Cybercrime More Profitable Than Drug Trading

Uploaded on 2015-04-17 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

As reported by the 2013 Europol Serious & Organized Threat Assessment, the “Total Global Impact of Cybercrime has risen to US $3 Trillion, making it more profitable than the global trade in marijuana, cocaine and heroin combined.”
 

This growing cost of cyber crime partially reflects the different laws that define countries’ breach disclosure policies. For example, whereas the United States has mandatory disclosure laws, the European Union has none. 

European-based companies that have been affected by an incident, including TK Maxx, Loyaltybuild, Stay Sure and CEC Bank, are therefore under no obligation to notify their customers of an incident. This lack of visibility may limit the affected company’s incentives to invest in detection measures that facilitate a timely response.

Clearly, computer criminals are interested in stealing customers’ payment card information, which helps to explain the uptick in breaches we are seeing today. This begs the question: How can we make sure a company does not succumb to large-scale payment card theft?

The answer has to do with compliance. Information protection policies were created to ensure the protection of sensitive information. In this case, compliance with one such policy, known as the Payment Card Industry Data Security Standards (PCI DSS), helps to protect customers’ payment card information. To be sure, companies vary in their approach to the issue of compliance. Some organizations look at compliance as just a checkbox, implementing security controls in an effort to merely pass their security audit and thereby continue to do business. As I discussed in a recent post, however, this approach more often than not values a cheap solution to compliance at the expense of improving the organization’s security. It is therefore no surprise that many companies that implement the “checkbox” approach are predominantly those affected by large security breaches.

Just to be clear, a comprehensive approach to compliance cannot prevent attackers from infiltrating a company’s networks. On the contrary, as the growing number of breaches has shown, it is inevitable that attackers will find a way in. But where PCI DSS compliance makes a difference is in a company’s detection and response time.

Having the capabilities to quickly detect and remove an attacker from one’s network allows a company to resume business as usual in a matter of weeks. This is a preferred outcome when one considers the case of Target, which recently agreed to a multi-million dollar settlement after losing millions of customers’ data back in 2013.

Tripwire:  

« Insurance Experts Say Adequate Cyber Cover Is Now Available.
Cloud-based Business Intelligence Goes Mainstream »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Montash

Montash

Montash is an award winning, global technology recruitment business, specialising in the acquisitions of high-performing talent across a number of core disciplines including Information Security.

ReadWrite

ReadWrite

ReadWrite is a leading media platform dedicated to IoT and the Connected World.

FlashRouters

FlashRouters

FlashRouters offers DD-WRT compatible router models with improved performance, privacy/security options, and advanced functionality.

Truth Technologies Inc (TTI)

Truth Technologies Inc (TTI)

TTI is a premier provider of worldwide anti-money laundering, anti-fraud, customer identification, and compliance products and services.

Center for Internet Security (CIS)

Center for Internet Security (CIS)

CIS is a nonprofit entity that harnesses the power of a global IT community to safeguard private and public organizations against cyber threats.

Industrial Cyber-Physical Systems Center (iCyPhy)

Industrial Cyber-Physical Systems Center (iCyPhy)

The goal of iCyPhy is to conduct pre-competitive research on architectures and design, modeling, and analysis techniques for cyber-physical systems.

Automation & Cyber Solutions (ACS)

Automation & Cyber Solutions (ACS)

Automation & Cyber Solutions delivers a range of Industrial Automation and Cyber solutions & services to sectors including Oil & Gas, Chemicals & Petrochemicals, Power and others.

IBA Security

IBA Security

IBA Security is a center of competence consolidating the cybersecurity expertise of the IBA Group.

Verifi

Verifi

Verifi is an award-winning provider of end-to-end payment protection and risk management solutions.

Knowledge Transfer Network (KTN)

Knowledge Transfer Network (KTN)

KTN links new ideas and opportunities with expertise, markets and finance through our network of businesses, universities, funders and investors.

DataDog

DataDog

DataDog provides Cloud-native Security Monitoring. Real-time threat detection across your applications, network, and infrastructure.

TrueFort

TrueFort

TrueFort take an application-first approach that offers comprehensive protection for real-time visibility and analysis, protection and better communication across business, IT, and security teams.

Viakoo

Viakoo

Viakoo is an Enterprise IoT Applications Management company providing performance, security, and compliance. Viakoo enables you to be proactive in maintaining cyber hygiene and protecting your network

ZX Security

ZX Security

ZX Security is a New Zealand owned and operated cyber security consultancy.

SecureLake

SecureLake

SecureLake (formerly Managni) is one of the most trusted US-based IT security and infrastructure companies.

Blackmere Consulting

Blackmere Consulting

Blackmere Consulting is a Nationwide Technical and Executive Recruiting firm dedicated to Cyber Security and Information Technology.