Is Cyber Crime on the Rise?

With the recent coverage of high-profile cyber attacks at Sony, RSA, Nintendo, PBS, and Citigroup, among others, just what is going on? Are cyber attacks increasing, or is the media just covering the attacks more often? This question was posed by a recent www.techflash.com article by writer Aislyn Greene.

According to IT security firm BT’s Toby Weir-Jones, vice president of product development, the frequency of fraudulent activities is indeed increasing. And according to the Identity Theft Research Center (ITRC), an increasing number of companies are revealing data breaches.

“It is the opinion of the ITRC that the criminal population is stealing more data from companies, and data breaches are being more frequently publicized,” said the ITRC in a recent report.

Verizon Wireless and the U.S. Secret Service, which recently collaborated to quantify the number of U.S. major data breaches investigated, found the number of data breach cases on the rise: from 141 in 2009 to 761 in 2010.

So what’s behind the attacks, the TechFlash article asked. Some hackers are targeting high-profile companies to retaliate, demonstrate security holes, and basically embarrass the organizations. It appears that many times the hacks aren’t about stealing information. Case in point is a recent Sony attack.

The attacks on Sony were said to have started after the company sued a hacker for posting information online “that would let users play pirated games on the PlayStation 3.” In protest, the hactivist group Anonymous attacked and shut down several of Sony’s sites. And then a few weeks later a hacker forced Sony to shut down its PlayStation network for almost a month.

Another example of revenge hacking stemmed from a PBS Frontline story on WikiLeaks, which the hacker group LulzSec claimed was biased. The group then attacked PBS and leaked passwords, as well as a fake story about Tupac being alive.

Of course, the financial motive for cyber hacks continues: In the March attacks on RSA, which sells SecurID tokens, and financial institution Citibank resulted in the theft of financial information.

So how can companies protect themselves from cyber attacks? And is it even possible? Some security experts say that attacks like the one on Sony (an SQL injection) are easy to avoid.

“The attack itself may have been difficult to forge, or the hole may have been difficult to find,” said Alexei Czeskis, a University of Washington Ph.D. specializing in cyber security, as quoted by www.techflash.com. “However, it is well-known how to defend against SQL injection attacks and is considered to be part of basic Web app security.”

According to Czeskis, organizations that want to protect their data and intellectual property should use external defenses and store data in so that attackers can’t make use of it.

“One of the criticisms of Sony has been that they encrypted some data but they only cryptographically hashed other data,” said Weir-Jones in the TechFlash report. “And while mathematically that’s not necessarily a bad thing, the encryption buzz word is important and there wasn’t really a strong argument not to encrypt everything.”

For more information about how to protect your organization against cyber attacks, visit: http://www.techflash.com/seattle/2011/06/whats-eating-cyber-security.html