Of the 285 million successful data breaches investigated by Verizon Business last year, 99% of the data was stolen from servers and applications, not desktops, mobile devices, or portable media. Additionally, over 90% of the 285 million successful data breaches involved organizations that provide financial services.
Experts attribute the proliferation of cybercrime in the Financial Services sector to the recent and lucrative trend toward personal identification number (PIN) fraud.
Hackers who successfully associate a stolen PIN with the appropriate credit card or debit account information can steal cash directly from the consumer’s account. This type of attack, where money is taken “legitimately” from checking, savings, and/or brokerage accounts is more difficult to trace and almost impossible for consumers to defend.
Cyber criminals have been quick to react to the vulnerability, re-engineering processing and developing new memory-scraping malware making it easy to obtain and store PIN details.
While Financial Services Organizations accounted for most of the data compromises, they were not the most targeted sector:
- Retail Industry #1 at approximately 33% of all attacks
- Financial Services #2 at approximately 30% of all attacks (highest growth, +16% from previous years)
- Food and Beverage Services #3 at approximately 14%
These statistics (30% of attacks, 90% of successful breaches) indicate that security measures presently in place with financial institutions are severely underdeveloped.
Moreover, hackers will continue to exploit banks, ATMs, and investment firms until steps have been taken to close known vulnerabilities and put preventative measures in place to help defray the next generation of attacks.
“There has been no better time to invest in effective security measures to prevent data thieves from infiltrating your company website and online databases. As these attacks become more sophisticated and widespread, it is becoming a matter of when, not if, your company will become a target of malicious attacks,” warns FireHost CEO, Chris Drake.
First and foremost, these preventative actions should include achieving PCI compliance and hosting web based applications with hosting provider focused on security.
This entry was posted on Tuesday, October 6th, 2009 at 9:00 am and is filed under Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
