Can the cybercrime threat be contained?
In an increasingly digital world, a daily battle is being waged over the safety of internet users’ data. The 3.9 billion people who use the Web to shop, invest, communicate with friends or interact with healthcare providers are constantly providing personal information that can offer entry points to their financial assets, health histories and credit records. The cyberthieves working to steal this data are increasing in number and sophistication, as recent online attacks demonstrate. Some hackers offer their stolen wares for sale on the so-called Dark Web; others seek to extort money from victims by, in effect, making them buy back their own data. “Cybercriminals are evolving and pushing the boundaries,” one analyst said. In response, companies are strengthening security measures and governments at all levels are imposing new rules to contain the threat.
Here are some key takeaways:
Hacking has morphed from a lone-wolf activity to a full-blown corporate enterprise.
The average cost of a data breach to an individual company is $3.62 million, and the global cost of cybercrime is projected to reach $6 trillion by 2021.
Banking and health care are among the favorite targets of cybercriminals because these industries gather so much valuable personal information.
Resources for Further Study
Payton, Theresa M., and Ted Claypoole, “Privacy in the Age of Big Data: Recognizing Threats, Defending Your Rights, and Protecting Your Family,” Rowman & Littlefield Publishers, Inc., 2015. The book details how citizens can protect their data while online and documents how much information we provide in order to get a coupon or buy an item on line.
Schneier, Bruce, “Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World,” W.W. Norton & Company, Inc., 2015. Schneier, chief technology officer at Resilient Systems Inc. and a fellow at the Berkman Center for Internet and Society at Harvard Law School, writes an overview of privacy and security that documents how private citizens are dissected by both corporations and government through their online data.
“WannaCry: Ransomware attacks show strong links to Lazarus group,” Symantec, May 22, 2017, http://tinyurl.com/
Choe, Sang-Hun, “North Korea Tries to Make Hacking a Profit Center,” The New York Times, July 27, 2017, http://tinyurl.com/
Cox, Joseph, “Hackers Threaten Release of Atlanta Professional Athletes’ Medical Data,” Motherboard, Nov. 16, 2016, http://tinyurl.com/
Greenberg, Andy, “The WannaCry Ransomware Hackers Made Some Real Amateur Mistakes,” Wired, May 15, 2017, http://tinyurl.com/
Hay Newman, Lily, “Medical Devices Are the Next Security Nightmare,” Wired, March 2, 2017, http://tinyurl.com/
Johnson, Tim, “How The Dark Overlord is costing U.S. clinics big time with ransom demands,” Miami Herald, May 15, 2017, http://tinyurl.com/
Masters, Greg, “New York’s new cybersecurity requirements go into effect today,” SC Media, March 1, 2017, http://tinyurl.com/
Merica, Dan, “The life and death of Trump’s ‘cyber security unit’ plan with Putin,” CNN, July 10, 2017, http://tinyurl.com/
Paganini, Pierluigi, “The total potential loss for financial services globally is estimated at £8 billion,” Security Affairs, March 6, 2017, http://tinyurl.com/
Seals, Tara, “Healthcare Breaches Spike 63% in 2016,” Infosecurity, Dec. 22, 2016, http://tinyurl.com/
Reports and Studies
“2016 Financial Industry Cybersecurity Research Report,” Security Scorecard, August 2016, http://tinyurl.com/
“Code Blue: Why Healthcare Organizations Are Facing More Cyber Attacks, And What They Can Do About It,” FireEye, 2015, http://tinyurl.com/
“Cybersecurity and Financial Stability: Risks and Resilience,” Office of Financial Research, U.S. Treasury Department, Feb. 15, 2017, http://tinyurl.com/
“IBM X-Force Threat Intelligence Index 2017,” IBM, March 2017, http://tinyurl.com/
“Overview of the General Data Protection Regulation (GDPR),” Information Commissioner’s Office, Aug. 17, 2017, http://tinyurl.com/
The Next Step
Mehta, Aaron, “Pentagon tech advisers target how the military digests data,” Defense News, April 6, 2017, https://tinyurl.com/
Popper, Ben, “A rebuke from the US army has DJI focused on improving security,” The Verge, Sept. 6, 2017, https://tinyurl.com/
Porche, Isaac, “Reservists and the National Guard offer untapped resources for cybersecurity,” TechCrunch, April 18, 2017, https://tinyurl.com/
Bendix, Aria, “GOP Firm Exposed U.S. Voters’ Personal Data,” The Atlantic, June 20, 2017, https://tinyurl.com/
Nakashima, Ellen, “Tech firm is fighting a federal demand for data on visitors to an anti-Trump website,” The Washington Post, Aug. 14, 2017, https://tinyurl.com/
Vincent, James, “Ghostery has been bought by the developer of a privacy-focused browser,” The Verge, Feb. 15, 2017, https://tinyurl.com/
Center for Insurance Policy and Research, National Association of Insurance Commissioners
444 North Capitol St., N.W., Suite 700, Washington, DC 20001
Studies cybersecurity issues for the National Association of Insurance Commissioners.
Center for Internet Security
31 Tech Valley Drive, East Greenbush, NY 12061
A nonprofit that works to protect public and private companies around the world from the threat of cyberattacks.
Office for Civil Rights, U.S. Department of Health and Human Services
200 Independence Ave., S.W., Washington, DC 20201
OCRPrivacy@hhs.gov (privacy questions)
The Health and Human Services Department office responsible for monitoring and protecting personal health data.
Office of Financial Research, U.S. Department of the Treasury
717 14th St., N.W., Washington, DC 20220
An independent bureau within the Treasury Department that assesses risks to the financial services industry.
Pew Research Center
1615 L St., N.W., Suite 800, Washington, DC 20036
Research organization that has conducted numerous surveys on public attitudes about cybercrime.
2308 U.S. 31 North, Traverse City, MI 49686
A research organization dedicated to privacy, data protection and information security policy that has done extensive work documenting the cost of data breaches.
Privacy Rights Clearinghouse
3033 5th Ave., Suite 223, San Diego, CA 92103
A nonprofit that monitors invasions of consumer privacy, advocates for privacy rights and maintains a database of significant breaches.