The always eagerly awaited Verizon DBIR 2014 was released earlier this year. As always, with a nice cup of coffee and some smooth jazz playing in the background, I will endeavour to distil the essence of this always excellent publication... Well, this year, the DBIR departs from just analysing data breaches to looking at 63,347 confirmed security incidents, of which 1,367 were confirmed data breaches (compared to 621 for 2012) across 95 countries (compared to 27 in 2012). This gives far greater richness to the data set and the insights that can be derived from it (rightly so, the DBIR team notes that incidents need not necessarily result on data loss to have a significant impact on an organisation – I couldn’t agree more!). Also don’t miss the month by month review of the major incidents of 2013 on pages 3 & 4, that’ll get you in the mood...
A blog about information security, payments, risk, fraud, digital innovation and social media... Connect on LinkedIn?
Showing posts with label identity theft. Show all posts
Showing posts with label identity theft. Show all posts
22 April 2014
10 March 2014
DON'T BE A TARGET... ON RETAIL POS, BANKS, EMV & WINDOWS XP...
McAfee Labs' latest report reveals that hackers are using basic 'off the shelf' malware to target retail POS systems, a very topical subject, I’m sure you will agree... But we have to remember that the breaches mentioned in the McAfee report took place in the US, and there is one notable difference between retailers there and those in Europe: the US haven’t yet adopted EMV (aka Chip & PIN)...
9 February 2014
THE SOCIAL MEDIA SIDE OF INCIDENT RESPONSE... (2014 Edition)
I first wrote on this subject in May 2012 (The social media side of incident response).
Today, it is still my most popular entry on this blog with 5,430 unique views as I write. This means that in any given day since I published it, 6 people somewhere in the world have read that post... I am at once flattered and amazed that some musings derived from the good, bad and ugly of how businesses have tackled crisis communications in the past few years still very much resonate with a lot of you. So here’s the 2014 version...
Today, it is still my most popular entry on this blog with 5,430 unique views as I write. This means that in any given day since I published it, 6 people somewhere in the world have read that post... I am at once flattered and amazed that some musings derived from the good, bad and ugly of how businesses have tackled crisis communications in the past few years still very much resonate with a lot of you. So here’s the 2014 version...
10 October 2013
YOUR PROVIDER IS HACKED, YOU'RE ASSURED OF NO FINANCIAL LOSS. BUT ARE YOU SAFE?...
[UPDATED 20th FEBRUARY 2014] In the aftermath of the Santander and Barclays KVM hacks, @GrahamCluley kindly invited me to post my comments on his blog.
A few weeks on, I have some updates which you may find interesting…
A few weeks on, I have some updates which you may find interesting…
31 March 2013
A CONSOLIDATED VIEW ON DATA BREACHES IN 2012 - PART 1...
Google
It’s that time of year again where we try to make sense of all the new research and statistics. Today, I give you the Trustwave 2013 Global Security Report which analyses 400 data breach investigations (compared to 300 in 2011) across 29 countries (compared to 18 in 2011). Unsurprisingly, 96% of the breaches involved the theft of customer records (payment card data, PII, email addresses), compared to 89% in 2011. Closer to home, this is confirmed by the CIFAS Fraudscape report published in March 2013, where, whilst total fraud in the UK only showed a 5% increase since 2011, abuse of identity fraud increased by a whopping 17.1%, correlating to the Trustwave report showing that out off all client-side attacks observed, 61% targeted Adobe Reader users via malicious PDFs, clearly pointing to social engineering.
It’s that time of year again where we try to make sense of all the new research and statistics. Today, I give you the Trustwave 2013 Global Security Report which analyses 400 data breach investigations (compared to 300 in 2011) across 29 countries (compared to 18 in 2011). Unsurprisingly, 96% of the breaches involved the theft of customer records (payment card data, PII, email addresses), compared to 89% in 2011. Closer to home, this is confirmed by the CIFAS Fraudscape report published in March 2013, where, whilst total fraud in the UK only showed a 5% increase since 2011, abuse of identity fraud increased by a whopping 17.1%, correlating to the Trustwave report showing that out off all client-side attacks observed, 61% targeted Adobe Reader users via malicious PDFs, clearly pointing to social engineering.
9 April 2012
5 STEPS TO A SUCCESSFUL SOCIAL ATTACK - What's Your Threshold?...
Google
In a previous post, I highlighted that mass marketing fraud against individuals cost the UK economy £3.5 billion in 2011, that is ten time more than the cost of plastic card fraud in the same year, or equivalent to the total fraud losses incurred by the financial services sector in the same period! Sobering perpective, don't you think? We all know that mass marketing fraud is where criminals aim to defraud multiple individuals to maximise revenue by persuading victims to
transfer monies in advance in exchange for
promised goods, services or benefits. And we all know that this is usually done via mass-communications media (such as telephone calls, letters, emails and text messages) and ranges from foreign lottery/ sweepstake frauds through to ponzi schemes and romance frauds or any other abuse of trust... So, we all know better, don't we?...
1 April 2012
FROM FRAUD TO INFOSEC and vice versa... Part 2
Google
In my previous post, I summarised the UK National Fraud
Authority latest Annual Fraud Indicator and how it relates to information
security. In this post, I delve further on this connection by further refining
the key fraud enablers used to defraud victims of all types. These cut across the
fraud landscape and often overlap which poses further challenges for
quantifying their impact, but the classification is nonetheless helpful and
recognisable.
30 January 2012
UK CARDS ASSOCIATION 2012 REPORT - WHAT YOU NEED TO KNOW...
Google
The UK Cards Association has
just published its always eagerly awaited and oft quoted annual report for 2012 (http://www.buzzwordcreative.co.uk/UK-Cards-Annual-Report-2012/html/index.html#/1/)
and I am pleased to see that the fraud trend is still on the decline, despite
the staggering numbers:
- At the end of 2010 there were 84.6 million debit cards; 55.6 million credit cards, 6.6 million charge cards and up to an estimated 3.0 million prepaid cards in issue in the UK.
- Payment cards have become an integral and indispensable part of the UK economy accounting for over 8 billion purchases worth £428 billion in 2010, and accepted at almost 1 million retail outlets in the UK alone.
- During 2010, 37 million adults shopped over the internet with plastic cards accounting for over 80% of spending, 717 million card payments and £54 billion worth of goods and services.
Subscribe to:
Posts (Atom)