Data Breach Trends - Mary Monahan, Javelin Strategy & Research

Credit EligibleAs a GovInfoSecurity.com annual member, this content can be used toward your membership credits and transcript tracking. Click For More Info

The targets are getting bigger, the fraudsters bolder, and we all have a whole lot more at stake to lose.

This is the message from Mary Monahan, Managing Partner and Research Director at Javelin Strategy & Research. In a discussion of current data breach trends, Monahan touches upon:

Monahan has 10 years of financial services industry experience. Her banking background includes extensive managerial experience working with growth businesses, strategizing and implementing cross-sectional financial plans to accommodate multiple projective scenarios. As a college educator, Ms. Monahan's work focused on current issues in accounting and economics.

Javelin, based in the San Francisco Bay area, provides direction on key facts and forces that materially determine the success of customer-facing financial services, payments and security initiatives.

TOM FIELD: Hi, this is Tom Field, Editorial Director with Information Security Media Group. We are talking today about data breach trends, and we're talking with Mary Monahan, Managing Partner and Research Director with Javelin Strategy and Research. Mary, thanks so much for joining me today.

MARY MONAHAN: Thank you for inviting me.

FIELD: Mary, what data breach trends have you noted so far in 2009? I know this is something that Javelin pays a lot of attention to.

Click to Get Updates on the Latest Information Security News

Company* Title* Email* Subscription Type: HTML Text Government Enews General Government Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Banking Enews General Banking Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Credit Union Enews General Credit Union Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Need Help?

MONAHAN: Fraudsters are definitely taking advantage of website vulnerabilities. This is a common trend that they have been taking advantage of these website vulnerabilities and then identifying them over and over and over again to download package sniffers, open back doors, and off-load credit and debit card information. That is definitely a trend that we did see at the beginning of 2008, but it is up in 2009.

FIELD: Well, how would you say that the breaches are trending different, if at all, this year from last year? Are there more, are there fewer, are they different?

MONAHAN: What we are seeing is the criminals are moving up the food chain. They are going after -- last year we saw them at the restaurants; this year they are at the processor, the restaurant processor. So they are definitely moving up the food chain. The Heartland breach with 130 million credit and debit cards is a lot bigger breach. So they are taking what they are learning at the smaller breaches and moving up that food chain. Using the same types of messages, but refining them as they go along, so last year where we might have been able to find that package sniffer, now they are learning to erase traces of the sniffer on their computer program.

FIELD: So clearly they are getting smarter and they are aiming higher?

MONAHAN: Definitely.

FIELD: It begs the question: What is next on the food chain? As you say, we saw sort of the restaurants and the institutions targeted last year; this year you see Heartland. What would the next logical targets be?

MONAHAN: Well, I would think the next logical target, if they could get in, would be the card networks. That is where they are aiming. That is where the largest amount of data would be, so that is where they are headed.

FIELD: So it always comes back to the old adage about bank robberies: You go there because that is where the money is.

MONAHAN: Exactly. And what we are also seeing, and this will be new, is that because there is so much data being stolen that they are going to have to kind of change. We see them changing their target. So because there are so much credit and debit card numbers out there that this data is becoming less valuable. So they are going to start targeting other types of information.

FIELD: Interesting. So they are devaluing their own work?

MONAHAN: Exactly, and so what we will begin seeing, we believe, is more targeted pin thefts. So they have learned how to decrypt PINs we saw, and now they are going to be targeting, we think, more pin thefts.

FIELD: Not specific to banking and banking institutions, what are the types of things that the institutions need to watch out for this year?