Saturday, September 6, 2014

Take cybercrime to task

"Write to me, please, with your own take on the 2014 Faces of Fraud. Tell me, please, what you’re going to do to help write a different storyline for 2015.". Tom Field, VP Editorial of Information Security Media Group –Risk Information Today, among other renowned blogs– signs this petition.

This reference is part of the introduction of an extensive and precisely documented report entitled The Faces of Fraud in 2014 The impact of retail breaches. Throughout 40 pages, the report details a comprehensive survey on the exposure of outlets the most important breaches, especially Target case; it also incorporates the views of various experts about incident response, awareness, improved security and forecasts for the medium term future. Having lived this week what has been described as possibly the greatest security breach of its kind, the Home Depot case, this report is entirely valid.

Goodwill was involved in a similar incident last year and that affected 330 establishments. Now this retail chain has just concluded its own investigation, which determined that it was not its responsibility, but payment systems from a third party. While forensic reports found no traces of malware, research determined that these payment systems were attacked with infostealer Rawpos, which affects Windows operating systems, versions XP, 7, Vista and 2000.

These massive security breaches affecting large retail chains interests, will they be considered cyberattacks against national strategic interests? That's one of the challenges that NATO has to face: determining what is a cyberattack. Moreover, NATO just sentenced a cyber attack against a Member State shall be treated as a cyber attack against all members, under Article 5 of the organization.

For these actions in defense and response against national interests will also be crucial to determine the origin of a criminal action. For days, Apple denies iCloud security breaches linked to #CelebGate / #CelebLeaks –famous nude photos "stolen" from the private copies in the cloud. However, the Cupertino company has now fixed a vulnerability in the Find my iPhone app, just what first suspicions were drawing.

As you know, risks and precautions are always there. The difference between the cautious and fearful is that while the first one acts, the second one is paralyzed. Do not give criminals this satisfaction. Go on with your own life, as they have no more life than getting things done through illegitimate ways, while the rest of us achieve it with our daily commitment. Be careful, be cautious, but mostly keep doing your life. That will be your best lesson against cybercrime.


Post a Comment