By now we’ve all heard about the latest cyber-attack. JPMorgan Chase, along with approximately nine unnamed financial institutions, was the latest victim targeted by a group of overseas hackers. By roaming undetected through the banks’ digital networks, the hackers accessed the names, addresses, phone numbers and email addresses of more than 83 million households and businesses. Recent estimates indicate that the personal information of more than 110 million Americans has been exposed this year – roughly half the nation’s adults. Why is this happening? Following are some reasons why breaches in credit card security are becoming more prevalent.
Corporations can’t keep up with hackers
While organizations such as Home Depot and JPMorgan Chase hire the “best-of-the-best” cybersecurity teams, they can’t match the speed and nimbleness of hackers. Hackers are becoming more focused, where teams create malware to attack specific organizations. Malware tools are completely automated and easily obtained and deployed over the internet. Large subnets can quickly be scanned, identifying vulnerabilities and compromising systems. This forces corporations to adopt a more agile stance in identifying and addressing network vulnerabilities. They must hire experienced security engineers who are at least as sophisticated as the hackers. Because of the demand, these engineers are often difficult to find.
A troubling aspect of the JPMorgan Chase breach is that the hackers accessed a list of every application and program deployed on standard computers. The hackers can crosscheck this information with known or new vulnerabilities in each system and search for a backdoor entry. Swapping out these programs is costly and time-consuming for companies. Not only do they have to renegotiate licensing deals with technology suppliers, but they also have to swap out applications and programs for all of their employees.
Hackers often roam undetected for lengthy periods of time
Hackers have learned how to quietly roam undetected inside corporate networks for months without setting off any alarms. In the case of JPMorgan Chase, hackers were able to attain high administrative privileges within the bank’s network. By the time unusual behavior on the bank’s network was spotted, the hackers had rooted more than 90 servers and rummaged through customer databases for 76 million households and seven million small-business online accounts. Other companies such as Neiman-Marcus and eBay also discovered their security breaches weeks after they occurred.
Organizations are resistant to changing standards for privacy protection
Many credit cards issued in the United States utilize legacy magnetic strips. However, anyone can easily read or program the magnetic strip off a credit card using basic inexpensive equipment purchased on eBay or Amazon. And while self-checkout systems found in many retail locations are convenient, they also pose a security risk as they are easily prone to “skimming” attacks. A skimming attack occurs when an unauthorized device is attached to a pay station, skimming data from the magnetic strip of a credit card.
Unlike the United States, many European credit card companies implement a two-factor authentication in which the user is required to scan a chip on his or her credit card and enter personal identification number (PIN). However, many U.S. companies resist making the change, citing the steep cost of reissuing such credit cards and readers.
Consumers are experiencing “data breach fatigue”
While major data breaches continue to hit large corporations, consumers are becoming numb to reports that their credit cards and personal information have been compromised. Cyber-attacks are happening so frequently that the term “data breach fatigue” has earned a permanent spot in our lexicon. Compounding the issue are federal laws that release consumers from any liability for unauthorized purchases made with stolen credit card numbers. This creates a very dangerous situation as hackers are slowly focusing more on personal data and information, which can lead to identity theft.
While complete immunity from cyber-attacks is virtually impossible, it’s critical for companies to partner with an experienced cloud solution provider who can provide cloud security measures to protect business-critical applications, confidential data and the underlying infrastructure that supports those applications. Which is why HOSTING and Alert Logic offer the Alert Logic Cloud Security Report. This report lists trends that can threaten online and cloud security as well as essential elements to include in a security solution. You can also register for our on-demand webinar that walks you through the report.