The theft of 1.2 billion usernames and passwords by Russian hackers in a series of Internet heists affecting 420,000 websites is “likely the largest and therefore most significant and catastrophic cyber breach to date,” part of a growing trend of attacks that governments, businesses and individuals need to respond to with a sense of urgency, according to one expert.
“This is the greatest criminal threat of the 21st century,” said Anthony Roman, president of Roman and Associates, a global investigation and risk-management firm. “The most sophisticated cyber criminals are capable of hitting utilities, governments, banks, corporations — elements that keep society’s autonomy and infrastructure functioning.”
Alex Holden of Hold Security, whose firm uncovered the breach, said the Russian hackers had been collecting databases of personal information for years but they recently unleashed a new online attack technique that quickly shot from computer system to computer system.
“Their cache of stolen goods grew quite quickly,” Holden said.
In June, the Center for Strategic and International Studies in Washington, D.C., estimated the total cost of cyber crime to be $575 billion per year. And that figure may not account for all of the loss of intellectual property and litigation that can result from the theft of data such as the credit card and personal information stolen from more than 100 million Target customers last year, at a cost to the company of $148 million in the second quarter.
“Although we’re never going to be able to stop all these crimes, we can deter them,” Roman said. “We can minimize their effect.”
Roman and Gus Coldebella, a partner at the law firm Goodwin Procter and former general counsel for the Department of Homeland Security in the George W. Bush administration, offered tips on how to deter attacks:
• Never use the same username and password across multiple sites. Passwords should be changed regularly and include upper- and lower-case letters, numbers and symbols.
• Never click on a link in an email from someone you don’t know.
• Use antivirus software and, to safeguard particularly sensitive information, use encryption software.
• A company’s board of directors should have oversight over its information technology department, as well as an outside contractor to assess security.
©2014 the Boston Herald