Each year, InformationWeek gives a fellowship award to a student at Carnegie Mellon University who we think has an innovative idea, a compelling research project, or a groundbreaking product that's designed to advance business technology. Our recipient this year is Gregory Bednarski, a graduate student at the H. John Heinz III School of Policy at CMU. Greg has spent many months studying the impact of cyberextortion on U.S. business.
We're all aware of the damage that viruses, phishing, and other security breaches have on businesses. But cyberextortion is one of the most complex and potentially damaging exposures for businesses, and many don't prepare for it. According to Greg's research, 17% of the 100 small businesses he surveyed have experienced some form of cyberextortion. And that's a conservative number, according to some security experts.
Here's an all-too-real scenario that Greg describes: "A typical Monday. ... After answering or filing your important messages, you come across a note titled 'Customer Information,' but from an unfamiliar sender. You open the message only to find a listing of your largest customers' accounts, credit, order histories, and forecasts. ... Attached to the information is a simple threat: give us cash, or this information goes public. $27,000 divided equally and deposited into three separate foreign accounts, all in a country with tenuous relations with your government, before the week's end. What do you do?"
So, what do you do? This week, our security expert, George V. Hulme, digs deeper into the data, talks to victims of cyberextortion, and provides some tips on how to thwart it and what to do if it happens to you (see "Extortion Online"). Greg's full report is available at http://www.informationweek.com/1005/report.htm.
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.