As one of the leaders in the cyberinformation industry, Verizon goes to great lengths to understand how data breaches happen.
In its most recent Data Breach Investigations Report (2014), the experts who analyzed more than ten years’ worth of reported cybercrimes found that more than ninety percent of the crimes could be traced to one of only nine different issues or behaviors that invited criminals in:
- Random mistakes, such as sending an email to the wrong recipient (providing that user with access to your personal information)
- Malware, or software whose purpose is to work its way into your stored data and pull out pertinent information
- Insider abuse, which occurs when someone with granted permission to access your content misuses that permission for illegal gains
- Physical theft or the accidental loss of your computer, phone, tablet, or credit cards
- Web-based attacks that work through a “hole” in a website or app
- Denial of service crimes, in which a hacker attacks a server to prevent customers from having access to their goods, services, or account information
- Cyberespionage, which as the name implies, is using technology for spying purposes
- Point-of-sale attacks in which consumers’ personal information is stolen through retailers’ malware-infected servers
- Payment skimming, which can happen when your information is stolen at the point when your card is slid through a payment console
Verizon’s team broke the report down even further by explaining that a full 75% of these crimes as they affected banks and corporations involved either Web app attacks, denial of services, or card skimming crimes. Retail outlets were more affected by denial of service attacks and those point-of-sale crimes. The researchers did discover that cyberespionage is on the rise by having nearly three times as many reports as in the past.
Perhaps most interesting to the average consumer is the fact that the number one way to gain access to personal identifying information—including not only that personal information, but financial information—is through stolen user names and passwords. It’s disappointing to know that there isn’t a foolproof way to completely prevent cybercrimes and identity theft, but it should be reassuring to know that the overwhelming majority of these kinds of crimes fall into one of those categories. That means that law enforcement and the financial and retail industries at least have a good idea of where their breaches can happen and what to do about it when it does happen.
But what can you do about it? As always, the most important thing you can do is to guard your information in order to prevent a crime. Don’t use the same username and password on multiple sites, especially ones that link to your finances; also be sure to change those passwords from time to time. Keep your online shopping limited to well-known retailers who you trust. Even though recent news has proven that anyone can be a victim of widespread point-of-sale attacks, large corporations are more likely to have safeguards in place and to be prepared in the event of an attack on your finances.
Interestingly, this year’s report marks the first year that the team studied attempted attacks that were unsuccessful. This gives the industry a better understanding of cybercrime in general, which makes the awareness efforts of groups like the ITRC more purposeful and increases the chances that we can prevent this type of crime.
If you found this information helpful, you may want to consider taking part in the Identity Theft Resource Center’s Anyone3 fundraising campaign. For more information or to donate please visit http://www.idtheftcenter.org/anyone-3.