The stereotypical image of a computer hacker as a lone wolf actor is becoming a thing of the past. The modern hacking community has organized itself in a manner analogous to a well-run business. Hackers run sophisticated operations that reflect teamwork, segmentation of skills, collaboration, training, and business-to-business agreements to share techniques and information.
What Do Hackers Want?
Like all businesses, hackers chase the best and most profitable opportunities. Consider, for example, the market for stolen credit card information. Since at least 2015, Central Shop and other hacking sites on the dark web have developed sophisticated presentations. These allow identity thieves to purchase stolen credit card information that fits defined geographical locations and other sought-after demographic characteristics.
Data thieves are no longer just interested in hacking into the computers of a small handful of individuals. Rather, they are targeting businesses that collect and maintain their customers’ financial information.
Types of Organizations at Risk
Consider the types of businesses that are in the hackers’ crosshairs:
- E-commerce companies that collect customer payment card info, including Uber, Zomato, the Sony Playstation Network, and Sports Direct;
- Healthcare organizations and medical service providers that store patient payment information and medical records usable in fraud schemes;
- Large national retailers, such as Target Stores, which lost more than 40 million customer records in a 2013 data breach;
- Banks, accounting firms, and other professional service entities that have access to their clients’ personal and financial information.
- Apart from the customer data they hold, businesses themselves are targets of identity thieves. A hacker might discover, for example, that a business has a generous bank line of credit or multiple credit cards. The hacker can then use stolen company information to pose as a legitimate company representative. They could then convince a bank to wire transfer funds to an outside account or issue them new credit cards. One company lost $465,000 in fraudulent wire transfers when hackers used these techniques to order transfers from the company’s account.
- Preventing and Managing Data Breaches
- Businesses that are at risk of losing data to identity thieves can take a number ofsteps to prevent data theft. These include:
- Limiting employee access to critical information
- Monitoring bank accounts and credit applications
- Using complex passwords across your system
- Shredding sensitive documents
- Creating a cybersecurity training plan
- Installing robust firewalls
Enrolling in a policy from a reputable cyber insurance company will help facilitate the aftermath of a breach. Different companies will require different levels of protection. An accounting firm that has access to its clients’ data, for example, faces different risks than a large retailer. In either case, cyber liability insurance can help to stem the losses associated with identity theft.
Because no defensive system against identity theft is foolproof, businesses also need to develop a response plan to a breach. Designate a small team of employees to manage all activities and to centralize communications. Make provisions to address losses and third-party liabilities that might arise from the theft, particularly to customers. This way, you’ll always be ready.
