There was a time, not so long ago, when we used fax modems to surf the Internet, stored our data on diskettes, and needed to possess both extraordinary intelligence and lightning fast typing skills to hack into computers.
Nowadays, anyone with a laptop and online connection can learn to break into a database, steal confidential information, and sell it online.
Unlike Matthew Broderick’s character in the 1983 movie War Games, the typical hacker is not a teenager in his parent’s basement breaking into the U.S. military systems and almost starting World War III. The typical cyber criminal today is a man 35 years or older often working in groups of 6 or more. He’s in China or Indonesia, shutting down company websites or computer systems around the world through distributed denial of service (DDoS) attacks. (DDoS attacks can be quite lucrative for cyber criminals, especially if they’re used for cyber extortion.)
The facts are that cyber attacks and data breaches have become so common that we’re beginning to become numb to them, even when our personal data is compromised. Experts describe the phenomenon as data breach fatigue, brought about by a regular stream of data breaches in the news that seemingly have little effect on the lives of customers. When credit card information is stolen, customers receive new cards and don’t have to pay for fraudulent charges. When JP Morgan Chase suffers a data breach, the firm sees little or no increase in fraudulent activity. Sure, people may stop shopping at a particular store for a short period of time, but memories are short and convenience often overcomes concerns we once had.
If you follow this blog series, you know the dangers of this type of thinking. Even if a business has managed to avoid or survive a data breach, it may not be successful the next time. And believe me, there very likely will be a next time.
If you want to enter the cyber insurance market or learn about any of ISO’s various cyber offerings, visit the ISO Cyber Risk Solutions website, www.verisk.com/cyber, or e-mail me at firstname.lastname@example.org. You can also follow me on Twitter @doughertyshawn.