Cybercrime is big business, and for the criminals behind the attacks there is a lot of money to be made either from directly stealing card details and account information or from selling on stolen information taken directly from computer networks. Security breaches are happening every day, with businesses closing as a direct result of these attacks. In fact, 60% of SMBs shut down within 6 months of a breach, either as a direct result or because of the after effects. Hackers are responsible for 40% of data breaches, meaning that more must be done to prevent access. The average cost of cybercrime to US businesses last year, according to Symantec was $591,780, but this is just a tiny figure when compared to some of the really big breaches. The largest breach of 2012 saw some 24 million identities stolen. You can read more on the Symantec infograph here. So, which have been the most memorable and destructive breaches of the 21st Century, and why?
The PlayStation Network was infamously hacked in 2011, costing the company millions whilst they were forced to pull the site down to remedy the situation. The breach exposed 77 million accounts to hackers, and of this figure 12 million had unencrypted credit card information stored by Sony. It wasn’t just card information that was stolen; personal information was also on the Sony server, with details like addresses, passwords, email addresses and full names. The culprit behind this hack is still unknown, and the event is considered the biggest gaming network breach of all time, raising questions about the security of other companies as large as Sony.
The biggest fish in the Internet world, Google, proved in 2009 that not even they were immune to Internet security breaches. In this case it took the Chinese government to break through the security, but they managed it by exploiting a weakness in an older version of Internet Explorer. Although it has never been announced what was taken, Google did verify that some of their intellectual property had been stolen and advised users to update their browsers if they had not done so recently.
The reason for hacking a site is not always financial gain, and the group that claimed responsibility for the breach of Gawker Media, Gnosis, claimed to have done so to prove a point. They stated that the organisation dismissed hackers and they therefore stole 1.3 million email addresses and passwords of commenters on Gawkers many sites. These were then cross-purposed and used to hack the twitter accounts of individuals involved.
Using a Trojan virus, the hackers of CardSystems Solutions slowly and methodically removed data from the system every four days. By the end of this process they had extracted the details of 40 million credit cards. This breach, which occurred in 2005, was found to be a result of poor security measures, and had the company complied with data storage standards the information lost would not have been compromised. By the end of the year the company was sold to Pay-per-touch and it is thought it could not have continued trading without this acquisition.
Big companies are highly scrutinized when data breaches occur, and these attacks are the ones most likely to stick in your mind. For smaller businesses though, the effects of cybercrime are just as devastating. Regardless of company size the best form of defense against a breach is ensuring that all security measures are in place and up to date.