Well, ‘tis the season – a season for celebrating and a season for shopping. You are the CISO, the head honcho for everything information security. So who’re you gonna call when everyone and their mothers come running your way asking how their information can be kept safe this holiday season?

Here’s your cheat sheet. A compendium of facts, tips and references.

QUICK FACTS

  1. According to the Ponemon Institute:
    • The costliest cybercrimes are those caused by malicious insiders, denial of services and web-based attacks.
    • 64% experienced web-based attacks and 62% experienced phishing and social engineering attacks. Most companies also experienced malicious code and botnets (both 59%) and denial of service attacks (51%).
    • Malicious code is the costliest problem for U.S. companies. Countries with the highest costs related to denial of services attacks are the UK and Australia. Malware is most costly in the Russian Federation. In most countries, botnets are the least costly type of attack.
    • The number of attacks is increasing. The percentage increase of successful attacks per year, per company was 46% increase in four years.
    • The time required to resolve attacks is growing. The average number of days to resolve incidents increased 229% in six years.
    • Average total cost of a data breach increased 23% over the past two years to $3.79 million.
    • The average cost paid for each lost or stolen record containing sensitive and confidential information increased 6% jumping from $145 in 2014 to $154 in 2015. The retail industry’s average cost increased dramatically, from $105 last year to $165.
  2. Gemalto 2014 Breach Level Index:
    • Most Notable Data Breaches – Home Depot: 109 million records, Korean Credit Bureau: 104 million records, JP Morgan Chase: 83 million records, AliExpress: 300 million records, Sony Pictures Entertainment: 47 thousand records.
    • United States is at the top of the list with 1107 breaches. Europe had 190 breaches, which compromised million records.
    • No industry experienced as many data breaches as the healthcare sector, which had 391 breaches in 2014. That amounted to one quarter of all the breaches reported for the year.
    • The most common source was malicious outsiders, who were involved in 854 breaches, or 55% of the total.
    • The most common type of attack was identity theft. Organizations were hit with 827 of these attacks, which accounted for more than half of the total (54%). That’s up dramatically from just 20% in 2013.
  3. Verizon Data Breach Report 2015
    • In 60% of cases, attackers are able to compromise an organization in minutes.
    • 23% of recipients now open e-mails and click on phishing links within the first hour.
    • 0.03% out of tens of millions of mobile devices; the number infected with truly malicious exploits was negligible.
    • In October 2015, the chip-and-PIN mandate went into full effect in the United States. A word of caution—poor implementations are still vulnerable to attack.
    • Malware used to launch DoS attacks jumped from #8 to #2 in threat action variety, while command and control remains at #1.

So you’ve got them impressed with these facts.

Here are a few tips to provide your business partners, your hairdresser, your closest confidantes, your extended family and friends to keep them safe this jolly season. Check these out.

TIPS

  1. Make sure you continuously check your bank and credit card statements – paper and online.
  2. Run antivirus and anti-malware software on all devices with current updates. Be very diligent about this – no exception.
  3. Use strong passwords. Even try two-factor authentication with your email accounts. Yes, it’s tough at first but you’ll get used to it.
  4. Always use websites you know well.
  5. Look for the lock next to the https in the URL when you are ready to purchase and ready to divulge your personal information.
  6. Why would companies need your social security number or your birth date? Think twice, ask questions – someone may be in the process of stealing your identity!
  7. Don’t use public computers to make purchases!
  8. Watch your back when doing online shopping in public places.
  9. Just don’t jump on to any unknown Wi-Fi network to do your shopping or banking.
  10. Look out for scams (see below).

Safety and security at this time of the year go hand-in-hand. On the Internet, you will be able to find a number of infographics that you can print and share with family and friends as well. Here are some references you can use in the meantime.

REFERENCES:

  1. McAfee – 12 Scams of Christmas: http://www.mcafee.com/us/about/news/2011/q4/20111109-01.aspx
  2. StaySafeOnline – Online Shopping: https://www.staysafeonline.org/stay-safe-online/protect-your-personal-information/online-shopping
  3. US Computer Emergency Readiness Team – Shopping Safety Online: https://www.us-cert.gov/ncas/tips/ST07-001
  4. Kaspersky Lab – Safer Online Shopping: https://usa.kaspersky.com/internet-security-center/internet-safety/online-shopping#.Vm3zhPkrKHs
  5. Parents – Planning and Safety: http://www.parents.com/holiday/christmas/safety/

Last but not least. Above all in information security is the value of human life and safety. Take a read at what the Los Angeles Police Department has put out on Holiday Safety Tips:

http://www.lapdonline.org/crime_prevention/content_basic_view/1376

Read it over and over. Be familiar with it and spread the word.

To you and yours – Happy Holidays! Hopefully 2016 will bring about the very best in every way.

Category: CISO Insights

Leave a Reply