Happy Friday everyone, and welcome to a new feature on Law Street! Every day we bring you the top five controversial stories in law and policy, with our RantCrush Daily newsletter. But in today’s age of fake news and alternative facts we feel like news literacy is more important than ever. So check out our RantCrush quiz to see how much attention you paid to the news this week, and sign up for RantCrush to make sure that you get the breaking stories in your inbox every single day.

Check out the quiz below!

Anneliese Mahoney

Anneliese Mahoney is Managing Editor at Law Street and a Connecticut transplant to Washington D.C. She has a Bachelor’s degree in International Affairs from the George Washington University, and a passion for law, politics, and social issues. Contact Anneliese at amahoney@LawStreetMedia.com.

The post Can You Keep Up With This Week’s News?: May 19, 2017 appeared first on Law Street.

On Friday, a massive cyber attack hit several nations in Europe and Asia, and disrupted the computer systems at multiple British hospitals. Patients were turned away as hospital staff couldn’t access the computers, and appointments had to be cancelled. The BBC reports that as many as 74 countries were affected, and security researchers believe all of the incidents are related.

The British public health system, National Health Service, advised people to only seek medical help at hospitals if it was an emergency. Ambulances were redirected to other hospitals. The screens on the hacked hospitals’ computers showed a message from the hackers each demanding $300 in Bitcoins within three days to unlock the information.

BREAKING: Multiple NHS trusts across UK under malware attack. Actual screenshot of the threat ppl are seeing: https://t.co/ZBm6a7ImwQ pic.twitter.com/7NVy8xvfyD

— Shaun Lintern (@ShaunLintern) May 12, 2017

The technique behind the attack is so-called “ransomware,” which basically is a type of software that infects a digital machine and locks its functions until a ransom has been paid. The name of this particular malware is “Wanna Cry,” also known as “Wanna Decryptor.”

36,000 detections of #WannaCry (aka #WanaCypt0r aka #WCry) #ransomware so far. Russia, Ukraine, and Taiwan leading. This is huge. pic.twitter.com/EaZcaxPta4

— Jakub Kroustek (@JakubKroustek) May 12, 2017

Several experts believe the cyber attack is linked to a hacker group called The Shadow Brokers–the same group that claimed in April that it had stolen and released malware created by the National Security Agency, NSA. It was not exactly clear what the groups’ motive was–it said it wanted to protest President Donald Trump, but also that it opposed the removal of Steve Bannon from the National Security Council.

The hackers also claimed they are “not fans of Russia or Putin,” but security experts said they could possibly be associated with the Russian government. One chief executive of a cyber-security firm, Jake Williams, said, “Russia is quickly responding to the missile attacks on Syria with the release of the dump file password that was previously withheld.”

Could we be seeing the largest cyber attack in history? Organisations in 74 countries now hit including FedEx and NHS #ransomware #WannaCry

— Lisa Forte (@lisaoncyber) May 12, 2017

Other companies that were affected include Spanish electric company Iberdrola, utility provider Gas Natural, University of Milano-Bicocca in Italy, Portuguese telecommunications provider Portugal Telecom, and FedEx. The largest telecommunications company, Telefonica, was also hit, but the attack reportedly didn’t affect any customers. It seemed to be a new kind of ransomware, and it spread fast. Some said it seemed to be a worm–a malware program that spreads by between computers, like a virus.

In Britain, the NHS is facing criticism for not doing enough to protect its computer systems against attacks like these. The hacker group became known two months ago, and Microsoft released a program that could protect against its malware. But not all NHS computers installed it. Ross Anderson from Cambridge University is one of the critics. “If large numbers of NHS organizations failed to act on a critical notice from Microsoft two months ago, then whose fault is that?” he said.

Emma Von Zeipel

Emma Von Zeipel is a staff writer at Law Street Media. She is originally from one of the islands of Stockholm, Sweden. After working for Democratic Voice of Burma in Thailand, she ended up in New York City. She has a BA in journalism from Stockholm University and is passionate about human rights, good books, horses, and European chocolate. Contact Emma at EVonZeipel@LawStreetMedia.com.

The post Global Cyber Attack Put British Hospitals Out of Commission appeared first on Law Street.

Medical information is usually viewed as a private affair. But due to the proliferation of technologically advanced devices–heart monitors, X-ray devices, and even fitness trackers–the ability to gain access to a person’s sensitive health information may be easier than most realize. Unsecured devices could lead to disastrous consequences, as any alteration to a patient’s device could be a life or death situation. Medical device hacking may be the largest cybersecurity threat faced by Americans in the coming years. This gigantic security concern is quietly lurking in citizens’ insulin pumps and pacemakers.

Despite having federal and state guidelines to protect and secure individually identifiable health information, accessing a person’s most detailed medical information may be as simple as pressing a few buttons. New Food and Drug Administration (FDA) guidelines issued at the end of 2016 may be able to combat easy access to medical devices, but only with cooperation from device manufacturers. There are also no current plans for enforcement of these guidelines by the FDA, as they are non-binding recommendations. Read on to learn about the security concerns presented by medical devices.

What is a Medical Device?

A medical device, as defined by the FDA, is “an instrument, apparatus, implement, machine, contrivance, implant, in vitro reagent, or other similar or related article, including a component part, or accessory” that is used “in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease.” Such devices are regulated by the FDA and may be utilized for animals as well as humans. Tongue depressors, bedpans, x-ray machines, and complex programmable pacemakers with microchip technology all fall under the broad definition of a medical device. Moreover, surgical lasers, wheelchairs, and even sutures and orthopedic pins are classified as medical devices. If the primary intended use of a product is achieved via a chemical reaction or metabolized by the body, then it will usually fall under the definition of a “drug.” The U.S. is the global leader in the medical device market, with a total market size of roughly $148 billion in 2016. The Department of Commerce determined that U.S. exports of medical devices in specific categories exceeded $44 billion in 2015. Research and development in this sector are also more than twice the average for all U.S. manufacturers.

Medical Privacy Laws

A person’s medical history is a deeply personal collection of information. Highly sensitive material ranging from mental health treatment and sexual history to genetic disorders and diseases can be contained in an individual’s medical file. Numerous laws have been passed in the U.S. on federal and state levels to ensure that Americans’ health information remains confidential and secure. The most comprehensive law ever passed in the field of medical privacy is the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The act required the Secretary of the Department of Health and Human Services to develop regulations to protect the privacy and security of certain medical information. Under HIPAA, the government established national standards to protect individuals’ medical records and give patients control over who can access personal health information. Essentially, without direct patient authorization, specific entities are limited on the uses and disclosures of individuals’ medical records.

“Paper files of medical records” Courtesy of Newtown grafitti : License: (CC BY 2.0)

In 2000, the Standards for Privacy of Individually Identifiable Health Information (the Privacy Rule) came into effect; the guidance comprehensively explains answers to questions about the privacy requirements of HIPAA. Generally, the Privacy Rule permits that incidental uses and disclosures are permissible only if they are a by-product of a reasonable or permissible disclosure. The rule requires covered entities to take reasonable steps to limit the use or disclosure of protected health information. It applies to health plans, health care clearing houses, and any health care provider who transmits health information in electronic form. Individually identifiable health information is information that relates to: an individual’s past, present, or future physical or mental health or condition, the provision of health care to the individual, or the past, present, or future payment for health care for the individual.

The Security Standards for the Protection of Electronic Protected Health Information (the Security Rule) also established national security standards for certain health information held or transferred in electronic form. The Security Rule particularly addressed technical and non-technical safeguards that covered entities must utilize to protect individuals’ electronic protected health information (e-PHI). Entities covered by the Security Rule must ensure the confidentiality and integrity of all e-PHI being received or transmitted, as well as protect against any reasonably anticipated threats to the security or integrity of such information. Under the intricacies of HIPAA’s Privacy Rule and Security Rule, the U.S. government has clearly gone to great lengths to protect citizens’ medical records from improper use or disclosure by entities without direct patient authorization. Certain medical devices utilized today may contain information regarding a person’s medical condition that is as detailed as their medical records–what ailments a person is being treated for, or what dosage of medicine a person takes daily. Therefore, protecting these devices from unwanted intrusion and hacking should be of the utmost importance to ensure patient health and privacy.

Medical Device Security and Privacy Concerns

The FDA has been warning hospitals and health providers for years that medical devices and hospitals are vulnerable to hackers. In early 2016, the Hollywood Presbyterian Medical Center in California fell victim to a ransomware attack, which infects a computer and then encrypts files until someone pays to have it unlocked. The attackers in California held patients’ medical data hostage until the ransom was paid, roughly $17,000 in bitcoin. Ransomware also hit other hospitals around the country.

One of the largest consumer concerns regarding medical devices is that individuals can do little to protect their devices themselves. It’s up to the manufacturers of a device’s hardware and software to employ proper security measures. Another issue plaguing medical devices is that most of the laws protecting medical privacy fall under the Health and Human Services’ umbrella; however, regulating medical devices falls in part under FDA jurisdiction. The disconnect explains how the interactions between medical device regulations and privacy laws lead to administrative issues. In a cybersecurity briefing, the U.S. government warned that pacemakers were easy targets for hackers.

Furthermore, in October 2016, Johnson & Johnson notified 114,000 diabetic patients that a hacker could potentially exploit one of its insulin pumps. The pump could be attacked by either disabling the device or altering the dosage of insulin. Some medical infusion pumps in hospitals are even connected wirelessly because it makes monitoring dosages easier. Patients in the hospital could potentially have their pumps controlled remotely by a hacker, which is relatively simple to do.

While the threat to medical devices has been common knowledge for the past few years, few people have attempted to rectify the glaring holes in the current system. Security researchers have managed to remotely control medical devices including pacemakers, insulin pumps, and defibrillators. Thus, it is quite possible that hackers may start setting their sights on specific medical devices, not just entire hospital systems. U.S. officials began investigating flaws in pacemakers in August 2016, when a batch ran out of battery three months earlier than anticipated. While that particular batch simply had a rare defect that caused them to fail, the months of investigation culminated in the FDA releasing 30 pages of guidance regarding medical devices’ security flaws.

New FDA Guidelines

The FDA first issued a guidance in October 2014 that contained recommendations for manufacturers to build medical devices with cybersecurity protections. These guidelines were expanded in December 2016; however, the recommendations to manufacturers were non-binding, making the document not legally enforceable and not a particularly strong stance on securing future medical devices. As part of the new recommendations issued, the FDA encourages manufacturers to swap information with each other and consistently deploy software patches and updates to fix any security vulnerabilities. Moreover, the agency has asked manufacturers to adhere to a checklist created by the National Institute of Standards and Technology. Early product development that focuses on protecting medical devices from hackers is of the utmost importance. The FDA also suggested that manufacturers join the Information Sharing and Analysis Organization to share details about detected security risks and attacks when necessary.

Conclusion

Researchers saw a rise in the occurrences of cyberattacks on a global scale in 2016. Technological advances in medical devices certainly encourage more effective health treatment, but the increasing reliance on vulnerable software potentially puts the health of citizens at risk. Thus, implementing a structured and comprehensive plan to manage cybersecurity risks is critical. While the new FDA guidelines are a respectable start to ensuring medical devices are free from cybersecurity threats, making the recommendations mandatory as opposed to voluntary may be the only way to keep individuals’ medical information safe from prying eyes. Many contend that while the recommendations could be more stringent, this is just the first step in a long road to addressing cybersecurity in the medical field. For now, the onus remains on the manufacturers to patch detected vulnerabilities in their devices and software and develop devices safe for consumers.

Nicole Zub

Nicole is a third-year law student at the University of Kentucky College of Law. She graduated in 2011 from Northeastern University with Bachelor’s in Environmental Science. When she isn’t imbibing copious amounts of caffeine, you can find her with her nose in a book or experimenting in the kitchen. Contact Nicole at Staff@LawStreetMedia.com.

The post Privacy Concerns: Can Your Medical Device Be Hacked? appeared first on Law Street.

A hospital in Los Angeles, the Hollywood Presbyterian Medical Center, recently agreed to pay a ransom of $17,000. But the ransom wasn’t paid to free some worker held hostage or to prevent the release of a catastrophic pathogen. Instead it was handed over to hackers for the safe return of its patients’ medical files. Hackers managed to penetrate the hospital’s computers and encrypt its files, and demanded a large sum to be paid in the form of Bitcoins. While this scenario sounds far-fetched, this type of crime is actually on the rise. Read on to find out more about ransomware, bitcoins, why these types of attacks are increasing, and what can be done to stop them.

What is Ransomware?

Ransomware is a type of malware employed by hackers to stop users from accessing their own information or data.  It does this in one of two ways. Either a screen is locked and instructions are provided for unlocking it, or important information is encrypted and a password or key known only to the hackers is required to reopen the essential information. While the exact date of ransomware’s origin is non-definite, it appears to have started in Russia sometime around 2006, spreading globally by 2012.

By 2013, ransomware hackers were using encryption through something known as CryptoLocker. Before encryption, ransomware typically blocked people from using their computers or tricked users into paying to regain access to their computers. An example of this is Reveton, which shows notifications claiming to be from a law enforcement agency, informing the user that a crime has been committed and a fine must be paid. But such malware could be uninstalled or removed with an antivirus program, though even that can be particularly difficult. When encryption came on the scene, hackers began encrypting files, making it impossible for users to access their own information without an encryption key. Even if the ransomware is removed, the files remain encrypted. This key element of ransomware is what makes it both very dangerous and lucrative, as it can be removed yet continue to do damage.

In 2014, ransomware hackers also began using the Tor network to remain anonymous. Tor is a unique network that does not directly plug into the internet, connecting through a series of servers instead. Hackers began using this network to communicate with command and control servers that store the encryption key, which can be sent to an infected computer after a ransom is paid. Doing so makes it nearly impossible to track an attack to an individual because their identity is concealed throughout the process.

The accompanying video gives a quick look at what ransomware is:

Payment

Paying the ransom part of ransomware is also an increasingly complex process. In the case of ransomware like Reveton, hackers often request payment through several services that are difficult to trace such as UKash, PaySafeCard, and MoneyPak. But a growing trend among these hackers has been to request the money in Bitcoins, which is how the hospital in Los Angeles paid its ransom. Bitcoin is a type of cryptocurrency that exist entirely online with no physical presence. Bitcoins are not controlled by a central bank and are based on mathematics, making it completely decentralized and not tied to the value of a commodity like gold or silver. Bitcoin is particularly attractive to hackers because of the anonymity it provides.

Growing Popularity of Ransomware

The threat of ransomware is also on the rise. As of January 2013, there had been 100,000 such attacks but by the end of that year alone that number rose to nearly 600,000, according to Antivirus software company Symantec. Symantec also looked at data from command and control servers used by ransomware hackers to estimate how profitable these scams really are. According to its calculations, hackers can earn around $33,600 per day, amounting to as much as $394,000 in a month. Two primary questions remain: how do hackers select targets and why are attacks increasing?

To answer the first question, targets so far have generally been chosen at random, although future hackers could research a target beforehand to find the most lucrative one. While targets are generally chosen at random, many victims have been infiltrated by viruses or spyware before, suggesting that certain victims may be chosen simply because their systems are easy to penetrate. Traditionally, these random targets were individuals who paid small sums, but recently, the size of the target and the requested ransoms have increased. Conventional wisdom on the use of ransomware is also changing as the payment for these random attacks has shifted more and more to Bitcoins.

Bitcoins help answer the second question–why are ransomware attacks on the rise? While Bitcoin is completely transparent when it comes to transactions, it is often very difficult to trace a Bitcoin address back to an individual, making it easy for hackers to remain anonymous. The rise of Bitcoin has given hackers a reliable and anonymous method to receive ransom payments, which likely contributes to the rise in ransomware attacks.

The video below comments on the attack in LA and the rise of such attacks:

Stopping Ransomware

So with ransomware attacks increasing, how can people avoid falling victim?  There are several steps any user can take to eliminate or, at least, mitigate their exposure to dangerous ransomware. First is to use a reputable anti-virus software to help prevent and remove malicious programs. But reputation is important, as there are many fake options that may actually give your computer a virus. Similarly, it is important to make sure your computer’s existing firewall is strong and activated.

Even with anti-virus software in place and a strong firewall, it is still paramount to be cautious. Using a pop-up blocker and being careful when opening email attachments is also an important way to avoid exposure. It is additionally important to back up files and information regularly. If you have a backup of your files in the cloud or on an external hard drive, you will still have access to your information even after it is encrypted by ransomware.

In the event of a ransomware attack, it is also important to get the authorities involved, including the FBI, as ransomware is generally beyond the scope of local police departments. In fact, the police themselves are not immune to attacks either, as police departments in both the Boston area and in Maine fell victim and paid subsequent ransoms.

So far, the FBI has actually had some success fighting ransomware.  In 2013, for example, it stopped the software platform Citadel, which was behind the Reveton-style ransomware attacks. In 2014, the FBI also disrupted a major botnet–a network of computers used to infect computers with malware– and seized control of the servers behind CryptoLocker. While the FBI has had some success fighting these hackers, in certain cases the bureau says the best way to fight ransomware is to actually pay the ransom. While this goes against the conventional wisdom of not giving into criminals’ demands, the encryption used is often nearly impossible to crack and the requested ransoms may be relatively small. Put simply, for some people its often easier to just pay up.

Conclusion

Not only is ransomware on the rise, it is becoming much harder to combat and hackers are moving to even more lucrative targets. While it is bad enough that individuals often have to deal with ransomware, hackers are now starting to go after essential institutions such as police departments and hospitals. While targets take on an ever-growing importance, the reality is that ransomware is not going away anytime soon. In many respects, ransomware is not that different from other types of malware, with the exception that it offers to restore the user’s capabilities for the right price. As is the case with other malware, ransomware shows no signs of fading. Its methods are becoming more effective and recovering payments is easier than it has ever been.

Unfortunately, potential targets and those already affected have little recourse in this battle. While the FBI has made some progress, even it suggests that paying up for relatively small amounts may be victims’ best option. An important question going forward is how to respond if hackers increasingly target important institutions. And as the profiles of these targets increase, will the ransoms increase as well?

Resources

Symantec: Ransomware: A Growing Menace

Tech Times: LA Hospital Hit By Ransomware Pays Hackers $17,000: Is It The Right Choice

Trend Micro: Ransomware

Tor Project: Tor Overview

Coin Desk: What is a Bitcoin?

Phys.org: Why Ransomware is on the rise

Norton: Beware the Rise of Ransomware

Federal Bureau of Investigations: Ransomware on the Rise

The Security Ledger: FBI’s Advice on Ransomware? Just Pay The Ransom

Michael Sliwinski

Michael Sliwinski (@MoneyMike4289) is a 2011 graduate of Ohio University in Athens with a Bachelor’s in History, as well as a 2014 graduate of the University of Georgia with a Master’s in International Policy. In his free time he enjoys writing, reading, and outdoor activites, particularly basketball. Contact Michael at staff@LawStreetMedia.com.

The post Ransomware: Holding Our Digital Lives Hostage? appeared first on Law Street.

The Internet Crime Complaint Center (IC3) recently released a report with a stunning conclusion: people are losing more money to internet scammers than ever before. In its 14th year of operation, the IC3 released the 2013 Internet Crime Report, which shows a “48.8 percent increase in reported losses since 2012.”

What are these crimes, who are they targeting, and what is causing the sudden surge in reported losses?

What is the IC3?

The IC3 is a partnership between the  Federal Bureau of Investigation and the National White Collar Crime Center (NWC3). It acts as a reporting mechanism for victims of online crime as well as a resource for law enforcement at many levels. Each year it releases a detailed annual report on cybercrime.

In the 2013 report the IC3 stated, “criminals continue to use a variety of scams to defraud Internet users,” making it clear that the online crime picture is a diverse one. It’s important to analyze precisely for this reason. There were 262,813 complaints received, of which roughly half of the victims reported financial loss. These losses totaled almost $800 million.

What are the Cybercrimes?

The 2013 report breaks down the different types and methods of cybercrimes. Vehicle fraud, for example, is one of the most prevalent forms. Trying to buy cars from scammers has cost over 1,400 people an average of $3,640 per incident. Perpetrators who pose as FBI agents have cost victims $6,348,881 in total. Cybercriminals can also defraud victims by pretending to sell real estate, producing ransomware or scareware, and even threatening to carry out jobs as hit men.

Surprisingly, romance scamming has caused the highest average losses for its victims. These scams involve a falsified online romantic relationship and cost the average victim about $12,756. By professing love and enticing victims to send financial assistance, romance scammers generally target “people aged 40 years and older, divorced, widowed, disabled, and often elderly,” the report said.

The targets of cybercrimes are primarily middle-aged. For years now the largest demographic has been the 40-59 year old age group, consistently making up over 40 percent of victims of online crime. The extreme age demographics, those under 20 and over 60, are both affected much less, as they make up just over 3 percent and just over 15 percent of victims, respectively. One possible explanation is that those who have grown up with the internet navigate its criminal spaces more carefully, while many of the elderly are simply not online.

What has been happening with Cybercrime?

Although each demographics’ share of cybercrime victims has remained relatively stable, the reported losses have been far from static. An increase of almost 50 percent from 2012 to 2013 demonstrates a wildly changing environment for online crime. While this spike may suggest that the IC3 has been receiving more complaints, its reports indicate otherwise. Each listed demographic actually reported fewer complaints in the previous year. Financial losses per complaint must be rising.

While there was nearly a 22 percent decrease from the number of complaints in 2009 to 2013, the IC3’s reported losses rose from $559.7 million in 2009 to over $781.8 million in 2013. Among those who reported any financial loss, the average loss increased from about $5,500 to well over $6,000 between 2009 and 2013. It seems as though the increased reported losses do not reflect a greater public knowledge of the IC3 and an increased number of reports. Instead, the decrease in actual complaints coupled with the increase in average reported losses suggests that internet scamming may be more lucrative than it has ever been.

As are all sources of criminal information, the IC3 is limited. It relies on the victim filing a complaint through the IC3, and as with all crimes, many cases will go unreported. Unfortunately, it stands alone in its domain. Other data collection systems like the Uniform Crime Reports aggregate data from law enforcement agencies, not from the victims themselves. The National Crime Victimization Survey (NCVS) uses surveys to determine victimization, but does not focus on internet crime. It asks young people about cyber bullying and has compiled a report specifically on identity theft. Aside from these questions, it appears that the NCVS fails to collect information about cybercrime. However if, cybercrime is paying more, then the IC3 and similar programs should be supported as much as possible.

[IC3 Report]

—

Jake Ephros (@JakeEphros)

Featured image courtesy of [EP Technology via Flickr]

Jake Ephros

Jake Ephros is a native of Montclair, New Jersey where he volunteered for political campaigns from a young age. He studies Political Science, Economics, and Philosophy at American University and looks forward to a career built around political activism, through journalism, organizing, or the government. Contact Jake at staff@LawStreetMedia.com.

The post Who Said (Cyber)crime Doesn’t Pay? appeared first on Law Street.

Security breaches among major companies such as Target, eBay, and Neiman Marcus dominated news headlines this past year and led many to wonder about the safety of the information stored with organizations throughout the United States. The statistics from the May 2014 US State of Cybercrime Survey are far from reassuring.

The survey, a combined effort of PwC, CSO magazine, the CERT Division of the Software Engineering Institute at Carnegie Mellon University, and the US Secret Service, states that the number of cybercrime incidents and the fiscal losses they incur are rapidly rising. The findings reveal that this is mainly because the companies could not adequately defend themselves from cyber-attacks. According to the 2014 survey, the top five methods for cyber-attacks involve malware, phishing (the attempt to acquire sensitive information such as usernames or passwords), network interruption, spyware, and denial-of-services attacks.

The report covered information from 500 different corporations and government agencies, including law enforcement, and stated that “three out of four had had some kind of security breach just in the last year, and the average number of incidents per organization was 135.”

Fourteen percent of those surveyed reported that monetary losses attributed to cybercrime have increased in the past year. The actual costs are generally not known, as the majority of those who reported a cyber attack were unable to estimate the associated financial costs. Of the few survey respondents that could, the average yearly loss was around $415,000. Businesses are beginning to feel that cyber security is an issue that is out of their control and that cyber attacks are costing them an increasing amount of money.

 Why the Rising Rate?

One of the major problems associated with the rising rate of cybercrime is that few companies, only 38% according to the survey, are adequately prepared to combat cybercrime. These rising rates are not simply due to inadequate defenses, but also increasingly sophisticated techniques used by cyber criminals. According to an article on Time.com, the most pertinent threats to cyber security in the United States come from Syria, Iran, China and Russia.

There are two kinds of big companies in the United States: those who’ve been hacked by the Chinese and those who don’t yet know that they’ve been hacked by the Chinese.

-FBI Director James Comey

The 2014 report lists major reasons why these attacks are on the rise. It claims that a few reasons are that most organizations do not spend enough on cybersecurity and do not properly understand cyber security risks. According to the survey, there is also a lack of collaboration among companies that have experienced a breach or other form of cyber attack, specifically that “82% of companies with strong protection against cybercrime collaborate with others to strengthen their defenses.” Other pertinent issues leading to increased cybercrime are insufficient security of mobile devices and lack of proper evaluation of attacks within organizations.

What can be Done to Lower the Rate of Cyber Attacks?

According to the 2014 survey, one major way for corporations and agencies to prevent cybercrime is through company-wide employee training which has been shown to be effective but is no currently used frequently enough. According to an article on CSO’s website, many organizations aren’t running information security training programs that are up to date. The 2014 survey recommends that the main focus of companies should be protecting the private financial information of their consumers. Perhaps as companies continue to strengthen the efforts of their cybersecurities, the rate of attacks from online adversaries will begin to lower, causing the 2015 report to reflect a decrease in cybercrime.

—

Marisa Mostek (@MarisaJ44) loves globetrotting and writing, so she is living the dream by writing while living abroad in Japan and working as an English teacher. Marisa received her undergraduate degree from the University of Colorado in Boulder and a certificate in journalism from UCLA. Contact Marisa at staff@LawStreetMedia.com.

Featured image courtesy of [geralt via Pixabay]

Marisa Mostek

Marisa Mostek loves globetrotting and writing, so she is living the dream by writing while living abroad in Japan and working as an English teacher. Marisa received her undergraduate degree from the University of Colorado in Boulder and a certificate in journalism from UCLA. Contact Marisa at staff@LawStreetMedia.com.

The post Criminals Availing in Cyberspace appeared first on Law Street.