ANTenna Blog -- Security

Things are tough all over, as a new report on the drop in the value of stolen bank data shows. But as stolen bank info drops in price, you can bet that the crooks are going to be looking elsewhere to make up the difference. And small and midsize business data is definitely one of the elsewheres.

Banks are where the money is, Willie Sutton said in explanation of why he robbed them. That was true, of course, but it's so Twentieth Century.

Today, valuable financial and business data is everywhere -- and so are the crooks.

As a result of stolen bank info's decline in price -- a stolen PIN once worth a hundred bucks now might fetch twenty or ten -- Security firm Finjan warns that the crooks are going to be going even more aggressively after non-bank information.

The reason for the price-drop? Business!

In a quarterly report, Finjan argues that cycbercrime has become a highly organized bigbiz operation, run like a business and increasingly targeting new "markets" beyond the financial sector. Success in grtabbing bank data has clotted the market with the stuff -- lowering its value.

In response, cybercriminals are broadening and deepening their information-stealing efforts, and doing so in an orderly, planned way. Just like a well-run business would.

And, like any well-run business, the organized cybercrime cartels are driving increased efficiencies through automation, constantly scanning and probing for any vulnerability that can be exploited.

Once inside, they're going after personnel files (rich in Social Security and other confidential information), e-mails that might contain credit card and other numbers, corporate reports and so on.

HR departments (and independent vendors) are a particularly juicy target, with healthcare and medical records are of particular interest because of their potential for generating false but fillable prescriptions.

The point is that you're facing an exceptionally well-organized criminal environment, one that's getting better organized and more aggressive every day.

Be on guard at every level of your company, and make sure your vendors, contractors, partners, customers and above all your employees are too, whatever the nature of your business: banks aren't the only place the money is any more.

And the crooks know it.

Finjan's examination of the organizational structure of cybercrime operations is as fascinating -- and chilling -- as anything you'll find in a thriller, and makes compelling reading.

The details can be found in Finjan's Q2 2008 Web Security Trends Report, downloadable here after taking a survey; no registration required.