It has happened again. Another breach. Another report of millions of credit card numbers at risk. Another round of media coverage. Another reminder that despite all the sophisticated technology that enterprises have deployed to protect computer networks, these breaches still happen. But despite the negative publicity that comes from continuing reports of such breaches, the need to be vigilant about thwarting such attacks remains, says Steve Durbin, global vice president of the Information Security Forum (ISF).
“It’s big business, big money and cybercriminals tend to follow the money,” says Durbin, whose organization recently released a report, “Threat Horizon 2014: Managing Risks When Threats Collide,” that warns of the increasing sophistication of cyberattacks to spread malware and break into networks to steal data and money.
The latest breach was reported Friday when Visa and MasterCard acknowledged that the computer network of a third-party payment card processor had been breached. Various news reports identified the target as Global Payments, of Atlanta. While estimates of the number of credit card accounts exposed ranged from 1 million to 3 million to as many as 10 million, there’s no evidence yet that any fraud has occurred.
Still, this event underscores the point the ISF makes in its Threat Horizon report that “the range and complexity of information security threats is set to rise significantly over the next two years.”
The report looks at three broad areas of security: external threats from cybercriminals; regulatory threats, such as laws requiring greater transparency and disclosure of breaches, as well as stricter data privacy protection; and internal threats from new technology introduced onto data networks without proper security vetting, such as the “bring your own device” (BYOD) trend.
The ISF, a global not-for-profit organization based in the UK that shares research and other advice on security best practices with organizations, warns in its report that cybercriminals are getting more sophisticated in their attacks and that different groups of cybercriminals are learning from each other. For instance, says Durbin, there have been cases in which organized criminals have adopted techniques developed by online activists, such as the group Anonymous, which has launched distributed denial of service (DDoS) attacks on Web sites to make a political point.
In addition, the distribution of malware has exploded, Durbin says, referring to the places on the Internet and other networks from which malware is disseminated as “malspace”. Also on the rise is the distribution of malware on mobile devices, such as the recent case in which several apps on the Google Android Market were found to be tools to distribute malware.