As we discussed in our previous blog, cyber crime is a rapidly growing problem for anyone who uses the Internet. According to the Federal Trade Commission (FTC), approximately 10 million Americans have had their personal information stolen at an estimated cost of $5 billion for individuals and $48 billion for businesses.

Theft of data and information is growing exponentially due to the increasing availability and sophistication of malicious software programs known as crimeware. Crimeware is designed primarily to steal financially relevant data, including credit card information, passwords, and bank account numbers. Symantec, the largest provider of personal computer security software, cited a crimeware kit called Zeus, incredibly powerful kit, allows perpetrators to record keystrokes, review and steal files, and potentially access our complete computer systems. There are over 90,000 unique variants of Zeus and cyber criminals are constantly evolving them making it even more dangerous and difficult to detect.

What do these hackers do with this stolen information? They will either use it themselves or they are more likely to sell it to larger criminal organizations on the black market. Symantec issued a separate study entitled Report on the Underground Economy where they found the following:

• Compromised credit cards were the most frequently traded stolen information and could return between $.10 and $25 dollars per card.

• Financial account information sold for between $10 and $1000.

• Full personal identity (name, DOB, SSN, etc) fetched anywhere from $1 to $15.

• Certain passwords, mother’s maiden name, credit card information and certain security question answers bring in a minimum of $200.

The Ponemon institute issued its 2009 Annual Study: Cost of a Data Breach, that sheds light on the direct financial impact of breach notification and indirect financial impact of customer turnover and diminished reputation as a result of data breach. The study compiled data from 45 organizations across 15 different industries and studied between 5,000 and 100,000 personal records. The annual study reported the following:

• The average cost per stolen record was $204, while the total cost per breach ranged from an estimated $750,000 to $32 million.

• Of the $204 per record average cost, $144 pertains to indirect costs, which included abnormal turnover or churn of existing and future customers.

• 42% of all cases involved third‐party mistakes.

• 24% of all cases involved malicious or criminal attacks and 36% of all cases involved lost/stolen laptop or mobile device.

So what can you do to ensure you are not a victim? There are several things you can do to prevent cyber crime such as educating and communicating with your employees and any third party with whom you conduct business. Also, ensuring that your organization has a comprehensive, up-to-date anti-virus (AV) program and keeping your system and all applications up-to-date. This combined with the implementation of cautious browsing and email habits will protect your organization from the sophisticated attacks.

 Comments (0)

As Internet crime is evolving every day so must your business’s security measures, in order to keep you and your company safe. For every piece of information transmitted or stored online, there is a significant risk of falling victim to this type of crime. Internet perpetrators are becoming increasingly sophisticated and capable of attacking your computers, smart phones, internal storage devices and databases with ease.

This three part series will focus on information security and actions that can be taken to minimize the threat of cybercrime. This week we will discuss the emerging cyber security threats and how they could affect you and your business. Currently, the most common cyber threats are hacking, fraud, phishing, attacks via social networking, website spoofing, and spreading malware. Before we discuss these cyber threats let’s first define some common terms.

• Malware: Short for “malicious software” and is software designed to infiltrate or damage a computer system without the user’s knowledge. Can be hidden in zip files or transmitted during instant message (IM) chat sessions.

• Phishing: The criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card detail by masquerading as a trustworthy entity in an electronic communication.

• Trojan Horse: Malware that appears to perform a desirable function (like a game) for the user to run or install but instead facilitates unauthorized access of the user’s computer system. Once a Trojan horse has been installed on a target computer system, a hacker may have access to the computer remotely and perform various operations.

• Website Spoofing: The act of creating a website, as a hoax, with the intention of misleading readers that the website has been created by a different person or organization.

• Zombie: A computer that has been infected by a piece of malicious software such as a Trojan horse or another type of malware. Zombies can be used to bring down corporate networks, websites, and send mass amounts of spam to individual users.

• Keystroke Logging: The action of tracking the keys struck on a keyboard, typically without the person using the keyboard aware that their actions are being monitored.

In 2010, Symantec released an annual report which identified the most common and growing threats from 2009. The Symantec Internet Security Threat Report: Trends for 2009 revealed the United States and China are the top-two countries in the world in which cybercrime originates.

It was also reported that 60% of identity exposures were compromised by hacking attacks and 75% of enterprises surveyed experienced some form of cyber attack in 2009. The top Web-based attacks observed in 2009 primarily targeted vulnerabilities in Internet Explorer, naming it the most attacked browser. By becoming aware of current illegal trends, you can better understand them as well as know how to respond to them. These statistics clearly show how pervasive cyber crime has become and the risks it poses to your business. Businesses need to constantly be aware of these threats and ensure they have the systems in place, that are regularly monitored and updated, to prevent cybercrime.

 Comments (7)

On the heels of the release of the 2010 Report to the Nations on Occupational Fraud and Abuse, there is no better time than now to evaluate your company’s internal controls on occupational fraud. The report, which is released biannually by the Association of Certified Fraud Examiners (ACFE), gathered data acquired between January 2008 and December 2009 and includes countries outside the United States for the first time.

We’ll touch on only a few of the findings, but we want to stress how critical it is to determine what internal controls your company can utilize to prevent fraud from seriously affecting your bottom line. Since we deal with many mid-market companies, we know companies of that size have limited resources to establish internal control. It’s not always easy to take a step back and identify your own company’s vulnerabilities, but it will help determine what steps need to be made.

Below are some of the highlighted findings from the 2010 Report and questions to think about. As a reminder, Stone Carlie is holding a complimentary executive briefing here in St. Louis on December 15th to help you and your company improve your internal controls to decrease the chances of fraud.

• An estimated 5% of annual revenue is how much the typical organization loses to fraud. How much would that take out of your company’s annual revenue?

• The median loss caused by occupational fraud cases in the study was $160,000… but nearly one-quarter of the frauds involved losses of at least $1 million.

• Small companies are disproportionately victimized by occupational fraud, due to the lack of anti-fraud resources. What does your company do to protect itself from fraud?

• The frauds last a median of 18 months before being detected. If you’ve had any cases of fraud in your company, how long did it take to discover these cases?

We understand the current economic climate has had a dramatic effect on many businesses, especially small and mid-size ones. But this economy has also brought with it an increased risk of fraud.

Far too many companies wait until they are a victim of fraudulent activities before implementing or evaluating their internal controls. We encourage you to take the time to assess your organization’s tools and controls on at least an annual basis. Where appropriate, you should consider engaging with a CPA firm that specializes in fraud detection and protection as that cost will be significantly lower than the cost to your business of the average fraud incident.

 Comments (0)