The top five cybercafés being discussed are: . Tax-refund fraud 2. Corporate account takeover 3. Identity theft 4. Theft of sensitive data 5. Theft of intellectual property Scope Of cyber crime Virtual environments have become fertile territory for cybercafé, with the number of crimes escalating each year along with the severity of losses. In 201 1, online revenue losses resulting from fraudulent transactions were estimated to be $3. 4 billion, up from $2. 7 billion in 2010.
Revenue losses are based only on fraud associated with e-commerce and exclude fraud involving theft/loss of mobile devices and other forms of cybercafés. Credit-card fraud was up 32 percent from 2009 to 2010. The average dollar amount of fraudulent transactions also increased by 34 percent. Federal Reserve statistics place credit-card fraud costs to U. S. Businesses at $52. 6 billion annually. In 2010, 32 percent of U. S. Consumers reported a credit-card fraud had occurred in the last five years.
In 2009, that figure was 27 percent over the previous five years. Most of those credit cards were compromised in a virtual setting and therefore should be viewed as cybercafé. Growth in cybercafés and their attendant costs are documented in a 2012 Phenomenon Institute study. In the study, 56 large U. S. Businesses surveyed reported an average annual cost Of $8. 9 million for cybercafés, with costs reaching $46 million for one company. The average annual cost climbed six percent from the 2011 study.
Companies participating in the study suffered an average of successful attacks per week, up from 72 in 2011. The report concluded that cybercafé appears to be worsening, and that 51 percent of Coos reported that their companies have been attacked either daily or hourly. In 2011 , online revenue losses resulting from fraudulent transactions were estimated to be $3. Billion, up from$2. 7 billion in 2010. Companies participating in a 2012 Phenomenon Institute study suffered an average of 1 02 successful cyber-attacks per week, up from 72 in 2011.
For optimal results, clients should ask their CPA to audit their privacy and security policies and controls. Following the audit, preventive controls for the major risks that were identified need to be instituted. Three strategies that can help management develop those controls are: Timely and proactively patching vulnerabilities, including vulnerTABLE software. Using least-access privileges and other sound social access controls to help remedial crimes perpetrated internally. For external threats, sound perimeter controls such as firewalls and Intrusion Detection Systems (IDS) are critical to protection.
Monitoring systems, technologies and access, such as various logs created by technologies for those activities, with associated controls varying based on the threat level (also a detection strategy). BUSINESS INSURANCE In an age of financially motivated cybercafés, every entity should have sufficient business insurance coverage to recover any financial losses. Executive management team members, especially the SCOFF, must evaluate the entity’s insurance coverage to ensure that it could recover estimated losses from any cybercafé. Reviewing coverage should be done on a reasonTABLE periodic basis.
How should we respond to each of these crimes? How would we fully recover from each of these crimes? The manner in which an entity responds to a cybercafé provides valuTABLE insight into its possible vulnerabilities and preventive steps that could have been taken before the crime occurred. A Verizon study of 600 incidents of security breaches over a five-year period reveals that in 87 percent of cases, investigators concluded that breaches could have been avoided if reasonTABLE security controls had been in place at the time of the incident.
Thus, a good place to start BEFORE a breach occurs is reasonTABLE security controls as defined by the information security profession as best practices or principles. Remediation measures and controls that apply to one cybercafé often apply equally well to others, which results in multiple cybercafés being addressed with a single countermeasure. This further supports the position that measures and controls taken by entities once a cybercafé occurs are the same measures and controls that should have been in place before the breach.
