Sony, Target and Home Depot are some of the household names associated with recent high-profile data breaches. But recent statistics strikingly reveal that cybercrime is an equal opportunity threat.
The number of records compromised by data breaches grew from 93 million in 2012 to 1 billion in 2014, according to a recently released Foley & Lardner white paper on cybersecurity co-authored by Boston partner Matthew A. Karlyn. The white paper also reports that the annual cost of intellectual property theft has grown to an estimated $538 billion globally.
But smaller scams also are on the rise. The FBI’s Internet Crime Complaint Center, which receives complaints from the general public on suspected Internet-facilitated crimes, reports more than $800 million in documented losses from Internet crimes last year. The center logged 4,182 complaints with associated losses of $12.3 million from Massachusetts alone in 2014.
Nearly 30 percent of the total losses were due to business email compromises, e.g. when criminals hack or spoof business executives’ email accounts and request that vendors, customers or other contacts send payments to fraudulent accounts. Twelve percent of the complaints received by the center had a social media component.
“[T]he increased use of social media has provided a quintessential goldmine of personal data for perpetrators,” the center’s 2014 Internet Crime Report states. “More victims are submitting complaints documenting how social media was utilized to perpetrate frauds, or indicating the perpetrator initiated a relationship through social engineering.”
During a recent presentation at Elysium Digital, a Boston consulting firm that assists law firms in disputes involving computer technology and electronic evidence, FBI Special Agent Carmine Nigro said that New England is a particularly “target-rich environment.” The FBI’s Boston division (overseeing Massachusetts, Maine, New Hampshire and Rhode Island) contains 600 cleared defense contractors, 200 colleges and universities, and a concentration of intellectual property-dependent industries such as biotechnology and pharmaceuticals, he said.
“Unfortunately, there is a lot here for our opponents to steal,” Nigro said. “It’s not just about protecting [Raytheon’s] Patriot missile. … The rapid growth of technology has increased the opportunities and methods for corporate espionage.”
Due to the sensitive information law firms possess from a variety of clients, Nigro said, the FBI is seeing a spike in firms being targeted, especially those that do work overseas.
As Nigro discussed some local cybercrime cases that resulted in prison sentences measuring six to 18 months, William S. Rogers Jr. of Boston’s Prince, Lobel, Tye remarked that cybercrime penalties are “woefully inadequate” to ensure deterrence.
Nigro said the FBI hopes to convince Congress to pass laws enhancing cybercrime penalties but that, in the meantime, educating employees on the threat and enacting countermeasures are the best defenses.
Cybersecurity spending already is near $70 billion a year and growing at roughly 10 to 15 percent annually, according to a recent RAND Corp. report. Based on its interviews with 18 chief information security officers, RAND predicts cybersecurity costs to increase 38 percent over the next 10 years.
“Most of the increase is accounted for not by the increase in the losses from cyberattacks,” RAND’s report states, “but from the cost of increasing the efforts to restrain the losses from cyberattacks.”
Complaints received by FBI’s Internet Crime Complaint Center, 2014 | ||
Complaints | Total loss | |
Massachusetts | 4,182 | $12,309,742 |
Connecticut | 2,295 | $11,478,793 |
New Hampshire | 904 | $3,025,825 |
Maine | 726 | $843,184 |
Rhode Island | 582 | $1,525,758 |
Vermont | 382 | $1,165,746 |
Source: 2014 Internet Crime Report |