PORTLAND, Ore. (KOIN) — If you have an internet connection, chances are your personal information has been or will be breached.
“Our information is out there,” Ellen Klem at the Oregon Department of Justice said. “Criminals are using it against us and it’s a huge risk.”
Virtually every business in the United States has been a victim of cyber crime.
“The scammers are constantly changing their tactics. The technology is constantly evolving,” Klem said.
The average annual loss per hack in the U.S. is about $17 million and it could cost businesses more than $2 trillion by 2019.
Typically it’s the bigger hacks like Yahoo or Equifax that make all the headlines, but your private computer, small business, even social media profile, are all at risk.
“This is pervasive and it’s massive,” said Lewis Howell, the founder and CEO of Hueya Inc., a cyber security firm based in Bend.
“It can destroy reputation,” Howell said. “That’s the reputation of the business, the individual. We’re talking about fraud. We’re talking about loss of money.”
The most common cyber-scams are known as phishing and ransomware. With phishing, the hacker will typically send an email with a link that seems relevant and real, like a password change. Once you click it, it’s too late.
“So then you’re like ‘oh no, what do I do?’ So you change your username and password. Actually that was a hacker, that was a scammer,” Howell said.
Ransomware is a little different and usually a business is the target. It will try to get an employee to install something on their computer, steal sensitive information, then hold it hostage.
“Ransomware is very quickly going to lock up your data and your information and you’re either going to have to pay something or lose that data completely,” Howell said.
Cyber security experts have known about these common breaches for a long time, but as digital security measures have evolved, the criminals have adapted. Hackers are not going after people’s private online activities to get to the company. This is what Howell refers to as the human factor.
“Basically all of us are at risk,” Howell said.
As we connect through social media with friends and co-workers, intertwining our profession and personal lives online, the hackers use it as a bridge to get what they want.
“I can be hacked here, in my personal life, to get into the organization,” Howell said. “The organization can be hacked to launch a spear fishing attack against me as well.”
In 2016, data was lost or stolen every 35 seconds. That’s 2,116 incidents every minute or more than 126,000 every hour, adding up to a whopping 3 million times every day, according to research from Gemalto Security.
“When you think about it, it’s your data that you can never recover,” Special Agent George Chamberlain with the FBI said. “Once it’s out, it’s out.”
Chamberlin heads a cyber security task force for the FBI. He said tracking some of these criminals down is one of the hardest tasks in law enforcement.
“Some of the subjects are located overseas or the infrastructure they’ve passed through is overseas so collection of evidence can be challenging,” Chamberlain said.
Chamberlain, Lewis and others said Oregon is trying to get the phishers and attackers through legislation and action with measures like the Cyber Oregon Initiative, a collaboration between the private and public sector working against a common enemy.
“Oregon has taken a lot of positive steps in the last 2 years, as have many states, to address the issue,” Chamberlin said.
The Oregon Department of Justice is also joining the virtual fight
“It’s a constant battle and a constant struggle to identity the scammers and bring them to justice,” Klem said.
The DOJ is constantly looking for ways to better protect people and businesses through its breach database, available to anyone online, a consumer hotline and other easily accessible resources because this new wave of criminals is relentless.
“They are aggressively pursuing the $10 scam as they are the $10,000 scam,” Klem said.
“If someone attacks my house and take my stereo or something, that’s bad, you know?” Howell said. “But if they have this information and use that information constantly throughout the rest of my life, that’s a real problem.”
Experts want businesses to take notice because as Howell said, “This is just the tip of the iceberg.”
Oregon Department of Justice “6 Signs It Is A Scam”
- Scammers contact you out of the blue
- Scammers claim there is an “emergency”
- Scammers ask for your personal information
- Scammers want you to wire money
- Scammers tell you to keep it a secret
- Scammers make it sound too good to be true