Cyber-criminals target InvestorIntel
Cyber crime — criminal activities carried out by means of computers or the internet — is the greatest global threat to organizations’ survival today. In fact, according to the director of the US National Security Agency (NSA), General Keith Alexander, cyber crime is “the greatest transfer of wealth in history” as well as the greatest threat to economic security. Until last week, however, I barely gave the subject much thought. On Thursday, November 7th, ProEdge Media Corp.’s (Tracy Weslosky’s company and the corporate parent of InvestorIntel) servers were hit in Chicago via a ‘brute-force attack’ for the second time this year (the first attack was in early May). While the specific details are still being investigated (and the Royal Canadian Mounted Police are involved), suffice it to say, the cyber criminal (or criminals) attempted to take the website offline and gain information. I’m happy to report that while the attack may have (briefly) succeeded in temporarily disrupting the functionality of InvestorIntel, no confidential information or communications were compromised. In other words, we may have been knocked down, but we quickly got back up. Which is great. Indeed, we were lucky. That said, Tracy had to cancel her long-standing business trip to Hong Kong this week to deal with the resultant fallout from the attack. Given much of the subject matter on InvestorIntel (i.e. the urgency of sustainability as it pertains to critical materials), there is a lot of talk amongst InvestorIntel writers and contributors about who wrote what that may have been the catalyst for the repeated attacks.
Cyber crime appears to a bigger issue than most people (and companies) are aware. The bad guys are getting smarter. Whether they are terrorists who realize another way to hurt the world and advance their agenda is to destabilize the economies of developed nations, disgruntled insiders intent on sabotage, or ‘ordinary’ criminals with a predominant profit motive, cyber crimes are increasing and becoming more costly.
Edward Snowden has drawn worldwide attention to information security and protection of personal data online. While the information and communication technology of the digital age has transformed our lives for the better and remains vital to economic growth and our future prosperity, the security of that technology is of fundamental importance to the individual, to businesses and to governments.
Intellectual property theft, data breaches and other kinds of cyber crime are now commonplace and pose a very real threat to all sections of society. The Snowden revelations have highlighted that data is the ‘new gold’ and that urgent action is required to ensure it is adequately protected.
“Probably the most important thing when it comes to information security isn’t so much the technology you have in place to protect yourself, but rather vigilance to detect anything out of the ordinary,” according to IT and cyber crime expert, Ray Delany, CEO of Designer Technology Ltd. in New Zealand. “The ways in which attackers can access information that they can turn into cash are practically limitless. Through the combination of freely available hacking tools, social engineering techniques and just plain devious ingenuity, hackers can and will find ways to make it through any chink in your armour.”
“There’s no question that you should have an appropriate security posture that includes good technology solutions, along with sound policies and procedures,” explains Delany. “But what remains most important is a mindset that assumes you are likely to be a target, even if you operate a small organization which may seem completely outside of the interest of hackers.”
Get our daily investorintel update
In other words, be suspicious. Cyber crime puts company directors and senior executives on notice — that conducting business in a digital world carries new and substantially different types of risks. Awareness is a vital first step of strong corporate governance, but truly safeguarding a company’s digital assets requires timely and decisive action. Unfortunately recent findings indicate C-level executives aren’t taking (enough) serious action on cyber security, despite the relatively recent great awareness. However, as the threat and terrain evolves, cyber risk is not just solely about security. Companies also risk not being positioned for the opportunities and disruptions that emerge as a result of digital technology. Understanding the implications of potential risks enough to monitor and challenge internal policies require more thorough analysis than boards will learn from periodically inquiring into the organizations’ cyber security status. Effectively managing cyber risks and opportunities start with recognizing and understanding the importance of digital assets — and ensuring that the appropriate senior management is focused on cyber security. Companies already spend significant time on financial operations, risk and compliance issues; and while financial risk is (obviously) extremely important, cyber risk also poses a real threat to company performance — and survival. Across sectors, most companies today are technology driven, and therefore vulnerable. Now more than ever, senior management has a responsibility to ensure that management protects the value of the company’s digital assets — including data, information, applications, and networks that exist within the company walls, extended out through suppliers, vendors and other partners, as well as residing in employees’ mobile devices — for the shareholders of the organization.
Cyber crime, unfortunately, is the new normal. As I write this, the InvestorIntel offices are being prepared for an electronic counter surveillance sweep. Welcome to ‘business as usual’ in the 21st century!
Cyber Crime Ty-Facts:
- The most expensive cyber crimes are information theft and business disruption.
- No one knows the true cost of cyber crime (companies conceal their loses and some are not aware of what has been taken), but according to the Center for Strategic and International Studies (CSIS), the global annual cost of cyber crime is approximately $500 billion (and some estimates have it as high as $1 trillion).
- Cyber crime gives rise to the penetration tester — someone who gets paid to pierce the digital defenses of a particular company. The penetration tester tries to spot weaknesses before criminal hackers exploit them on a company’s network.
- The loss of information due to theft represents the highest external cost, followed by the costs associated with the disruption to business operations.
- In the US alone, costs of cyber crime increased 26% from 2011 to 2012.
- 3 most frequently occurring types of cyber crimes (which in total represent approximately 55% of all cyber crimes are): denial of service (DoS) attacks, attacks from insiders and web-based intrusions.
- In a Data Breach Investigations Study conducted by Verizon, 71% of cyber attacks occurred in businesses with fewer than 100 employees. Small businesses are prime targets as they are regarded as being more technically vulnerable than larger businesses).
- In a one-year period, 69% of Canadian businesses said they experienced some type of cyber attack, while only 11% of those affected organizations said they approached the RCMP or any other government agency.
- 90% of US companies said their organizations’ computers were breached at least once in the past 12 months. 59% admitted they were breached more than once. 53% expressed little to no confidence in stopping breaches.
- As end users and companies shift to mobile and cloud computing, so are cyber crimes.
- Experts at the highest levels of government say cyber crime is the biggest threat facing American business today. Hackers are stealing valuable trade secrets, intellectual property and confidential business strategies. The biggest aggressor? China.
- What are cyber criminals looking for? Customer records (information, history), contact lists, employee information, company banking information, and credit card numbers.
- In the UK cyber attacks are classified as Tier One threats to the country — on par with international terrorism.
- Over 100 million passwords have been published online in the past year.
- The first password database leak was in 1965
- The average web user maintains 25 separate accounts, but uses just 6.5 passwords to protect them. The 3 most common passwords are: ‘123456’, ‘abc123’ and ‘password’
- Today’s hackers easily have the ability to generate and cycle through 8.2 billion password combinations every second (with a simple PC running a single AMD Radeon HD7970 GPU).
InvestorIntel is a trusted source of reliable information at the forefront of emerging markets that brings investment opportunities to discerning investors.