A survey stating that organizations experience nearly four insider threats per year, and reports of card fraud taking place over at least two months at Hershey Properties theme park in Hershey, Pa., have set off the latest round of cybersecurity alarms.
The Vero Beach, Fla.-based behavior analysis software vendor SpectorSoft released results of its “Insider Threat Report,” a crowd-based research project done in cooperation with the 260,000-plus member Information Security Community on LinkedIn and Crowd Research Partners.
The report found that if respondents were willing to admit they suffered an insider attack, the average number reported was 3.8 incidents per organization per year, and a majority of security professionals (62%) saw a rise in insider attacks over the last 12 months.
According to the survey, the overall average cost of remediating a successful insider attack is around $445,000. With an average risk of 3.8 insider attacks per year, the total remediation cost of insider attacks can quickly run into the millions of dollars.
Organizations overwhelmingly maintained that data loss was their top concern regarding insider threats. When asked which types of insider attacks were most concerning, 63% of respondents said data leaks, 57% said inadvertent data breaches and 53% said malicious data breaches.
Sixty-two percent of respondents found it more difficult to detect internal threats than external threats, while 38% couldn't determine which type of threat was most difficult to detect. When it comes to threat monitoring, 75% of companies monitored the security controls of their applications, 60% monitored a majority of all of their key IT assets, while only 21% continuously monitored user behavior taking place on their networks.
“The survey and report called out a rise in insider threats, the difficulty in detecting them and the significant costs in cleaning up after a successful insider attack,” Mike Tierney, COO for SpectorSoft, said. “Companies need the ability to detect for anomalies in user behavior to make sure they are aware of the threats that exist within their organizations, because insiders will deviate from their normal behavior patterns when planning and executing an attack.”
Several financial institutions revealed about a pattern of fraudulent charges on customer cards that trace back to a variety of Hershey theme park locations, including food and beverage outlets, ticketing stations and the Hershey Lodge. The fraud was first reported by KrebsOnSecurity.
“We have received reports from some of our guests that fraud charges appeared on their payment cards after they visited our property,” Kathleen McGraw, director of communications for Hershey Entertainment and Resorts Company, said.
“We take reports like this very seriously,” McGraw continued. “While our company does have security measures in place designed to prevent unauthorized access to our network, we immediately began to investigate our system for signs of an issue and engaged an external computer security firm to assist us. The investigation is ongoing.”
Kevin Watson, CEO at the Houston-based Netsurion, a security company that protects small business' payments and data, listed common mistakes that lead to retail/hospitality credit card breaches.
Errors companies make include failure to protect incoming Internet traffic, control outbound Internet traffic, adequately protect on-premise Wi-Fi, use two-factor authentication, update anti-malware software and patch all operating systems promptly, he said.
“Almost every major breach in the last 24 months failed to incorporate at least one of these measures,” Watson said. “As breach attacks intensify, no business is immune from increasingly sophisticated cybercriminals who see them as lucrative targets or the weak link into an even more strategic target.”
He explained, “There is a growing trend for hospitality businesses to outsource network and on-premise Wi-Fi security services, taking the burden off their hands and allowing them to focus on the core business of providing customers with exceptional dining, lodging, event and travel experiences.”
Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.
Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking credit union news and analysis, on-site and via our newsletters and custom alerts
- Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
Roy Urrico
Roy W. Urrico specializes in articles about financial technology and services for Credit Union Times, as well as ghostwriting, copywriting, and case studies. Also: writer/editor of a semi-annual newsletter for Association for Financial Technology since 1997 and history projects funded by the U.S Interior Department, National Park Service and Warren County (N.Y.).
