions to a layered approach that protects both sessions and transactions themselves.

• Continuing to perform ongoing assessments of your cyber security risks.

• Talking to your bank about treasury management tools that can be leveraged to help guard against cybercrime.

One of the most effective tools is the use of RSA Secure ID Token codes for wire transfers at login and payment release. In addition, Trusteer Rapport, available at no charge to Cadence Bank clients, is a security software application that helps prevent phishing and MitB malware attacks. It uses a network of more than 30 million endpoints around the globe to collect intelligence on active phishing and malware attacks against organizations worldwide. "This provides an additional layer of cyber crime defense for businesses," says Cox. 

Please contact your Cadence Bank Treasury Management representative if you would like to discuss fraud prevention in more detail.

You might also like:

How to Guard Against Occupational Fraud