IBM's 2021 Cost of a Data Breach Report
How much does a data breach cost?
The annual Cost of a Data Breach Report, featuring research by the Ponemon Institute, offers insights from 537 real breaches to help you understand cyber risk in a changing world. Now in its 17th year, this report has become a leading benchmark tool, offering IT, risk management and security leaders a lens into factors that can increase or help mitigate the cost of data breaches.

Key Findings

2021 had the highest average cost in 17 years
Data breach costs rose from USD 3.86 million to USD 4.24 million, the highest average total cost in the 17-year history of this report.

Remote work due to COVID-19 increased cost
The average cost was USD 1.07 million higher in breaches where remote work was a factor in causing the breach, compared to those where remote work was not a factor.

Compromised credentials caused the most breaches
The most common initial attack vector, compromised credentials, was responsible for 20% of breaches at an average breach cost of USD 4.37 million.

Security AI had the biggest cost-mitigating effect
Automation and security artificial intelligence (AI), when fully deployed, provided the biggest cost mitigation, up to USD 3.81 million less than organizations without it.

A zero trust approach helped reduce cost
The average cost of a breach was USD 1.76 million less at organizations with a mature zero trust approach, compared to organizations without zero trust.

Cloud migration impacted costs and containment
Organizations further along in their cloud modernization strategy contained the breach on average 77 days faster than those in the early stage of their modernization journey.

Read the full report here

Best Article On Cyber Gangs HR/Org. Structure
The Secret Vulnerability of Cybercriminals: Burnout

Police should focus less on the leaders and more on the legions of cybercrime workers and the networks they maintain

Cybercrime has grown into a huge industry increasingly based on division of labor and specialization. The predominant business model is what has become known as cybercrime-as-a-service. For the most part, a group of artisans build sophisticated digital tools, and a much larger community of people buy them and use them to commit cybercrimes.

At the low end of the scale, teenagers are paying a $5 monthly subscription fee for so-called booter services, which allow them to direct botnets-networks of commandeered computers-to knock rival videogame players offline with denial-of-service attacks. More-harmful services, such as ransomware attacks, are managed in a more business-to-business manner, requiring a lot more money. What the whole range of services have in common is that the users need almost no technical skill. For that, they rely on the providers, who not only sell them the necessary tools but also offer technical support.

This all relies on substantial criminal business operations, centered on networks of computer servers. And that has created a range of boring but essential jobs keeping these businesses' hardware humming and managing their customers. People need to set up servers, manage networks of infected computers, get a website up and running and oversee payment systems. When a customer can't get your service to work, or they threaten to move to one of your competitors, you need community managers and support staff ready to respond, to avoid losing business. wsj.com

Editor's Note: This article is probably the best article we've ever seen on the human resource breakdown and organizational structure of the industry itself and how it operates and delivers it's various services and the sheer size of the support structure. It takes the glamour of the successful hacker and breaks it down to the daily drudgery of all businesses. Worth the price to pay just for this article and incredible infographic.

Super Successful $60M BEC Gang of 4 Busted & Now In U.S. Federal Prisons
International money launderer gets 140 months federal prison in cyber-crime conspiracies responsible for intended loss of nearly $60 million
A Canadian man who conspired to launder tens of millions of dollars stolen in various wire and bank fraud schemes - including a massive online banking theft by North Korean cyber criminals - has been sentenced to nearly 12 years in federal prison.

Ghaleb Alaumary, 36, of Mississauga, Ontario, was sentenced to a total of 140 months in prison after pleading guilty to two counts of Conspiracy to Commit Money Laundering. He was also ordered to pay $30,703,946.56 in restitution to victims and to serve three years of supervised release after completion of his prison sentence. There is no parole in the federal system.

"This defendant served as an integral conduit in a network of cybercriminals who siphoned tens of millions of dollars from multiple entities and institutions across the globe," said Acting U.S. Attorney Estes. "He laundered money for a rogue nation and some of the world's worst cybercriminals, and he managed a team of coconspirators who helped to line the pockets and digital wallets of thieves."

Alaumary and his coconspirators used business email compromise schemes, ATM cash-outs, and bank cyber-heists to steal money from victims and then launder the money through bank accounts and digital currency. He previously pled guilty in the Southern District of Georgia in two money laundering cases.

"Small and large companies, a university, banks, and others lost tens of millions of dollars in this scheme. Alaumary's sentence today reflects how seriously the Department of Justice considers the critical role that money launderers play in global cybercrime."

Alaumary is the fourth defendant in this investigation sentenced in the Southern District of Georgia. Uchechi Ohanaka, Kelvin Desangles, and Jennal Aziz previously pled guilty in federal court to fraud felonies and were sentenced to terms totaling more than 200 months in prison. justice.gov

Retail Set to Overtake Banking in AI Spending

Continuing e-commerce surge among factors driving sector to invest more in the technology

Retail is poised to overtake banking as the top spender on artificial intelligence as companies including Home Depot Inc. and Wayfair Inc. turn to the technology for a wider range of operations, from inventory management to more personalized online search and shopping, according to market researcher International Data Corp.

"Everything you can think of in almost every part of retail is being powered by AI," "You cannot really operate anymore without having the heavy investment in machine learning,"

The global retail sector is expected to spend $11.8 billion on AI this year, up from $9.36 billion in 2020, according to a new IDC forecast. Spending in the sector is expected to grow at a compound annual growth rate of 25.5% between now and 2025.

Retailers are increasing their AI spending to improve the customer experience and boost sales recommendations amid rising e-commerce activity sparked by the pandemic.

Home-improvement chain Home Depot is in the early stages of rolling out a machine-learning system to spot products that need to be restocked on store shelves. The system uses computer vision, an AI technology that can analyze camera images to track the stock on the shelves of individual stores. It crunches that information along with past shopper buying patterns around events such as holidays, daily product sales and other data to anticipate when shelves will need to be stocked. wsj.com

The 10 most powerful cybersecurity companies

What makes these 10 security vendors the biggest power players? We break it down.

COVID-19 has changed the face of security forever. The perimeter defense model, which had been slowly crumbling, has now been shattered. Employees are working from home, many of them permanently. Applications are shifting to the cloud at an accelerating pace. Enterprise security today is all about secure remote access and protecting cloud-based assets. That means enterprises need to deploy SD-WAN, secure access service edge (SASE) and zero trust network access (ZTNA).

Back-to-Basics: Choose Trusted Partners
As small and medium businesses begin to re-open following the pandemic, it's important to do so securely in order to protect customer's payment card data. Too often, data breaches happen as a result of vulnerabilities that are entirely preventable. The PCI Security Standards Council (PCI SSC) has developed a set of payment protection resources for small businesses. In this 8-part back-to-basics series, we highlight payment security basics for protecting against payment data theft. Today's blog focuses on choosing trusted partners.

It's critical you know who your service providers are and what security questions to ask them. Is your service provider adhering to PCI DSS requirements? For e-commerce merchants (and those of you that recently started accepting e-commerce payments in lieu of face-to-face payments), it is important that your payment service providers are PCI DSS compliant, including the service provider that manages your payment process (your "payment service provider" or PSP). blog.pcisecuritystandards.org
 

Register Now: NJ Cannabis Insider Fall Conference

September 23, 2021 | 10:00 AM to 5:00 PM | Carteret, NJ

Join the New Jersey Cannabis community at New Jersey's premier cannabis business conference. Our multi-track conferences feature an impactful combination of general sessions, breakout discussions, networking and vendor exhibitions. Get ready to meet key industry leaders, learn best business practices in all areas of the industry, no matter your level of expertise. Some areas of focus will be:

● The ins-and-outs of N.J. licenses and regulations.
● Working with municipalities.
● Banking and finance.
● Building the right facility.
● The opportunity for small cannabis businesses in N.J.
● And more.

Get your tickets & see the complete list of speakers here
 

Former Amazon Employee Pleads guilty to Involvement in $100 Million Marketplace Fraud Ring
Rohit Kadimisetty, who after leaving Amazon in 2015 launched a consulting firm for third-party sellers, admitted Wednesday that he conspired to commit bribery across state and national borders. Federal attorneys are recommending that Kadimisetty be sentenced to up to five years in prison and pay a fine of up to $50,000, less than the maximum recommended fine of $250,000.

In his plea agreement filed in U.S. District Court in Seattle, Kadimisetty said he bribed former Amazon colleagues in exchange for confidential information about sellers on the platform. The information gave Kadimisetty's clients an "unfair competitive advantage on the Amazon Marketplace," according to the plea agreement.

Kadimisetty also admitted to paying Amazon employees to disable other sellers' product listings to route shoppers to the listings of Kadimisetty's clients and those of his co-defendants. And he acted as a go-between to help other Marketplace consultants arrange similar services on behalf of their clients, according to the plea agreement.

The U.S. Attorney estimated last year that the monetary toll of the fraud ring was in excess of $100 million, a sum that includes the proceeds of merchants who benefited from the conspiracy, lost sales on the part of their competitors and costs to Amazon.

Amazon "has systems in place to detect suspicious behavior by sellers or employees, and teams in place to investigate and stop prohibited activity," said spokesperson Craig Andrews in a statement. "There is no place for fraud at Amazon and we will continue to pursue all measures to protect our store and hold bad actors accountable."

No Amazon employees have been indicted as part of the investigation. seattletimes.com

Original Article of Case Dated Sep. 18, 2020
Fraud ring bribed Amazon employees for better online sales, feds allege
At least 10 Amazon employees took bribes to help third-party merchants boost sales on the company's website, according to a federal indictment filed Friday.

The indictment charged six U.S.- and India-based consultants, working on behalf of third-party merchants who sold on Amazon's Marketplace platform, with conspiracy and wire fraud. The consultants allegedly paid nearly $100,000 in bribes to Amazon employees, who in exchange reinstated merchants' suspended accounts and products on Marketplace, facilitated attacks against competitors, gave away network access privileges, shared proprietary information and circumvented internal regulations to boost merchants' sales.

No Amazon employees were charged, but that doesn't preclude future action against the workers who took bribes, said U.S. attorney spokesperson Emily Langlie.

All told, the U.S. attorney estimates the scheme took a monetary toll in excess of $100 million. Part of that sum represents the merchants' proceeds from Marketplace sales between 2017 and the present, secured by bribes that brought them unfair competitive advantages. The rest comprises lost sales on the part of competitors, and costs to Amazon.

Consultants paid Amazon employees for intelligence on competitors' revenue, customers, advertising campaigns and supplies, as well as to suspend competitors' accounts and flood their product listings with false and negative reviews, the indictment alleged.

In some instances, the consultants launched "self-styled 'takedowns' " against competitors, replacing product listings with "lewd and offensive" content "designed to drive away consumers and intimidate the victims," according to the indictment.

The indictment provides a clue into why consumer watchdogs have continued to find goods listed on Marketplace that are dangerous or fake, despite Amazon efforts to swiftly remove counterfeits.

The indictment alleged that employees were bribed to reinstate accounts and goods on Marketplace even after those had been suspended over consumer-safety and intellectual property complaints.

Amazon also sustained losses as a result of the scheme, the U.S. attorney alleged. In exchange for bribes, Amazon employees erased shipping information from the company's computer network, prompting Amazon to issue refunds to the sellers. seattletimes.com

Miami, FL: Three 'Cyber Grave Robbers' are arrested for 'stealing the identities of Surfside condo collapse victims so they could take out credit cards'
Betsy Medina, 30, Rodney Choate, 38, and Kimberly Johnson, 34, were arrested for allegedly stealing the identities of Surfside condo collapse victims. They were branded 'cyber grave robbers' by Miami-Dade State Attorney Katherine Fernandez Rundle. The three face charges of conspiracy to defraud, identity theft and using false documents, among other offenses. Each could spend between 15 and 30 years behind bars. The victims' bank accounts and credit cards were allegedly used to make expensive withdrawals and purchases less than a month after the collapse. The scammers were allegedly able to obtain names and birth dates from news coverage of the Champlain Tower disaster. Surveillance video from a shopping mall county allegedly showed the suspects purchasing items using the stolen information In total, the group of 'professional' identity thieves allegedly stole $45,000, and were prevented from stealing $67,000 more by loss prevention departments. local10.com

Brooklyn, NY: Armed Robber steals $100K in jewelry from Brooklyn shop in daring daytime heist
Robbery detectives in Brooklyn are looking for the armed crook who swiped $100,000 in jewelry from a store during a daring daytime stickup earlier this week. Police released on Thursday morning video footage of the robber behind the caper, which occurred at about 4:45 p.m. on Sept. 7 inside Prince Street Jewelers at 445 Albee Square in Downtown Brooklyn. As shown, the heavily-disguised crook walked into the location, pulled out a gun and fired a warning shot. Police said the bullet landed in the wall; no one was injured. amny.com

Collier County, FL: Two suspects accused of massive Walgreens theft
are towing children
On Tuesday, the Collier County Sheriff's Office arrested a man and a woman accused of stealing from Walgreens in North Naples while taking a two-year-old child. Investigators say the two suspects were involved in the crime, stealing about $ 3,000 from many parts of Walgreens in the state. according to CCSO Facebook PostCollier County Congressman arrested Terrell Eugene Darling and Alicia Longstreet after stating that he stole sanitary products from Walgreens on 2511 Pine Ridge Road.

The agent was patrolling saying he noticed Darling and Longstreet throwing items from their car into the woodlands next to the pharmacy. The item was determined to be a loss prevention security tag from other Walgreens locations. Investigators say the two suspects set foot in Walgreens with their children. So the agent followed them and said he saw the pair leave the store without buying the product, putting multiple containers of Rogaine and Crest White Strip for women in a bag.

Further investigation by the agent found that Darling and Longstreet were traveling in rental cars that were not leased to them. The agent searched the vehicle and found two large trash bags filled with crest white strips and women's Rogaine. All of these have Walgreens stickers on them. The item was stolen from Walgreens locations throughout the state for a total of $ 2,862.41. According to arrest reports, the Florida Department of Children and Family has placed a two-year-old child in custody of his or her godfather. facebook.com

Bethlehem, PA: Man charged in Wind Creek outlet burglary allegedly stole Coach bags honoring late artist
An 18-year-old man is accused of breaking into the Coach store in The Outlets at Wind Creek, and trying to steal thousands of dollars worth of bags honoring a late artist. Moises Orozco was sent to Northampton County Prison on felony and related counts. Bethlehem police say they were called about 4 a.m. Wednesday for a burglary in progress at the outlet mall attached to Wind Creek Bethlehem casino. Orozco was in the Coach store, which was closed at the time and had a window shattered, according to police. He was found holding a hammer used to break the window and in possession of $2,548 worth of items from the store, with security tags still attached, police wrote in court records. Along with a $216 pair of sunglasses, Orozco allegedly had six bags from Coach's line honoring internationally acclaimed Neo-Expressionist artist Jean-Michel Basquiat, who died in 1988 at age 27. lehighvalleylive.com

Naples, FL: Smoke Store Owner Claims To Be Losing Money To Apple Pay Fraud Scheme

Lincoln, NE: Woman shoplifts $600 worth of clothes at Costco