Brendan Rizzo, technical director of EMEA at HP Security Voltage, offers up his top security tips for businesses and details how cyber criminals have changed over the years.
How has cybercrime changed over the years?
Thieves are generally looking to steal something they can easily resell to make money. Just a few years ago the model was to break in to an office or warehouse to steal physical items. Now, cyber criminals break into digital systems and steal data. Data has become a business’ most precious asset.
What kind of data are cyber criminals looking to steal from consumers?
Cyber criminals are after data they can easily resell, such as credit card numbers or personally identifiable information. By stealing consumers’ credit card numbers, the criminals can rack up fraudulent charges before the consumer spots the unauthorised charges on their credit card bill.
Why target consumers’ ID numbers or name and address?
Having those pieces of information allows cyber criminals to open unauthorised accounts, even take out loans in the consumer’s name. However, this last year we have seen an increase in consumers’ healthcare and National Insurance numbers being targeted. Having a person’s NI number allows cyber criminals to get high-demand prescription drugs in the consumer’s name and have the potential to blackmail those people.
How can we expect cyber threats to evolve over the next year?
With the implication of chip and pin cards in the US, it will be harder and more expensive for cyber criminals to make fake credit cards. However, just as when the EU went to chip and pin cards over a decade ago, there will be a huge explosion of online credit card fraud, as a card does not have to be present.
A huge potential for threat in any country is the ubiquitous Internet of things or IoT. Electronic devices such as smart appliances or home thermostats are now able to connect to the internet via a wireless router, one of the most insecure devices on the internet.
IoT devices themselves were not designed with security of data in mind. Most devices have a minimum protecting of a default password, however consumers are not aware they need to change it or go over security settings for their devices. This allows the cyber criminals to access wider systems as the insecure device or router allow them in.
What are your top three security tips for businesses?
1. Know where you sensitive data resides. Take time to discover how is it coming in to your organisation and where is it going.
2. Decide who in your business needs access to that sensitive data. For example, do customer service reps in your call centre need access to unencrypted credit card data to up sell consumers on your loyalty or rewards programme?
3. Practice data-centric security. Protect the data by encrypting it as it comes in to your systems, and secure sensitive data at-rest in-use, and in-motion, not just where you store it. Remember, with cyber criminals, it is not a matter of ‘if’ they will breach your systems, but ‘when’. Having all your sensitive data encrypted means they will get nothing of value and will quickly move on to an easier target.
Throughout November, PCR is running a dedicated Sector Spotlight on Security – Click the logo below for more articles