Cyber attacks have become a regular occurrence in the last few years; in fact, you can’t turn the news on without some mention of a business suffering an attack. Most attacks are fuelled by criminals looking to steal valuable information, but what type of information is being stolen?
According to a report by Veracode, the top 5 types of information that are stolen are:
No surprises here of course. Card payment data is a very attractive form of information for cyber criminals to steal. Card data provides quick access to money in multiples ways such as siphoning the victims account, using their card for purchases or selling on the black market.
Selling and purchasing card payment data online is terrifyingly easy, so easy in fact that you could have bought several card details in the time it’s taken you to read this far.
Details that allow authorised access into online systems are very valuable on the black market. Imagine the price tag on login credentials for the email address of a celebrity, or the president of an international bank.
Unfortunately, humans are subjects to bad habits such as using the same password for online accounts. So if cyber criminals manage to get hold of your Facebook password, then they will most likely be able to login to any of your accounts.
Why would a cyber criminal pay for software when they could just steal it? With most websites being vulnerable to attack, a cyber criminal could in theory steal any software they fancy, costing organisations a large sum of money.
Thieves could sell your stolen personal health information on the Internet black market, use your credentials to obtain medical services and devices for themselves and others, or bill insurance companies for phantom services in your name.
Medical ID theft is worse than financial identity theft, because there are fewer legal protections for consumers. Many victims are forced to pay out of pocket for health services obtained by the thieves, or risk losing their insurance and/or ruining their credit ratings.
Depending on how you define classified, this could include information such as your organisation’s top secret product idea or the code for your security door. Either way, if it’s labelled classified then you don’t want it to be in the hands of cyber criminals.
Protecting this information
There is a high chance that the five forms of information listed above can be found on your organisation’s network, so what are you doing to protect it?
What you should be doing is carrying out regular vulnerability assessments of your network to identify where you are vulnerable. After a vulnerability assessment is carried out, you should be conducting a risk assessment to identify critical components which will, if compromised have a high impact on the organisation. Finally, these systems should then be penetration tested to identify if they are exploitable and what the impact would be.
IT Governance is currently running a 20% discount on its CREST-accredited pen testing services if booked before 28 March 2014.