One of the most sophisticated and effective cyber crime attacks in banking history occurred last week on a grand, global scale. Called a “cashout” or “PIN cashing” scheme, hackers used data stolen from prepaid debit card accounts to withdraw currency from A.T.M.’s located in 24 countries including the US.
“In two precision operations that involved people in more than two dozen countries acting in close coordination and with surgical precision, thieves stole $45 million from thousands of A.T.M.’s in a matter of hours."1 (Full story)
As data breaches make headlines, companies are struggling to detect them before they wreak havoc and cause irreparable damage. Today’s threats underscore the vulnerabilities of financial institutions and corporations large and small. But not every threat is a well-calculated international cyber scheme. In fact, almost half of today’s security breaches can be traced back to the careless act of an employee, contractor or other company insider.
The following profiles show the segmentation of security threats and motivations today.
“The Inadvertent Actor” -- 49% of today’s threats are caused by insiders, employees, contractors, or outsourcers who are inexperienced. They inadvertently cause harm by unwittingly carrying viruses, or posting, sending or losing sensitive data. You might be surprised to know that the number one reason why attacks are possible is because someone clicks on something that they should not have.
“The Opportunist” causes 7% of attacks and is motivated by “bragging rights.” These attackers use viruses, worms, rudimentary Trojans, and bots that are easily detected. The offenders are usually inexperienced (aka: script kiddies), have limited funding and target known vulnerabilities.
“The Hacktivist” is responsible for 15% of attacks. They use technology to make a social, ideological, religious, or political statement (“white hat” or “black hat”). Their skill level can range from inexperienced to intensely talented. Targets are usually known. Their work is detectable, but hard to attribute. In general, most hacktivism involves website defacement or denial-of-service attacks, but they will use malware as a means to introduce more sophisticated tools. This type of threat is increasing in frequency.
- Advanced, Persistent Threat is responsible for 23% of attacks today. These come from national governments, organized crime, industrial spies, or terrorist cells that target technology as well as information. They are well-financed and motivated by profit. They demonstrate sophisticated trade craft, establish covert presence on sensitive networks, and are increasingly difficult to detect. This type of threat is also growing in prevalence.
Call to action? Don’t be an entry point.
As managers, we need to keep a sharp eye on our own – and our teams’ -- potential to become Inadvertent Actors. It is very important to talk to your teams about cyber security and good security practices on a regular basis. Don’t become a statistic. I encourage you to review, share and follow these four tips:
1. Think before you click.
- If you don't know the source of the file or are uncertain if a link is valid, don't click on it.
- Hover your cursor over a link to verify that the destination is trusted – before you click.
- Only click on links in emails and files that you know are trusted and safe.
- Navigate to a site directly and verify its authenticity – before you bookmark it.
2. Protect passwords.
- Use passwords that would be hard for others to guess or figure out.
- Use a different password for each Intranet, VPN, email, computer, and external website login you use.
- Instead of using a common word, try thinking of a phrase you can easily remember, using the first initial of each word in the sentence, and replacing some words with numbers or special characters.
If you have many passwords to remember, secure your list of passwords in a password-protected file or folder.
- Don't ever share your password with anyone.
- Don't provide your password over the phone or change your password in response to a telephone request.
3. Connect to networks safely.
- When you connect to a public wireless network, treat it as untrusted.
- Use only IBM-provided or IBM-approved VPN software when conducting IBM business or sharing IBM or client information of any kind.
- To prevent unauthorized access, disable any secondary network access (such as cellular wireless cards) while connected to an IBM network.
- Set your Bluetooth settings to "non-discoverable" to make your device invisible to others. While each device is different, these are usually controlled via the "Settings" function of your device – either under a "Bluetooth" or "Wireless/Networks" category.
4. Report security incidents immediately.
Report any incident (or suspected incident) immediately to your manager, IBM Legal, or Corporate Security. Please do not try to resolve or investigate any potential incidents on your own.
Vice President & Business Line Executive, Systems Software and Security
Systems and Technology Group