Stolen Data Stockpiled for Future Attacks Beyond E-Commerce Fraud

… any of the many private-sector breaches.

Beyond nuanced problems like the Chinese visa and biometric breach scenarios, data can be manipulated to create many different types of real-world harm beyond scamming for money.

Illumio’s Jonathan Reiber

“Given the lack of financial incentive, coupled with the opportunity to cause widespread disruption or panic, nation states and terrorist groups are the most likely actors in data manipulation attacks. That’s why the military and intelligence services take them so seriously,” Jonathan Reiber, head of cybersecurity strategy at Illumio, and former Pentagon chief strategy officer for cyberpolicy, told MSSP Insider.

This means, among other things, that the threats to the private sector charged with managing infrastructure are steadily becoming more serious.

Unfortunately, while MSSPs and other cybersecurity pros contemplate all the implications in stolen data use, the current problems of fraud and thievery persist. Further, they’re likely to always exist. After all, most stolen data is reusable — even over large swaths of time.

The Forter report found that fraud rings, a group of bad actors who band together to commit fraud, have grown 26 percent this year. Account takeovers increased 45 percent between the beginning of 2017 and the end of 2018. The industry that saw the highest amount of e-commerce fraud last year was food and beverage, which incurred a 79 percent spike. In second place was electronics with a 73 percent uptick, while apparel and accessories came in third at 47 percent.

The security industry preaches the virtues of layered security protocols against an ever-expanding attack vector, as it rightly should. Perhaps it’s time also to preach the importance of layered security strategies to protect against an increasingly malevolent “Knowledge Era” when the bad guys know everything about you.