According to Internet security awareness training firm KnowBe4, the losses attributable to cybercrime total US $113 billion. Take a moment to let that astounding number sink in.
Now here's some more: The fourth annual Cost of Cyber Crime Study conducted by Ponemon Institute and sponsored by HP notes that costs for businesses that are victims of Internet-based attacks has risen 78 percent per year, on average, over the past four years. And from 2010 through this year, the time needed to recover from a breach has increased 130 percent. The losses in terms of personal information, intellectual property, and system damage are staggering enough. But now the average cost of cleaning up after a successful attack has passed the $1-million mark—not counting the cost of customer lawsuits against companies whose systems have been breached.
Meanwhile, Symantec’s just-released 2013 Norton Report notes that although the overall number of victims of online attacks has actually decreased, the average cost per victim has risen by 50 percent. "Today's cybercriminals are using more sophisticated attacks, such as ransomware and spear-phishing, which yield them more money per attack than ever before," said Stephen Trilling, Symantec’s CTO in a press release.
In Other Cybercrime News…
- Six were arrested on Monday for participating in a global scheme that used fake payment cards to clean out cash machines to the tune of US $45 million.
- Love Hurts Sometimes: Hackers stole more than 42 million unencrypted passwords and other personal information from servers belonging to Cupid Media, a niche dating service with 30 million users. Apparently the dating service neglected to delete information for millions of former subscribers.
- Electronic Frontier Foundation released its Encrypt the Web Report, which provides a picture of the level of encryption deployed by 18 leading Internet companies.
- Cybercrooks are redirecting large blocks of Internet traffic to ISPs in Belarus and Iceland, where the data is monitored and even manipulated before being sent to its intended destination.
- In a keynote address at this week’s AppSec USA conference, security expert Bill Cheswick called for a return to the good ol’ days, when computing platforms included trusted hardware, trusted firmware, a sandbox, and a trusted operating system.
- Thirty-seven U.S. states are patting themselves on the back after reaching a $17 million settlement with Google, which was caught deliberately bypassing default privacy settings in Apple’s Safari browser in order to display targeted ads. The $17 million sounds like a lot if you don’t know that Google raked in close to $3 billion in online ad revenue over the most recent fiscal quarter.
- Newly discovered Trojan malware scans computers to see whether they’re hosting SAP applications, then steals log-in credentials and other sensitive information.
- A year after U.S. authorities rounded up a ring of cybercrooks posing as Microsoft technical support personnel, the scam continues.
Willie Jones is an associate editor at IEEE Spectrum. In addition to editing and planning daily coverage, he manages several of Spectrum's newsletters and contributes regularly to the monthly Big Picture section that appears in the print edition.