What Happens to your Stolen Data?

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.freshbusinessthinking.com/business_advice.php?CID=0&AID=13757&Title=What+Happens+to+your+Stolen+Data#.VHy4ADHF-So

Despite the wealth of media coverage generated around high-profile attacks
on the likes of Target and eBay in the past year, too many businesses
continue to fail to protect their customers from online criminal abuse.

Indeed, hackers are amplifying their use of email to spread data-theft
malware. With such attacks designed specifically to trick users into
handing over their information or downloading malware onto their machines,
it is unnerving to think about what these nameless, faceless hackers are
doing with the data they make off with.

When an attack is announced, people tend to worry about identity theft and
their bank accounts being illegally accessed. Cue, passwords being changed
and bank statements thoroughly checked. However, with some breaches —
particularly larger ones — cyber criminals will have gained terabytes of
data, all of which they probably won’t use right away. The information they
received is probably just one step in their plan, and there is a
possibility that we’ll see the effects of this year’s attack, months, and
possibly years, from now.

In addition to the ‘valuable’ data stolen, such as credit card details,
cybercriminals also end up with what is called ‘by-product’ data. This
includes data that may not have any value to them, including surnames,
maiden names, date of births, addresses etc. However, this information will
be useful to other criminals who want to target specific people through
spear phishing and social engineering attacks. It then becomes a bit like
stealing a car and selling it for parts. Stolen data is essentially
manipulated to access even more confidential data.
Worryingly, subsequent attacks designed with this data at their core are
invariably much more visually and technically refined and therefore more
successful in duping the user being targeted. They hit their targets
because the email received looks legitimate and has apparently come from a
trusted source. It’s important to remember that well-funded cybercriminals
have the resources, time and energy to create these email replicas and
phony websites.

> From a business perspective, given email remains a simple and direct way of
reaching and staying in touch with customers, deploying solutions that
defend customers from cyber attacks of this nature has become more
important than ever. Indeed, losing email as a trusted communication
channel with consumers can have reverberations throughout the business,
especially from a marketing and sales generation perspective.

That said, while we may only seem to hear about big name data breaches, our
personal online behaviour also needs to be reassessed. Consumers must be
vigilant with their data and continue to be on the lookout for emails,
attachments or unofficial pop-up ads that look suspicious. Spear phishing
is simply a 21st Century equivalent of traditional, non-technological
tricks, such as pick-pocketing, therefore the smarter and more street-wise
the user is, the less likely they are to fall victim.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!