Manualshelf

Datasheet

ManualsBrandsFor Dummies Manualsbooks978-0-470-38843-3
11121314151617181920
19
Chapter 1: Defining Data Loss
More social engineering: This is an older, non-technical means of com-
promising security; it shifts the attack activity away from computer net-
works and operating systems and toward the end-user as the weak link
in the security chain.
Smishing and/or SMS (text) phishing: In this new variant of phishing,
the phisher uses SMS (Short Message Service — that is, texting) mes-
sages to tell victims they’re being charged for services they didn’t
actually sign up for. They’re asked to go to a Web site to correct the
situation — a process that requires the victim to enter credentials that
are useful to the bad guy.
Vishing and/or voice phishing: This approach uses traditional e-mail
phishing to ask the victim to call a phone number owned by the attacker
who can then fake an interactive voice-response tree — including hold
music — that extracts information while lulling the victim into a false
sense of security. Cyber-criminals love voice-over-IP (making telephone
calls over the Internet, also called VoIP) because it makes the attacks so
economical — the calls are free or cost a few cents.
More connections, more risk
The more people work online, the more opportunity exists — for doing busi-
ness and for committing cyber-crimes. Data leakage and identity theft have
grown to epidemic proportions worldwide over the last two years. They
affect everybody, and they’re hard to detect it until it’s probably too late.
Such fraud may account for as much as 25 percent of all credit-card fraud
losses each year. For the criminals, identity theft is a relatively low-risk, high-
reward endeavor. Issuers of credit cards often don’t prosecute thieves who
are apprehended; they figure it isn’t cost-efficient. They can afford to write off
a certain amount of fraud as a cost of doing business.
Most victims, whether individual or corporate, don’t even know how the
perpetrators got their identities or other sensitive information — or how they
managed to lose the data in the first place. (Hint: There’s a leak somewhere.)
Companies that have lost data often have difficulty answering some basic
inquiries:
Describe in detail the categories of information compromised from a lost
company laptop (for example, name, address, phone number, date of
birth, driver’s license number, or other personal information).
Describe all steps that your company has taken to track down and
retrieve the personally identifying information.
05_388433-ch01.indd 1905_388433-ch01.indd 19 1/23/09 9:36:07 PM1/23/09 9:36:07 PM