Genuinely Understanding What’s Happening
It is critically important that organizations pay close attention to the loss history -- both within their own organization, and outside their organization -- in order to get a sense for what is actually happening in the fast-changing information security and privacy field. Loss history data points of note should include not just the security and privacy breaches reported, but also:
- internal accounting frauds suffered
- related insurance claims filed
- security vulnerability reports received
- staff grievances about security and privacy submitted
- third party reported vulnerabilities not addressed
- shareholder lawsuits filed
- budget overruns occasioned by security or privacy problems
- lost staff days due to system downtime
- lost business deals caused by inadequate intellectual property controls
- government regulator interventions triggered
- adverse external audit reports received
Emerging fraud trends related specifically to payments.
"According to the the Federal Reserve Bank Systems, 2013 Payments Study, in 2012, 13.7 million fraudulent transactions involved credit cards, totaling $2.3 billion; 14.9 million involved debit or prepaid cards, totaling $1.5 billion; and 1.3 million, totaling $300 million, were categorized as fraudulent ATM withdrawals."
Comparison of Card Fraud to ACH and Check Fraud
The number of attacks is increasing.
Attacks Are Costly
Percent of Incidents by Category
Establishing an organizational governance structure to ensure that information security and privacy are adequately addressed, on an ongoing basis, is a multi-project endeavor. One often overlooked part of this endeavor is the establishment of a loss history record-keeping process, a related analysis process, and a related report generation process. Only when a multi-dimensional view of what’s happening is compiled via this loss history management process, can top management have confidence that they truly understand the nature of the problems, and that their efforts are indeed showing positive results.