Page 14 - Cyber Warnings
P. 14
Adapting to the Size and Speed of CyberFraud
500 million hacked.
At first, it was the magnitude of the Yahoo! breach that made headlines. That at least half-billion
users had their personal information stolen sent a chill down the spines of both customers and
the brand-name institutions they rely on. In the following days, insiders explained how Yahoo!
was slow to make cybersecurity a top priority after it was hacked six years ago by the Chinese
military. The company allocated resources for improving appearance and user convenience at
the expense of basic security measures. When accounts were breached, it sometimes wouldn’t
even demand a password reset, for fear of turning off users.
Overview
For financial institutions (FIs), security has always been a top priority. Where that once meant
steel vaults and armored trucks, now it means digital solutions. In March, the Consumers and
Mobile Financial Services report from the Federal Reserve found that people use online banking
almost as much as they head to the ATM (71 percent vs. 75 percent). Mobile banking is on the
rise too, now used by 53 percent of people with smartphones.
Aware of digital exposure, FIs are acting fast. Last year, J.P. Morgan doubled its cybersecurity
budget from $250 million to $500 million, and Bank of America CEO Brian Moynihan said his
company’s cybersecurity budget was essentially unlimited. Cybersecurity is a worry across all
industries – in 2014, cybercrime had a market capitalization of $445 billion, meaning that if it
were a company it would be second-biggest in the US, behind only Apple – but for FIs it is
extremely important, as they deal with cash, credit, mortgages, securities, pensions, and
payments. To survive in this increasingly turbulent cyber world, it is imperative for them to
understand not just how large cyberfraud has become, but how it happens – and how it can be
prevented.
How Hackers Monetize CyberFraud
According to the Verizon Data Breach Investigations Report (DBIR), 95 percent of web app
attacks are motivated by money. Hackers rarely fit Hollywood stereotypes about revenge and
altruism. They are looking to steal high volumes of sensitive user data to sell on the Dark Web.
They often use an e-commerce platform as the means of entry, or gain a stronghold through a
phishing campaign. The DBIR found 20,000 incidents where compromised websites were used
in distributed denial of service (DDoS) attacks or repurposed as phishing sites.
14 Cyber Warnings E-Magazine November 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
