Global cybercrime costs about $114 billion annually—plus another $274 billion to allow for the costs of staff time to try to track and fix the damage done, says Randy Romes, principal of information security at CliftonLarsonAllen.
“Cybercrime costs the world significantly more that the global black market in marijuana, cocaine, and heroin combined,” Romes says, “which is estimated at $288 billion.
"Hackers tend to go for the easy money, and members are much easier targets than credit unions," he continues. “In instances of cybercrime, the weakest link is the end user."
Romes cited a 2013 research report from TrustWave that showed nearly 62% of illegal intrusions in 2012 were done by exploiting applications submitted remotely.
Once cybercriminals find their way into computer systems, 80% of the internal propagation is the result of weak administrative credentials. After they’ve obtained access, it takes 1.5 years on average for hackers to be detected, according to TrustWave.
“The research shows that most of the compromised systems were managed by third parties: 63% were managed by third parties and 37% were managed in-house,” Romes says.
He has seen a sharp increase in losses due to "social engineering," which he defines as the use of nontechnical attacks to gain information or access to technical systems. This often is done with pretexting phone calls or unauthorized entry into a building.
“The best defense against social engineering,” Romes says, “is to constantly create awareness among staff to the types of threats they might be subject to.”