Data Breaches, Redux
Earlier in the week we discussed data breaches, how they might happen and their growing occurrence during the past two to five years.
Now let’s dig a little deeper into the common mechanisms criminals use to infiltrate databases,and just how much it costs businesses (and clients) each time this type of theft occurs.
Going Phishing…for Your Identity
As times change, so does technology. And unfortunately, identity thieves have moved right along with the newest updates in computer software.
Individuals or groups looking to commit a data breach typically utilize some form of malware (malicious + software). And it’s not as hard to come by these days as crooks are better able to “hide” behind false ID themselves under the anonymity of the internet.
For example, phishing is now targeted, rather than being a half-dash potpourri inserted into mass inboxes. That’s right: “smarter” malware can select its preferred demographic for computer thievery and big-time data breaches.
The very fact that its potential victims already have or have looked into offers that match the phishing “campaign” makes it more likely that, if not interested, the consumer will simply delete the e-mail and not report it. And some phishing campaigns—known as “spear phishing”–literally custom-create e-mail scams for a given company, making them seem all the more legitimate.
A Criminal Worms His Way In
There’s also the SQL injection method, in which a company’s files are extracted through web-facing applications.
And of course, worms remain popular; similar to computer viruses, they are considered by hackers to be superior to them due to the fact that they don’t need a specific program in order to replicate themselves. Like real worms, these programs dig in deep…and can reproduce all by themselves.
Old-Fashioned Con Artistry
Even with the newest of malware applications, a consumer needs to be “hooked” into opening the e-mail or link. This is where an old and despicable art comes into play: experienced con artists will create messages that are almost guaranteed to receive some sort of response action.
These can include phony subpoenas, tax complaints or other trigger-reaction emails that are leagues beyond the old and stale “You may have already won!” messages (which cons know are now bound for the trash bin without opening).
A Costly Business
So how much is all this hacking costing the average business?
According to CIO magazine, in 2008 the per-person victim average was $202. Though this doesn’t sound bank-breaking, consider that it’s up from $197 just a year earlier—and that the amount works out to a whopping $6.35 million per breach.
Since efforts to the contrary on the part of both companies and local and federal legislation aren’t yet bringing the numbers down (rather than up), protecting oneself with alerts can be a huge boon. (Please refer to last Tuesday, when we discussed how closer inspection of accounts and a great credit monitoring protection can be a plus.)
In the meantime, companies work to protect themselves from malware, while professionals and the law work harder to detect it. The hope is that 2009 will turn out better than formerly predicted LINK and that criminals will finally get their due in the underhanded world of computer hacking…and the very expensive and devastating breaches that may ensue.
