For consumers who have received alerts, emails or seen the news reports, the segment from the popular CBS newsmagazine was a reminder of how much of a threat cyberthieves pose to the biggest companies and their customers’ payment cards. Cybersecurity experts told Whitaker that it’s an uphill battle that the industry essentially can’t completely win.
Here’s likely the most startling revelation from the 60 Minutes segment.
“On average, the breaches from the time of infection, from when the bad guys get in to the time they are discovered, is a whopping 229 days. 229 days,” Dave DeWalt, CEO of FireEye, a cybersecurity company, told Whitaker.
FireEye gets hired to keep hackers from getting into a company’s network or getting them out after there’s been a breach.
“Forensic investigations reveal that 80 percent of security breaches involve stolen and weak passwords,” Whitaker says. “One of the most common is: 123456.”
Brian Krebs, the blogger from Krebsonsecurity, who scooped everyone late last year on the Target breach, was also featured.
The theft of 40 million credit cards from Target was followed by news of a breach at Michaels stores involving more than 2 million credit cards. Then came P.F. Chang’s. And in September, Home Depot said that 56 million of its customers’ credit card numbers were stolen.
The Target breach lasted for a little more than three weeks, Krebs said on 60 Minutes. But hackers managed to hit Target at the busiest time of year for the company.
Whitaker says: “There are scores of sinister online shopping bazaars where cyberthieves put their goods up for sale. Think Amazon.com for thieves. This is where Krebs does his detective work.”
Brian Krebs told Whitaker that the fraudsters who purchase the stolen card data can get a decent return. “If you buy a card for 20 bucks and you can make 400 dollars off each card, that’s a pretty good return on your investment.”
See the 60 Minutes segment “Swiping Your Card” below: