Bernard Everett, InfoGuard: Cyber crime threatens the core infrastructure supporting critical business activities, Tapping into fibre optic cables is easier than you think!
As we start to assess the damage and possible consequences of the 25 million people now open to data fraud after two disks containing personal and financial records have gone missing, it has to be asked ‘what happens if this information was freely available to anyone possessing off the shelf eaves-tapping equipment?’
State-of-the-art fibre optic networks are employed by many banks, insurance companies, enterprises and public authorities as their communication backbone, supporting critical business activities, it just so happens to be the place where industrial espionage is rife. If no security precautions are taken to prevent the theft of data, the consequences could be devastating. Unlike in this most recent case were two disks have clearly gone missing, in a premeditated tapping of an optical network it is extremely unlikely that the victim will even be aware the perpetrator exists; information will not go missing as our data thief will be simply eavesdropping and coping what transpires over the network.
What could it mean to your business?
The world has been shocked to think that the institution that sets the standard and writs the rules, legislating how data needs to be protected can be today at the forefront of one of the largest losses involving 25m files containing individual personal information.
In the commercial sector directors are now made personally liable and can face prosecution, and made to pay damages and fines and can even face imprisonment. In regards to HM Revenue and Customs the question can be rightly asked as to who will ultimately take responsibility?
For some industry sectors the worst impact can be the devastating customer’s trust which as in the case of Northern Rock can have huge consequences on the investment and stability of a financial institution. In a survey by the Wall Street Journal it is estimated that companies that have incurred a breach of information can face a share price loss of up to 3.3% on the day of disclosure, followed by 5 – 24% thereafter with only 30% of such companies being able to recover at all. A recent example is Card Systems which lost $300m in the first 24hrs after disclosing a breach in which 45m credit card details were hacked; Card Systems were then acquired by its competitor Choice Point.
After the humiliation of numerous press conferences, the financial damage does stop with the share price. There are huge additional indirect costs associated with a breach where sensitive data whether it is National Security Numbers, Health Data, Credit Card details or other financial records are lost. Some of these costs will be linked to Public hearings, e.g. Bank of America and Card Systems, call centers, investigations, and credit checks. With an estimated cost of between $100 and $125 per customer, it is reported that Atlantis Resort paid an approximate $6m and Fidelity $15m in additional indirect costs. It is unlikely that in this situation the HM Revenue and Customs will go out of business as it is clear who ultimately will pick up the tap for this ‘oversight’!