Tuesday, February 2, 2010
Cyber breaches are a closely kept secret
For every break-in like the highly publicized attacks against TJX Co (TJX.N) and Heartland Payment (HPY.N), where hacker rings stole millions of credit card numbers, there are many more that never make the news.
"Of the thousands of cases that we've investigated, the public knows about a handful," said Shawn Henry, assistant director for the Federal Bureau of Investigation's Cyber Division. "There are million-dollar cases that nobody knows about."
Companies that are victims of cybercrime are reluctant to come forward out of fear the publicity will hurt their reputations, scare away customers and hurt profits. Sometimes they don't report the crimes to the FBI at all. In other cases they wait so long that it is tough to track down evidence.
"Keeping your head in the sand on filing a report means that the bad guys are out there hitting the next guy, and the next guy after that," Henry said.
He said the cybercrime problem has gotten bigger over the past three years because hackers have changed their attack methods as companies have tightened up security.
"It's absolutely gotten bigger, yes, absolutely," he said.
That is because the Internet is rapidly growing as a tool for commerce. As it does, consumers and companies alike are exposing valuable data such as business plans, credit card numbers, banking information and Social Security numbers.
"There are hundreds of billions of dollars that traverse the Internet," he said.
Cybercriminals are now looking beyond large companies, which in the past 10 years have bolstered security on their networks using products from software companies including Symantec Corp (SYMC.O), McAfee Inc (MFE.N) and Trend Micro Inc (4704.T). Cisco Systems Inc (CSCO.O), International Business Machines Corp (IBM.N) and Websense Inc (WBSN.O) also sell products to protect computer networks. reuters