In the last couple of years the face of cybercrime has changed quickly and significantly. Be it with regard to the technology and sophistication of the attacks, be it in respect of the complexity of the liability and prosecution of the attackers. According to research by IDC, criminals are better organized and work together to define “best practices for cyber attacks”. It is also the kind of information that is being gathered that seems to reach new levels: in addition to credit card information, criminals also collect economical and financial information like commercial communication, intellectual property, creative work and, above all, credentials and digital identities of millions of users, clients, employees and partners during a corporate data breach.
Another trend is the increasing data theft of personal information through operations that focus on individuals by mining data from blogs, forums and other online channels to analyse information. IDC has estimated in its report that each individual using the Internet regularly has about 24 digital identities (i.e. an online or networked identity adopted or claimed in cyberspace by an individual, organization or electronic device) and considering that about 35% of the global population fall into this bracket, the approximate number of identities at risk exceeds 55 billion. IDC forecasts that in 2020 more than 1.5 billion people will have in one way or another been subject to a personal data theft. The cost of cybercrime for the global economy will increase from $650 billion currently to more than $1 trillion in 2020.
Firms should therefore adopt a new approach and a new way of thinking about IT security to keep up. A company’s Chief Information Security Officer (CISO) must work together with a firm’s vendors at all stages, from the prevention and protection stage to containment and response to a data breach.