Cybercrime: Is the Sky Really Falling?

Uploaded on 2016-03-01 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

Cybercrime is so rampant today that even as the director and chief examiner for Digital Forensics Inc., I am not immune.

In fact, last year’s data breach of the US Office of Personnel Management (OPM) made me a poster child for cybercrime. That hack exposed the data of more than 18 million former and current government employees, including me, a former National Security Agency cryptologist. To make matters worse, the OPM data is now rumored to be in the hands of ISIS.

So what is an enterprise to do? What can possibly be done in the face of this avalanche of cybercrime? Should we hide our heads in the sand? Never!

What can organizations do to fight this scourge? The answer is simple, and yet the solution is often maddeningly elusive. That is because humans are the weak link in all of this. The biggest threat, for example, is an employee who receives an email that looks legit. Maybe the message appears to be from UPS a day after he ordered something from Amazon. Maybe he clicks on a link that, in actuality, is a spear-phishing attempt that opens a backdoor Trojan malware.

The individual and the organization probably have no idea they are victims of a cybercrime. And until they do find the attack—which may take years—all of their data will be flowing out, on a daily basis, to the cybercriminals to use as they please.

Why does a simple click on an email turn into an epic data breach that will take the organization years to recover from, if it does at all? Because everyone is so concerned about what is coming in through the firewall that they are not looking at traffic that is exiting. Sometimes it is the “sloth effect” that gets organizations in trouble. A network administrator fails to patch a well-publicized hole and, as a result, cybercriminals harvest the organization’s data for years before the breach is even discovered.

What can you do? Educate employees on the fundamentals of cyber safety, of course. Provide continuous communications on the types of cybercrimes employees need to look out for. Teach them to never give other humans their personally identifiable information. Organizations also need to hire certified and skilled cybersecurity practitioners.

While much of this seems painfully obvious to the cybersecurity practitioner, I see every day that many companies are not even doing the basics of cybercrime prevention. If enterprises practiced the fundamentals of cybersecurity, the number of successful cybercrimes would be dramatically reduced.

Daniel Libby CFC ACE CHS-III is Director & Chief Examiner, Digital Forensics, Inc.

Information-Management: http://bit.ly/21myajv

« One-Third Of IT Staff Are Hackers
Predictive Analytics For Web Content »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CloudInsure

CloudInsure

CloudInsure is a Cloud Insurance platform designed to specifically address emerging liabilities within the Cloud environment.

FinalCode

FinalCode

FinalCode offers a file encryption and file-based enterprise digital rights management (eDRM) platform.

Guy Carpenter

Guy Carpenter

Guy Carpenter delivers a powerful combination of broking expertise, strategic advisory services, and industry-leading analytics.

TÜV Informationstechnik (TÜViT)

TÜV Informationstechnik (TÜViT)

TÜViT is a leading service provider in the IT sector offering unbiased and independent tests and certifications of IT products, hardware, software, systems and processes.

HudsonCyber

HudsonCyber

HudsonCyber, part of HudsonAnalytix, provides leading cyber risk management services for the global maritime transportation industry.

Reposify

Reposify

Reposify’s cybersecurity solution identifies, manages and defends companies’ global digital footprints.

ATIS Systems

ATIS Systems

ATIS Systems offers first-class complete solutions for legal interception, mediation, data retention, and IT forensics.

SensorHound

SensorHound

SensorHound’s mission is to improve the security and reliability of the Internet of Things (IoT).

eCosCentric

eCosCentric

eCosCentric provides software development solutions for the IoT, M2M & embedded systems market.

Aristi Labs

Aristi Labs

Aristi Labs provides comprehensive security solutions to help businesses protect data and intellectual property, minimizing downtime and maximizing productivity.

Quintillion Consulting

Quintillion Consulting

Quintillion Consulting is a strategic risk based consulting firm. We help companies safeguard the core business and IT capabilities that deliver competitive advantage.

SuperCom

SuperCom

SuperCom are a global secure solutions integrator and technology provider for governments and other consumers facing organizations around the world.

Phy-Cy.X Security Group

Phy-Cy.X Security Group

Phy-Cy.X specialize in the “Physics” of Information Security through both physical and cyber domains. We are not an IT company, we ARE an Information Security company.

SoloKeys

SoloKeys

SoloKeys provides the first open-source FIDO2 security key: Protect your online accounts against unauthorized access by using the most secure login method.

MoogleLabs

MoogleLabs

MoogleLabs leverage AI/ML, Blockchain, DevOps, and Data Science to come up with the best solutions for diverse businesses.

Baidam Solutions

Baidam Solutions

Baidam Solutions is a 100% Australian owned and operated First Nations information technology business.