Featured Article

Employees are the weakest links, part 1

Data breaches and untrained workers



This study shows that untrained employees are the linchpins for most data breaches. Organizations can help prevent them if they're filled with savvy and aware employees at all levels.

In one of the worst data breaches in 2015, a cybercriminal gang called Carbanak used a simple spear-phishing email scheme to fool employees in more than 100 banks in 30 nations throughout the world. Gang members penetrated employees' computers with malware that they used to record keystrokes and take screenshots of computers so they could gain access to key employee account credentials and privileges. The criminals now could observe every step in daily cash transfers, impersonate bank officers and steal up to $1 billion in cash withdrawals directly from the banks and from ATM machines. (See " The Great Bank Robbery: Carbanak cybergang steals $1bn from 100 financial institutions worldwide," Viral News, Feb. 16, 2015 at Kaspersky Lab.)

Data breaches are increasing in volume and scope. The aim of this article, and two subsequent ones, will be to help protect public- and private-sector organizations by demonstrating a methodological framework for classifying and analyzing data breaches based on their internal and external causal factors. Our study's results will help organizations devise security awareness and data protection programs as part of their risk management strategies. They will better safeguard records that contain personally identifiable information (PII) data and other sensitive material.

As this opening case shows, untrained employees are the linchpins for most data breaches. Our study will show that organizations can prevent these frauds if they're filled with savvy and aware employees at all levels who — similar to fraud examiners — know how to detect and prevent them in their unique spheres.

The case is one of the largest on record although not representative in magnitude of the thousands that various organizations have been identifying and tracking. These include the Privacy Rights Clearinghouse (PRCH), Verizon and the Identity Theft Resource Center® (ITRC).

 


For full access to story, members may sign in here.

Not a member? Click here to Join Now.