Data Breach 1

Data Breach, the Cyber Criminal

New Jersey City University
Professor Kevin Kennedy
4/9/4
SECU 322
Data Breach 2
!he "m#act of Data Breach
$%r nation has many cyber de#endencies, and as a conse&%ence of every de#endency, a threat is
inevitable, and v%lnerability is one hac'er(s ste# away from discovery) * cyber intr%sion s%ch as data
breach, needs less than fifteen min%tes to e+ec%te a devastatin, attac') *ccordin, to -ee ./041, 2!he 3B"
has recently made cyber crime a n%mber one #riority, one that costs the U)4) an estimated trillion dollars a
year)2 Data breach is at the core of cyber crime and m%st be ta'en as serio%s as the 3B" notes) "n the
followin, #a#er, s#ecific im#acts, and tools of data breach will be e+#lained incl%din, identity theft/fra%d,
#hishin, and the common crimes that follow) !he fiscal effects of data breach will be shown, as of /05,
and the #a#er will concl%de with a reflection on the information that was ,iven)
$ne of the most common im#acts of data breach is the infiltration and theft of #ersonal information)
!hese incidents #otentially lead to an all to commonly 'nown #rocess of identity theft) *ccordin, to Jeffery
Kno+, the 3ra%d 4ection Chief for the United 4tates De#artment of J%stice, 2 "dentity theft and identity fra%d
are terms %sed to refer to all ty#es of crime in which someone wron,f%lly obtains and %ses another
#erson(s #ersonal data in some way that involves fra%d or dece#tion, ty#ically for economic ,ain)2 !he
catalyst for these instances is an initial data breach) !he initial breach of a database soon escalates into
m%lti#le forms of identity theft with the information received by the breach) !he data attained is %sed to
e+ec%te attac's, s%ch as #hishin,, to obtain more sensitive information) Phishin, is a tool of data breach
that intentionally ma'e, accordin, to Kno+ ./0/1, 2e6mails may seem a%thentic, b%t in reality, they are
attem#ts to steal #asswords, other #ersonal and financial information, or infect the reci#ient(s com#%ter)
4enders of #hishin, e6mails ho#e to l%re reci#ients into revealin, data that wo%ld s%bse&%ently be %sed for
criminal activities)2 Phishin, has been lin'ed to data breach and re&%ires more advanced technolo,ies in
SECU 322
Data Breach 3
order to ta'e #reventative meas%res) !he "P addresses and User "D(s involved in the breach are the foc%s
of those new technolo,ies) *nother #o#%lar data breach tool is 'nown as s#oofin,) *s defined by the
National "nstit%te of J%stice, s#oofin, 7is an attem#t to hide the ori,in of an e6mail messa,e) 4ome criminals
%se s#oofin, to ma'e it a##ear as tho%,h an e6mail was sent by a le,itimate %ser or well6'nown com#any,
ho#in, that reci#ients will o#en the e6mail and res#ond)8 4#oofin,, a more s#ecific dece#tive tactic, needs
e&%al attention and awareness to ,iven its9 ca#ability to #resent identically to an a%thentic website that yo%
have %sed) :hen in reality, it is ;%st another tric' to attain #ersonal information) Breachin, a database to
attain otherwise #rivate information leads to, %nfort%nately, many different o##ort%nities for cyber criminals
to e+ec%te their #lan) *ccordin, to the *merican "nstit%te of Certified P%blic *cco%ntants.*"CP*1, there are
five crimes in #artic%lar that sho%ld be ,iven a closer loo')
7!he to# five cybercrimes bein, disc%ssed are
)!a+6ref%nd fra%d
/)Cor#orate acco%nt ta'eover
5)"dentity theft
4)!heft of sensitive data
<)!heft of intellect%al #ro#erty8.**"C /051
!he im#act of data breach is not ;%st limited to #rivacy intr%sion, the fiscal effect is felt amon,st
individ%als, b%sinesses, and the economy) 4ince /00/, the Ponemon "nstit%te has #rovided a widely
researched ,a%,e on this fiscal effect) !he instit%te as described by fo%nder Dr) -arry Ponemon is a ,lobal,
7#re6eminent research center dedicated to #rivacy, data #rotection and information sec%rity #olicy for the
#rivate and #%blic sector)8 =ost recently, the instit%te released the 2013 Cost of Data Breach Study:
Global Analysis incl%din, />> or,ani?ations, in 9 co%ntries, totalin, more than ,400 #eo#le) !he res%lts
SECU 322
Data Breach 4
were acc%m%lated from act%al data loss incidents) *ccordin, to res%lts 7 the U4 sam#le e+#erienced the
hi,hest total avera,e cost at more than @<)4 million, followed by Aermany at @4)B million) "n shar# contrast,
sam#les of Bra?ilian and "ndian com#anies e+#erienced the lowest total avera,e cost at @)5 million and
@) million, res#ectively)8.Pondemon /051 !he acc%m%lated statistics for all nine co%ntries researched
are #rovided below)
*vera,e !otal $r,ani?ational Cost of Data Breach .in U)4) ca#ita @1
$1,115,0! " #ndia
$1,321,$03 " Bra%il
@/,/><,404 C "taly
@/,/B/,09< C Ja#an
@5,45,04B C United Kin,dom
@5,>D5,/99 6 3rance
@4,04,95/ 6 *%stralia
$!,23,53 & Ger'any
$5,!03,(!! ")nited States
SECU 322
Data Breach 5
*fter reviewin, the research, ,ainin, a better 'nowled,e for the wides#read im#act data breach
has, and relatin, to the e+am#les of incidents, it is clear that data breach is a #rominent ris' in the everyday
lives of individ%als, and b%sinesses all over the world) No si,ns can be i,nored, overloo'ed, or for,otten
abo%t) Eirt%al crimes are more common, dama,in,, and m%ch more so#histicated today than can be
remembered) !o the now millions of #eo#le who own smart#hones, la#to#s, tablets, or as' &%estions to
74"F"8, there is no ar,%ment to the efficiency, connectivity and #rod%ctivity that has been ,iven to
b%sinesses all over the world thro%,h o%r virt%al world) *ltho%,h, with the conveyance comes a #rice, and
that #rice co%ld be yo%r name, yo%r ban' acco%nt, it co%ld be anythin, yo% #%t yo%r #ersonal information
into) :hile yo% can en;oy the #ositive as#ects of cyber advancement, the ris's cannot be for,otten) !hey
are the same ris's that each year res%lts in h%ndreds of millions of dollars in meas%rable, and
immeas%rable losses to b%sinesses all over the world) !he United 4tates is n%mber one on a list that no
one can afford to be on)
SECU 322
Data Breach 6
:or's Cited
."n $rder of *##earance1
) Rebovich, D. D. CIMIP, (2012. What is identity crime? (!ct 1" USC 102" (a (#.
Retrieve$ %ro& Ce'ter %or I$e'tit( Ma'a)e&e't a'$ I'%or&atio' Protectio' *eb+ite,
htt-,..***./tica.e$/.aca$e&ic.i'+tit/te+.ci&i-.i$cri&e+.i'$e0.c%&
/) o% 1/+tice, 2. I. U.S. De-art&e't o% 1/+tice, (2012. Digital evidence analysis:phishing
and spoofing tools. Retrieve$ %ro& 2atio'a3 I'+tit/te o% 1/+tice *eb+ite,
htt-,..***.'i4.)ov.to-ic+.%ore'+ic+.evi$e'ce.$i)ita3.a'a3(+i+.-a)e+.-hi+hi').a+-0
5) Po'e&o', D. 5., 6 I'+tit/te, P. (2013, Ma(. Cost of d ata breach study: Global analysis.
Retrieve$ %ro&
htt-+,..***4.+(&a'tec.co&.&7t)i'%o.*hite-a-er.05301389582!8:P8Po'e&o';
2013;Co+t;o%;a;Data;Breach;Re-ort8$ai2!8cta#23"2.-$%
4) Si')3eto', <. !&erica' I'+tit/e o% CP!=+, (2013. The top 5 cyber crimes. Retrieve$ %ro&
!ICP! *eb+ite,
htt-,..***.aic-a.or).i'tere+tarea+.%ore'+ica'$va3/atio'.re+o/rce+.e3ectro'ic$ataa'a3(+i+.
$o*'3oa$ab3e$oc/&e't+.to-;5;c(bercri&e+.-$%
SECU 322
Data Breach #
SECU 322