Not so long ago, the mafia used to be more interested in controlling stolen goods and garbage collectors and hackers were motivated by fame and media attention. Things have changed.
In the past couple of years we’ve seen a crime rings and hackers joining forces to steal information – credit card details, bank account logins, and even full identities. They then sold this information in the underground economy.
There has been another evolution in these attacks. There is now a “stack” of operators in these groups, with organized crime facilitating and orchestrating the operations. There are hackers and computer experts involved up front to get in and get the information and “mules” on the back end who are recruited to turn the identities or credit card numbers into actual money that is then funneled back to the crime leaders.
Stolen or lost laptops are the most common type of data breach. You read about these cases on a daily basis in the news. Why? It’s obvious to both employees and employers when laptops go missing and companies report the losses at a much higher rate than any other type of data breach. But there’s a public misperception that these missing machines translate into identity theft. The reality is that most laptops are fenced for their hardware value, not for the confidential information that might be found on the machine.
We’ve recently seen media coverage on the impact and cost of lost laptops – from a laptop that contained personal information about thousands of Bernie Madoff’s Ponzi scheme victims to a hospital that potentially compromised more than 30,000 of its pharmacy patients’ prescription records.
While organizations may not be able to stop the loss and theft...
Information security was, for many years, focused on protecting against external threats and attacks. While those threats still remain, a new and more insidious threat has emerged – the malicious insider. With a down economy, we’ve seen more employees stealing confidential information from their mostly unsuspecting employers to reap personal gains.
We see these events all the time. These anecdotes of breaches by malicious insiders illustrate the nature of the threat and expose weaknesses in information security programs – the malicious insider. One such insider worked at a healthcare company and used her access to patient databases to create counterfeit prescriptions for controlled substances. She turned around and sold those prescription drugs for a hefty profit. She was caught after the damage was done, but is now facing prosecution.
