Tag Archives: loss

2012 Internet Crime Report

Some snippets from the Internet Crime Complaint Center 2012 Report released last week —

  • Almost 290,000 complaints received
  • Total Loss over $500 million
  • 8.3% increase in total reported loss since 2011
  • Average dollar loss for those reporting loss over $4,500
  • 43% of complainants in 40 – 59 age group
  • Top states by complaint count:
from Internet Complaint Center 2012 Report

from Internet Complaint Center 2012 Report

  • Top 5 countries filing complaints by count:

US
Canada
UK
Australia
India

  • FBI Impersonation E-mail Scams — over 14,000 complaints totaling over $4.6 million in losses (40% more men reported complaints than women)
  • Intimidation/Extortion Scams — over 8,000 complaints totaling almost $11 million in losses (60% more women reported complaints than men)
  • Hit man scams continue (where emailer portrays him/herself as a hit man demanding money not to execute contract) — over 1,300 complaints.  Uptick in social media use in executing this scam

More on Internet Crime Complaint Center here.

 

Lions and Tigers and Bears

In this age of exponentially growing information risk, we can become like Dorothy was early in her journey and focus only on the things that can go wrong. We can get so caught up in what can go wrong that we forget to take inventory of what needs to go right.

Lions and tigers and bears ...

Lions and tigers and bears …

Over lunch recently, a friend of mine with a career in risk management shared a helpful perspective on this.  Instead of always approaching risk as trying to think of everything that can go wrong, think of what must go right first. That might sound like two sides of the same coin, but I think it is more than that. This approach helps to prioritize efforts and resources.

It’s easy to get caught up in trying to create an exhaustive list of everything that can go wrong. A problem with this is that it can:

      1. be overwhelming to the point of analysis paralysis, and
      2. tend to identify risk that may not be relevant to your situation. 

There are some risks that may not be immediately pertinent to you. For example, the latest specification for encryption for data at rest for DOD contractors might not be at the top of your list.  However, having an always-on internet connection so that you can make company website updates might be.

Take the hypothetical of a bike shop with three stores.  Some things that must go right for the owner might be:

  • Internet connection constant for running credit cards
  • Customer information (to include personally identifiable information) retained for billing and marketing and only accessible by authorized employees
  • Bookkeeper has secure connection to financials from outside the stores
  • Safe, secure workstations available 6:00 am – 6:00 pm for employees
  • 24/7 access to current inventory across all stores

These are some pretty basic requirements, but they help to prioritize need. By looking at these requirements for things to go right, what are things that can prevent this from happening? What’s the risk of loss of internet connection? Are we sure that customer information is available to only authorized employees?   What kind of connection is the bookkeeper using? Do the workstations have regular anti-virus updates? Are there policies/guidelines on workstation use by employees? If the computer with the store inventory fails, is there backup? How quickly does it need to be recovered?

In spite of the risks of lions, and tigers, and bears, Dorothy was able to return to her mission and seek the Wizard. We must do the same and not lose sight of our business objectives in our analysis of the lions and tigers and bears.

 

Can you name 5 things in your organization that must go right for you to be successful? What vulnerabilities do these objectives have? What threats do they face?