The following is taken from the Whitepaper “Mobile Security: Protecting Your Money in a 21st Century Environment.” You can read and download the entire Whitepaper here.
In today’s world of sophisticated 21st century technology, the opportunity for predators, hackers and other digital criminals is enormous. More and more US consumers are conducting their daily business online, exposing themselves to the costly consequences of losing control over their most sensitive personal information. The costs to business and consumers alike can be staggering: companies around the globe lost $1 trillion from data loss in 2008 alone, according to a 2011 McAfee report. The average company suffered $1.2 million in losses.
Every single day, consumers enter their private information like their address, credit card numbers, phone numbers and even their social security numbers in order to shop online, apply for a new credit card or get a new social networking account. With every submission, consumers risk having that information exposed to people who can wreak havoc on their lives, taking a potentially huge financial and emotional toll.
Words like “malware,” “phishing,” “spyware,” and “data breach” have become all too common on nightly news shows. Companies big and small, local and global, financial and retail are all vulnerable to security attacks. In the health care industry alone, there were over 225 breaches of more than six million patient records just since August 2009. 61% of these breaches were the result of malicious intent.
As more and more companies begin to store their data in the cloud, cybercriminals have developed new ways to target this information. According to the McAfee report, “The cyber underground economy has shifted its focus to the theft of corporate intellectual capital–the new currency of cybercrime.” Hackers are realizing the immense value of the corporate data minefields that are stored on virtual servers. Even the most sophisticated corporations like Sony, Google, ExxonMobil and Bank of America (not to mention the US government itself) have been subjected to damaging cyber attacks.
As the bad guys get smarter, companies in all industries must make data security a top priority if they are to survive in the 21st century economy. This new world is composed of primarily intellectual capital – as opposed to physical capital – that provides ripe new opportunities for creative cybercriminals. More information than ever is shared via e-mail, cloud-based servers and other modes of communication that offer just as much potential for theft as they do convenience, efficiency and speed for the companies who use them every day.
And with the newfound prominence of organizations like Wikileaks, companies around the world are now forced to deal with the most difficult threat of all: insiders who deliberately spread or sell proprietary information for their own purposes. All the technology in the world cannot stop a disgruntled employee with enough access from exposing thousands of consumer profiles, financial information, legal documents and more. Every company who cares about its customers and its own ability to survive must examine its existing security protocols and evaluate whether it is utilizing the most sophisticated systems available to prevent data loss.
To be sure, the incentives for cybercriminals to develop the next great attack are stronger than ever and are not going away. In 2010, Gordon Snow, Assistant Director of the FBI testified before House Judiciary Subcommittee on Crime, Terrorism, and Homeland Security:
“The impact of cyber crime on individuals and commerce can be substantial, with the consequences ranging from a mere inconvenience to financial ruin. The potential for considerable profits is enticing to young criminals, and has resulted in the creation of a large underground economy known as the cyber underground… a pervasive market governed by rules and logic that closely mimic those of the legitimate business world, including a unique language, a set of expectations about its members’ conduct, and a system of stratification based on knowledge and skill, activities, and reputation.”
Financial firms in particular – since they offer the most direct access to consumers’ bank accounts and other valuable data – must stay vigilant in the fight against cybercrime. They need up-to-date policies in place to train and educate their employees and their customers. But more important, these firms must ensure that they are constantly investing the technology solutions of tomorrow in order to mitigate these threats before they fall victim to costly data breaches. Whenever money is involved, as with banking transactions or any transfer of cash, criminals will do whatever it takes to crack the corporate code and steal valuable data.
Consumers’ wariness of cyber theft has been intensified by the many high-profile episodes of expensive attacks on companies like PayPal, Visa and MasterCard. While a new generation of adults has been raised to trust the internet and often provides their precious information with nary a second thought, the need for vigilance is still high. Consumers expect – rightly so – that the businesses they choose to trust with their data are doing everything in their power to protect that information. They expect companies to go beyond the bare minimum required by law. They expect honest communication about attacks, immediate remediation whenever fraud or theft occurs and above all, they expect that businesses care as much about their data as they do.
And, of course, the increasing trend towards mobile commerce presents another set of challenges for today’s companies. There are more end-points than ever which all present fresh opportunities for the theft of confidential information. New devices, various smartphone designs, and social networks allow consumers to be more connected than ever before, resulting in unprecedented gains in workplace efficiency. But along with the incredible new ability to communicate and collaborate, consumers face the added prospects of much increased risk that their data could be leaked. Companies can never remain complacent as cybercriminals are constantly evolving their own methods of attack.
The good news, however, is that smart companies who recognize the threats that are out there have an advantage. While no system, policy or single technology can ever guarantee total security, today’s businesses are implementing a wide range of measures that can minimize the risk that they and their customers face. With proper planning, sufficient dedication to investment and education and a business culture that welcomes new technology with openness and honesty, companies can take their cyber-security into their own hands.