The New York Times reports that Home Depot's data breach could affect 60 million users – 20 million more than the Target attack – which brings up new questions about the nature of these attacks.
The same malware – BlackPOS – appears to have hit both Target and Home Depot, and it has been traced to a group of Russian cyber criminals, who may have a bone to pick with U.S. companies. In fact, on underground sites where cyber criminals sell stolen credit card data, these Russian cyber punks posted the Home Depot cards under the title of "American Sanctions," a barb referencing the American government's response to the Ukraine crisis.
Data security experts have long warned that U.S. companies might find themselves in the crosshairs of foreign cyber criminals intent on stealing financial data and other protected information. The last 12 months have shown these warnings to be accurate.
Though most of our blogs focus on the facts of IT risk management and data breach prevention, let’s get theoretical. In this post, we'll explore the origins of data breaches and how the future of cyber security might be scarier than we realize.
Attacks from Abroad: Why Cyber Criminals Target Your Clients
While some hacks have been state-sponsored, most are committed by unaffiliated cyber criminals who want to steal data and sell it online. Digital commerce brings common criminals from all around the world right to the door of your clients’ businesses.
Cyber criminals target your clients because…
- It’s not illegal. While it's illegal in the U.S. to gain unauthorized access to another person's computer, many countries simply don't have laws or infrastructure in place to catch cyber criminals. As a result, cyber crime flourishes overseas.
- Lower security standards create a breeding ground for malware. For example, the vast majority of Android malware is developed abroad. Because foreign users are much more likely to pirate Android software – there aren't laws in place to protect and enforce proprietary software rights – they are also much more likely to download malware. (For more on mobile malware attacks, read the post, "Mobile Security Update: 1 in 10 Android Apps Is a Virus.”)
- Cyber crime pays really, really well abroad. Cyber criminals are getting smarter and developing more advanced digital weaponry capable of stealing data from your clients.
Cyber Warfare: Why Your Clients Might Be Besieged in a Cyber Attack
Before we go overboard with the war metaphors, we should qualify what we mean by "attack."
Many of your clients might be hesitant to invest in cyber security and follow stricter data security protocol because they can't imagine why a hacker would attack their business. In reality, hackers don't really target their victims that way. Hackers scan thousands of websites and IP addresses for vulnerabilities. When they find one, they attack.
Because so many attacks are crimes of opportunity (and 74 percent of small business are victims of data breaches, according to the Verizon Data Breach report), it's crucial for IT consultants to keep their clients outfitted with up-to-date software. You'll need to educate your clients about what threats are out there and what they can do to prevent…
- POS attacks.
Many of these types of attacks have increased in the last 12 months.
The New Cold War of Cyber Security
While the Cold War featured the omnipresent threat of nuclear war, the growing data security crisis features a daily threat of foreign cyber attacks through a combination of loose regulations abroad and the proliferation of data. But, unlike the Cold War, battles will be fought by private companies and the IT consultants who work for them.
There won't be an arms race, but there will be a back and forth struggle as IT consultants work to develop better security software and ways of strengthening their defenses.
As an IT professional, you can't avoid the risks involved with this growing cyber security crisis. In fact, these risks are financial ones. After a breach, clients can sue their IT contractor to recoup damages. Because your dollars are at stake, let's look at what you can do to cover this risk.
What Tech Consultants Need to Know about IT Risk
Because data breaches can lead to lawsuits, legal fees, and settlements that cost their business hundreds of thousands of dollars, IT professionals need to be prepared for the financial impact of a data breach.
By investing in Errors and Omissions Insurance, IT consultants can be compensated for legal defense fees and lawsuit expenses that follow a data breach. For free quotes on E&O with third-party Cyber Liability Insurance coverage, submit an online insurance application.