Visa Europe revealed important stats about the usage of Contactless Cards. Poland, Spain and the UK use this payment methd the most, with UK usage growing by 300% year over year.
The IOCTA, or the Internet Organised Crime Threat Assessment is an annual document put together by Europol (the European Police Office) that aims to inform decision makers on where the biggest cybersecurity threats lie. Covering threats to both private industry and non-industry citizens within the EU, thee document is self-described as "forward-looking" and it offers "analyses of future risks and emerging threats."
The latest document, the IOCTA 2015, is a pretty good gauge of what we should be looking out for and it's important that we (those in the EU in particular) consider its findings in future. You may not have time to go through the entire document, though, which is why we've picked out the need to know parts of it, as summarised in the sections below.
The key findings of this year's report made it clear that cybercrime is an ever-growing and ever-changing structure. Europol notes that even as malware engineers end their support of "old school" banking Trojans (Zeus, Citadel and Spyeye are given as examples), replacements have quickly cropped up, with the likes of Dyre and Dridex being described as the "new generation of malware". The use of ransomware (software designed to block access to a system) that incorporate encryption and malicious Remote Access Tools (RATS) is also on the rise.
Furthermore, as retailers make an effort to protect themselves against card skimming and other card-present commerce, malicious people have only begun to exploit online storefronts. Europol confirms that card-not-present payment fraud is increasing and that businesses are taking more measures to prevent card-present fraud (take a look at ZeroRisk PINpoint), but the agency stresses that "malware attacks on ATMs are still evolving", so we shouldn't take our eye off the ball.
Another key finding is that publicly disclosed data breaches are often followed up by credit card fraud, phishing and other security issues as the stolen information floods online channels, leading to a sort of double-punch. Social engineering is still a threat too, with people still being manipulated (via phishing or conversations in real life) for account info.
Below several breach categories can be found, along with some key stats.
While the IOCTA offers a great deal of key recommendations such as reporting breaches and attacks to the police or other appropriate agencies, to prevent these breaches occurring in the first place, it's advised that you make use of security testing.
There are several different types of tests. On the one hand, there are penetration tests (also known as "ethical hacks" or "ethical hacking") which use the same methods and means a malicious user would to gain access to your network and steal sensitive data. This allows the pen-testing organisation to see whether your security countermeasures are up to scratch and it allows you to figure out what needs to be done to improve them. And on the other hand there's vulnerability testing which identifies weak spots in your security infrastructure.
Security tests are useful when it comes to protecting yourself against future breaches or breach attempts, as they help you limit what (if anything) the malicious user can access and they also allow you to take steps towards better IT security, patching vulnerabilities and preventing breaches from happening.
Marketing Director at Advantio. The articles published in the Advantio Blog have the goal of supporting our mission: making IT Security simple for everyone.
My intention is to discuss IT Security related topics with the eyes of a non technical person, speaking a simple language and trying to show to the readers the benefit of IT Security best practices.