Scouting The Cyberbreach Landscape

When is more of something too much? When is growth something that is not so good? Train your eye on cybersecurity and data breaches, and more is certainly something no firm wants to experience.

And yet, hope cannot trump experience here. According to a report released earlier this month jointly by CyberScout and the Identity Theft Resource Center, within the United States, the sheer number of data breaches is on the upswing, to the tune of about 40 percent, as the total number of breaches found across the duo’s research came in at 1,093.

Breaking down that tally, the business sector was the focus of about 45 percent of breaches. Health care and medical services, grouped together, were 34 percent of breaches. Health care may be especially alluring to thieves due to the value tied to the personal information contained in firms’ records.

And in what might be a relatively healthy spot in hacking, financial services saw a 26 percent decrease, the research showed. Looking at record exposure, 3,182 credit card and debit card records were exposed in financial services, compared to more than 3.6 million combined cards in health care.

Of all records exposed across all industries, 72 percent were uncovered across hacking, phishing and skimming efforts. Social Security numbers were exposed in more than half of all breaches last year.

In an interview with PYMNTS, CyberScout’s Eric Hodge, director of consulting, stated that, even though there has been a decrease in financial services breaches, the sheer rise in attacks overall (across all sectors) shows that more people than ever are looking to expose weak links that can give up sensitive data. The attackers themselves are getting smarter, he added, and can expose and exploit vulnerabilities in relationships between firms and even along supply chains, where far-flung operations and outside parties are tougher to monitor.

For the financial services industry serving corporate clients, he told PYMNTS, banks and others have “invested in their defenses” with the focus on information security, intrusion detection and prevention, all of which are somewhat mature lines of defense. But more recently, he said, the attacks have involved multiple steps, with what amounts to what could be thought of as a “flank attack” and where a contractor or a vendor can be compromised and offer up a way of getting into larger targets. “The hackers can take their time,” said Hodge, and can even develop the ability to “ride a trusted relationship,” to the point where they can take over ACH and other payments functions and misdirect funds.

The steps that firms can take to be preventative (always better than reacting to an actual attack) include “fake phishing tests,” said Hodge, where those weak links can be exposed early and addressed.


. . . . . . . .

Leave a Reply