As 2016 winds down it is time to start looking ahead to 2017. Recently, Experian, a leading global information systems company, released its 2017 Data Breach Industry Forecast. Below we summarize five upcoming trends from the report that companies should be aware of for 2017.
Tesco Bank, a Scotland-based bank and subsidiary of U.K. supermarket giant Tesco, recently blocked all online transactions tied to customers' checking accounts after money was stolen from an estimated 20,000 of those accounts and the bank detected suspicious activity involving another 20,000 accounts, according to CEO Benny Higgins.
On November 9, 2016, the Bank reported that nearly $3 million dollars was stolen from affected accounts, which are operated through an app or online. Customers have reported that sums have been transferred to Spain and Brazil. The Bank said is it first saw signs of fraud on the evening of Nov. 5. Some Tesco customers, taking to the bank's customer service website, have reported that their accounts were unexpectedly drained over the weekend. Others have reported difficulty in being able to connect with telephone-based Tesco call center staff. The Bank has stated that it will refund all accounts for every customer affected by the breach.
If you follow the news cyber-attacks are covered on an almost daily basis. Whether the victim is a mega chain store like Target, an international banking corporation like Chase, or a small-time local main street business, cyber-attacks are now commonplace. All organizations, including non profits, must now consider cyber risk about its governance. Why would non-profits be a viable target? Follow the money. There is no question that non-profits attract financial transactions, and for good reason. These organizations represent the funneling of help and support so that it can be focused into combined efforts toward a beneficial public cause. However, all of that transaction information can be a gold mine for a hacker as well. Donor files, employee files, and credit card information all valuable information to a hacker. The damage of a cyber-attack can be two-fold. Financially the costs of responding and recovering the data lost combined with the loss of potential donor funds represent significant risks to achieving the organizations objectives. In addition, now that the organizations security and that of its donors has been compromised, so to is its reputation.
Each year during tax season, there always seems to be a new data breach or phishing scheme that reminds us how important cybersecurity is to all of us and our Organizations. It’s important to understand the risks associated with these data breaches and some best practices to protect your Organization from further damage.
Regardless of the focus of your not-for-profit, technology is now a part of everyday life and business. And if you collect donations as most not-for-profits do, you probably are collecting and storing, in some capacity, sensitive information that hackers may find very valuable in an attack (such as names, addresses, credit card information, etc.).
Listen to any IT expert when he or she is talking about a cyber-attack and the typical response will be– It’s not a matter of “if”, but “when”.
Symantec, a global internet security company, just released its 2016 Internet Security Threat Report, and the attack trends continue to back up the above statement. Here are some key areas noted in the Report:
BankInfoSecurity's webinar last week titled "State of the Hack" had telling insights into the world of cybersecurity and how the industry is forecasted to change in the coming year.
Protected Identifiable Information
Over the last year, hackers have shifted their focus away from credit card data and toward obtaining personal identifiable information (PII). While major retail hacks dropped over the course of 2015, PII became more vulnerable in large organizations such as the FBI, Trump Hotels, and T-Mobile. Which brings about the biggest concern for 2016 - protecting PII.
But what is Personal Identifiable Information? PII is classified as any information that is personal in nature, social security number, date of birth, previous employers and addresses, or drivers license numbers. This information generally does not change or is extremely difficult to change and as a result, is valuable in the hands of those with malicious intent. With the large numbers of credit and debit cards stolen every year, banks have responded with EMV technology that makes them more difficult to copy. The same cannot be said for PII.
No joke, the headline for this article is factual, correct and happening right now. Experts in the malware field have identified a new hybrid malware known as GozNym which is attacking American and Canadian bank accounts. Spawned from the coding and traits of two previous problem packages, Nymaim and Gozi, this latest virus creation has already been used to steal $4 million.
When you think of cybersecurity and data breeches, large government, financial, and retail entities typically come to mind. Since we tend to only hear of breaches with big-named, for-profit entities, many in the not-for-profit space tune it out, thinking these are problems only businesses experience.
The reality is that data breaches can occur with any organization. Analysis of data breaches continues to highlight that more and more not-for-profits are being targeted. Surprised? Most are. The reason is that while large retailers and financial institutions have a huge target on them (no pun intended), they also have extensive security systems, which is why hackers are now targeting not-for-profits. Why try to break into the equivalent of Ft. Knox when you can walk right into a small non-profit’s back door?
According to Verizon’s DBIR, 96% of attacks are not very difficult which means even novice hackers can exploit most systems. Yet the report points out that many cyber attacks could be prevented through a more vigilant approach to cybersecurity.
Unfortunately, these breach events can do irreversible damage to an organization’s reputation and its financial stability. Loss of reputation alone can force a smaller non-profit to shut its doors, as the breach is almost guaranteed to get picked up by the local media and social networks.Keep in mind, even if your not-for-profit does survive the reputational loss, the costs of settlements, notifying affected parties, and monitoring breached parties are sure to put a financial strain on the organization. These costs are not covered by general insurance, but by cyber-security insurance, which many not-for-profits either don’t have or the coverage is inadequate.
Remember this: the worst possible decision is to do nothing. A not-for-profit does not have to spend significant resources on information security in order to protect the organization – but it should have some funds dedicated to cyber security. Regardless of the focus of your not-for-profit, technology is now a part of everyday life and business. And if you collect donations like most not-for-profits, you probably are collecting and storing in some capacity sensitive information that hackers may find very valuable in an attack (such as names, addresses, credit card information, etc.). Also bear in mind a data breach doesn’t just equate to a cyber attack. It can be because of human error, such as a misplaced laptop, smartphone, or flash drive containing sensitive information.