The Associated Press (AP) in London quoted an investigator with Europol’s European Crime Center in The Hague who said they are seeing “an unprecedented number of cyberscams that include phishing for financial data, viruses, credit card fraud and others.” One of those schemes appeared to be going well for a network of cyber criminals, who withdrew $45 million from ATM’s in 27 countries earlier this year. Arrests are being made around the globe, including in one of the favorite targets of cyber fraud — the USA. The AP, itself a recent victim of a hacked Twitter account and alleged government snooping into its editors’ phone logs (who says conventional news organizations aren’t where it’s at anymore?), also posted a picture of Elvis Rafael Rodriguez and Emir Yasser Yeje, alleged members of the worldwide ring, posing like a smug Tweedledee and Tweedledum, respectively, pointing to a couple fat stacks of ATM cash. The U.S. Attorney’s Office and the U.S. Secret Service have been and remain on the case.
Jason M. Weinstein of Steptoe & Johnson blogged that every company must take this as a reminder to review its own breach preparedness. “That means more than just network security. It also means ensuring that contracts with business partners address liability for data security, and that insurance coverage is appropriate. It means ensuring that the company is in compliance with applicable legal requirements for processing, storing, and securing data. And it means having an incident response plan in place, and testing that plan, before a breach occurs.. This type of comprehensive review of information governance and data security is the best way to mitigate the risks of harm from a breach. And in the event a breach occurs, demonstrating the steps the company took to prevent and prepare for a breach will be a critical part of the company’s defense in enforcement proceedings and litigation. The best defense later is a proactive defense now.”
And companies know it. Citing a report from FTI Consulting Inc., Al Sakali of Shook Hardy & Bacon blogged that, with the average annualized cost of cybercrime jumping up to $8.9 million, more than 25% of company directors and GCs tagged cyber risk as something that will require their attention this year. “Only one-third of general counsel felt ‘very confident’ in their company’s ability to respond, and less than one quarter of directors agree,” Sakali wrote, citing the FTI report.
Join us next month in Philadelphia, or in Los Angeles in October, for either installment of our NetDiligence Cyber Risk & Privacy Liability Forum where we will discuss issues like this and much more. Click the images below!