Speaking at the TMG Executive Summit, Krebs insisted that organizations buy into the idea that doing security right is layering on the right mix of technology software and services, and that this combination will block 99% of attacks. It is expensive to do security right, and that is partly because the actual security of one’s organization comes from security specialists.
According to Krebs, there’s no substitute for the human. Different organizations face different threats, but one of the truths of breached organizations is that they had all the data telling them they were hacked, but no one looked at it until after the incident. It is not uncommon, Krebs said, for an organization to look at its event logs for the first time after someone like him gives them a call.
Phishing, he said, is becoming increasingly sophisticated, even though some cybersecurity experts talk about it as a solved problem. Over a span of three weeks, Krebs notified several different companies of phishing threats facing their C-suites. He had seen actual communications spoofing CEO email addresses on the dark web. No one from any of these vulnerable organizations returned his calls.
As for stolen credit cards, Krebs believes we are in “a historic glut of credit card data.” It’s never been easier to buy stolen credit cards, he says, largely due to an explosion of sophisticated and criminal-centric fraud sites intent on delivering a great experience for the criminal element.
Also, as the US moves toward full implementation of EMV, Krebs expects card-not-present fraud to increase, but noted the more critical threat is account takeover.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now