Should the U.S. prepare for cyber extortion?

Monday - 5/3/2010, 4:41pm EDT

Cybersecurity Update - Tune in weekdays at 30 minutes past the hour for the latest cybersecurity news on The Federal Drive with Tom Temin and Jane Norris (6-10 a.m.) and The Daily Debrief with Chris Dorobek and Amy Morris (3-7 p.m.). Listen live at or on the radio at 1500 and 820 AM in the Washington, D.C. metro area.

  • U.S. corporations that are unfortunate enough to experience a data breach face much higher costs than organizations in other parts of the world, and that is probably true for your agency, too. The findings come from research released recently by the Ponemon Institute and sponsored by security firm PGP Corporation. CSO magazine reports that the study is the first time the Institute has undertaken a worldwide investigation. The research calculated the average cost of a data breach globally at $3.43 million last year -- that works out to about $142 per compromised customer record. But the analysis found that costs varied dramatically between regions, from $208 per lost record in the U.S., down to $98 per record in the UK. The report reveals that costs incurred in countries with data breach notification laws were significantly higher than in countries where no such legislation exists.

  • Should the United States be prepared for the age of cyber-extortion? A research scientist with deep knowledge of the psychological factors that drive people in different countries to take on a life of cybercrime is predicting a new wave of cyber extortion tactics will be used in attacks against firms in the United States. Max Kilger is a senior member of the non-profit research organization, The Honeynet Project. And he spoke at the SOURCE Boston 2010 conference last week. He says that cybercriminals based in emerging countries are stepping up their attacks methods, possibly by using cyber extortion to commit crimes against firms in the U.S. Similar tactics have already been documented in attacks on businesses in Russia, China and Eastern Europe. That according to TechTarget's SearchSecurity. The extortion prediction hinges on research that shows a loose coupling of cybercriminals and criminal enterprises. The cybercriminals collects information on the target, while the criminal enterprises can use their muscle to physically threaten the target.