A decade of breaches: Myths versus facts

The year is drawing to a close, and soon we will be ushering in 2016. For most businesses, this means looking forward, both to the immediate future and to the long term. The new year, after all, means resolutions, and many enterprises use the time to take stock of where they stand and decide what needs to be done differently as they pave the way for a better year.

But most of the time, longer-term resolutions take the back seat to the immediate future-based concern at hand: the holiday shopping rush. For almost all B2C organizations out there, the period from November through the New Year represents the absolute pinnacle of the year in terms of sales. Whether we are talking about Black Friday, Cyber Monday, or any of the other holiday-themed shopping days that follow Thanksgiving, these are times when businesses can rely on an influx of patrons all ready to shell out money to get the best holiday deal.

According to numbers compiled by Statistic Brain Research Institute, approximately $52 billion is spent during the holiday shopping season (officially November 1 – December 16). What this breaks down to is the typical holiday shopper shelling out more than $800 on gifts during the season. And the current holiday consumer period looks to be even more busy, with Adobe forecasts projecting that the holiday period may net a record-breaking $83 billion – with an anticipated $3 billion on Cyber Monday alone. 

"During the year, 65 percent of all spend goes to a mere 1 percent of products, but that number jumps to 76 percent during the holidays," the Adobe report noted.

It used to be that the holiday shopping rush meant physical stores would be crowded with customers. Increasingly, however, that is not necessarily the case, and retailers instead have to ensure that their holiday deals are catered to a growing demographic of exclusively online shoppers.

According to the same Statistic Brain figures, approximately 90 percent of consumers carry out online shopping over the holidays. Of those individuals who own tablets, seven out of 10 use these devices for shopping. In addition, the Adobe report found that over half of the survey's respondents said they will likely use either a smartphone or tablet to browse online stores on Thanksgiving day, with around 29 percent turning to a mobile device to make a purchase then. Even on Black Friday, a day typically associated with long lines at brick-and-mortar locations, Adobe's findings showed that mobile shopping is rising steadily.

The growing trend toward online and mobile-based shopping solutions is facilitating a push among organizations to bolster their virtual presence, and so undoubtedly a lot of time and energy will be funneled into creating more seamless enterprise Web and app-based shopping experiences for customers. 

All of this adds up to a significant amount of anxiety and preparation for business leaders. And there is no denying that the holiday shopping rush and the attention it demands is occupying the majority of enterprise leaders' time. But the new year – which is the time for resolutions, after all – calls not just for looking forward, but for looking backward as well. 

With cyber crime, it pays to look to the past

Amidst all the enterprise attention to the future that surrounds the move to the new year, there emerges a need to look back – particularly when it comes to topics like cyber crime. After all, the massive Target hack of 2013 occurred during this time of year, and the company is still dealing with some fallout from that incident. With almost everything, a careful evaluation of past actions can better inform present decisions, and this is absolutely the case with cyber crime.

For well over a decade, cyber crime has been targeting businesses and wreaking havoc on corporate networks across industries. But it has been over the past 10 years or so that breaches have gained momentum on an unprecedented level to emerge as the significant and universal enterprise threat that they represent today.

The tumultuous past decade of cyber crime is highlighted in a Trend Micro report entitled "Follow the Data: Dissecting Data Breaches and Debunking Myths." As the report – which was put together by Numaan Huq of the Forward-Looking Threat Research (FTR) Team – asserts, the past 10 years of cyber crime can be summed up with a simple statement: "One massive hack after another." And as the breach headlines continually prove, that is no understatement.

In fact, we are inundated with so many breach-related headlines these days that it is hardly surprising to hear about the latest massive network intrusion. Such was the case with the U.S. Office of Personnel Management hack, which happened back in June and led to privileged data for 21.5 million applicants and government employees being compromised. While the incident certainly generated headlines, it seemingly was not met with nearly the coverage of, say, the Target hack or the Sony hack of late 2014. There are simply too many breach stories out there to keep track of them all. With each successive attack, we risk growing even more detached from the magnitude of each individual malicious incident.

But it is incredibly important to attempt to reverse that mindset with a hard look at the facts. For as bad as cyber crime has been for the past decade, all signs point to it only getting worse moving forward. Evidence for this comes from the Trend Micro report, which traces upward trends in certain types of cyber crime over the last few years, including:

• Payment card data breaches, which have experienced a 125 percent rise in the past five years.
• Hacking and malware, which over the past 10 years have constituted one out of four breach incidents.
• Personally Identifiable Information theft, which, according to Trend Micro, is the most stolen type of record.

Cyber crime: Myths versus facts 

For those paying attention, the past 10 years of cyber crime have taught us significant lessons about the nature and tactics of the virtual criminal. One of the most important takeaways from these lessons is to separate the myths from the facts, so that is what we have decided to do here, highlighting some myths that have emerged over the past decade that need to be corrected:

Myth: Identity theft is something that mainly hits the financial sector.  
Fact: There is another sector in which the majority of identity theft happens. When considering instances of identity theft, one might assume that these episodes occur most frequently in the banking realm, since stealing the payment credentials of an individual provides a cyber criminal with direct access to his or her finances. But in fact, identity theft runs rampant across industries, and it is actually most common in health care, where 29.8 percent of identity-based incidents have taken place. Financial organizations did not even come in second place when it came to identity theft incidents: that spot was reserved for retail stores. This is a very important lesson to keep in mind both during the holiday shopping season and year-round.

Myth: Medical records are the most valuable type of data in terms of black market purchases.
Fact: Passwords hold the top spot in terms of black market value, where they tend to net approximately $75.80 a piece. Health information comes in second at $59.80. Third most valuable is Social Security numbers, which tend to earn criminals $55.70 per. Credit and debit card information is also highly valued by cyber criminals.

Conclusion: As the holidays pick up, do not overlook cyber security

Sure, the holiday rush means organizations across industries have a lot to worry about in terms of maintaining physical locations, enhancing the online experience and augmenting the mobile one. And once the new year rolls around, these businesses will want to sit back and make big plans about the future. But amid the excitement surrounding the path to a better business, it is absolutely imperative that organizations do not neglect the issue of cyber security. Those that do will join the ranks of companies like Target, the Home Depot and Sony that were not as vigilant as possible and thus paid the price.

After all, there is one fact about data breaches that nobody can claim is a myth: They are here for the long haul. With breaches and leaks unfortunately here to stay, it is absolutely imperative for companies to bolster defenses. Trend Micro's leading lineup of security products – which include solutions for data loss protection, deep security and email encryption, among many others – represent an important tool in the enterprise fight against cyber crime. 

from Trend Micro Simply Security http://ift.tt/1O1qozp
via IFTTT