Current state of cyber crime – does the public know?

At a small gathering of friends last night, I realised that the current state of cyber crime isn’t as publicly known as it should be. This revelation came to me when my friends’ faces drew a blank when I mentioned the recent breaches at eBay and Target and the attack on Code Spaces.

I was sure that these were well-known stories but my assumption was wrong. In fact, I dug a bit further and discovered just how wrong I was.

My parents had no idea what I was talking about.

My girlfriend had no idea what I was talking about.

My friends had no idea what I was talking about.

The waiter had no idea what I was talking about.

First off, let me clarify that I’m not under the impression that all of mankind is oblivious to the severity of cyber crime, neither do I habitually collar waiting staff about cyber security issues when I’m eating, but it does seem to me that most people could do with some exposure to the current state of cyber crime. So here we go:

Let’s talk numbers

In 2013 there were 2,164 separate incidents which saw over 822 million records exposed, nearly doubling the previous highest year on record (2011). Hacking accounted for almost 60% of incidents and over 70% of leaked records.

Who’s who?

In the US, the average number of identity fraud victims per year is 11,571,900. The financial loss attributed to identity theft in the last four years looks like this:

Total financial loss attributed to identity theft in 2013 $24,700,000,000
Total financial loss attributed to identity theft in 2012 $21,000,000,000
Total financial loss attributed to identity theft in 2010 $13,200,000,000

Identity theft can happen to anyone. It doesn’t matter if you make £5,000 a year or £100,000 – you’re still a target.

Small businesses, big costs

The average cost to a small business after suffering a security breach is between £65,000 and £115,000. That’s enough money to force a business to close or to make severe staff cutbacks. If you work for a small business, it’s probably worth sharing this information with whoever is responsible for information security.

Do you have doubts about your employer or a company you use?

Raising concerns about information security is something that must be done. If you’re not comfortable about how your employer handles information security then speak up – or risk the company going under when it suffers an inevitable breach.

If you’re not 100% sure that a service you’re about to use is secure, then ask. If they come back with nothing, then take your custom elsewhere.

When you’ve found the right person to speak to, direct them to IT Governance.