Data Breach Threats Changing, Becoming More Sophisticated, DOJ Official Says
Data breaches occurred 10 years ago, but are much more common today, said Michael Stawasz, Department of Justice deputy chief-computer crime, during a panel Thursday sponsored by FCBA. When people think of data breaches, they think of Target and the theft of personal information, he said. “We do a lot of those cases,” Stawasz said. “But today, the model is changing. The market is saturated with people’s information,” the price of stolen data has decreased and cyberthieves are looking for other ways to make money, he said. “Their new business model is. 'I’m just going to mess with you and get you to pay me to stop,'” he said. “Ransomware” has become easier to do and it’s easier to profit from virtual currencies, he said. “Virtual currencies allow them to scale that model to a much larger degree and now you see mass market ransomware.” There has been an “evolution” in the kinds of risks companies face on data breaches, said privacy lawyer Colleen Brown of Sidley Austin. The playing field has changed significantly in recent years, she said. Who is behind the threats, the kind of data targeted and motives have all changed, she said. “Now we have those hacktivists, who aren’t necessarily motivated by financial concerns,” she said. “You have the disgruntled insiders. … The people you’re up against are increasingly sophisticated. They’re increasingly better resourced. … Sometimes these can be very, very large groups of organized individuals.” The threat isn’t domestic, with many perpetrators living in other countries and some even state-sponsored, she said. “This is a very different playing field and there are different fronts to the war.”