Paul Fishman knows where to find the people who are bad for business in the state: Behind a keyboard.
“The use of the computer is the tool to steal in the way that people used to steal with a gun,” the U.S. attorney for New Jersey said in an editorial roundtable at NJBIZ last week. “You can steal an enormous amount more money by clicking on your computer screen in one second than you can by walking into a bank with a gun.”
Fishman said his staff is on constant lookout for cybercrime, but the real fight must start at the company level. Businesses, he said, vary in their level of preparedness for cyber attacks with even the most secure having room for improvement.
“Some companies are a zero,” Fishman said of corporate preparation. “Some companies are probably at a nine. I don't know if anybody's at a 10.”
George Waller, executive vice president and cofounder of StrikeForce Technologies, an Edison-based company specializing in data breach and cyber theft prevention, considers Fishman's estimate generous at best.
On his scale, any company still using a username and password for login purposes “should automatically get a zero.”
Waller said that the most secure companies are the ones most sought by criminals — banks. Waller is more concerned about midsized businesses, especially those that collect large databases of personal information.
“Your average company, they are nowhere near secure,” Waller said.
Since assuming the office in 2009, Fishman said he's seen a significant spike in computer crimes, noting “we have a much larger computer hacking unit than we had when I got here.”
In July, his office announced the federal indictment of five Russian and Ukrainian men who allegedly conspired to steal more than 160 million credit card numbers and millions of dollars as part of a global data breach operation targeting major corporations. A U.S. Department of Justice statement released at the time referred to it as the largest such scheme to ever be prosecuted in the United States.
Fishman said his office is working with New Jersey's business community on the issue, having previously offered a cyber security conference in 2010 for executives, lawyers and chief technology officers. He said that he's looking to plan another conference later this year.
One of the chief messages for a future conference would likely be the importance of two-way communication.
In the past, Fishman said, companies that fell victim to cybercrime were embarrassed to report it to authorities, concerned that doing so would lead to a drop in market shares and stock prices.
But in stressing a cooperative approach, Fishman said his office has the proper resources to not just investigate crimes, but to identify and prosecute offenders as well, while looking for patterns at other companies that may have been attacked.
According to an annual data breach cost study released earlier this year by the Ponemon Institute and Symantec Corp., it's getting cheaper for companies to prepare for and deal with data breaches. The study sampled 54 U.S. companies in 14 industry sectors that experienced data breaches.
Following a pattern seen in the 2012 study, the report indicates both the organizational costs of data breaches as well as the costs associated with lost or stolen records, have declined. The trend, according to the study, is partially due to companies' use of data loss prevention technologies, and “suggests that organizations represented in this study continue to improve their performance in both preparing for and responding to a data breach.”
And as for corporate concerns that reporting a cyber attack might cost them customers, the study also concludes that more customers are remaining loyal to companies after being notified of a data breach than in years past.
E-mail to: firstname.lastname@example.org
On Twitter: @andrgeorge