Michael Kessler has seen cybercrime at its worst.
The computer forensics expert and accounting fraud investigator has helped build cases against child pornographers and uncover the facts behind creepy accounting practices.
But what keeps Kessler awake at night aren't your typical criminals.
Like any other company with remote employees and hordes of spam, Kessler has to do his best to guard against malware infecting his systems. He said his Web site, investigation.com, is under constant attack, and he recently purchased an insurance policy to offset the financial risk of a data security breach.
"You could have the best practices in place … but we find in more cases than not that its human error, not machine error that causes the problems you see today," Kessler said.
Kessler has watched computer crime evolve for more than 35 years. He started his computer investigative firm, Kessler International in 1988 after serving in New York as its chief of investigations for the Department of Tax and Finance. He also served as director for its Revenue Crimes Bureau, deputy inspector general for the N.Y. Metropolitan Transportation Authority, and assistant chief auditor and investigator for the New York State Special Prosecutor.
Today nearly everyone is affected by cybercriminals, Kessler said. The latest report supports Kessler's observation. Global spam volumes have doubled this year to 120 billion messages daily, according to a new report from Cisco Systems-owned ironport Systems. And the messages are getting more sophisticated as spammers target employees with email that looks valid but is designed to spread malware and steal sensitive information.
"We thought spammers were Einsteins because they used a different way to package up their message with just one file type," said David Mayer, an Ironport product manager. "But in June they went from one file type to three or four."
Spam will never be brought under control as long as there is money to be made, Kessler said.
"It's always going to be a cat and mouse game," Kessler said. "As fast as the vendors put their technologies in place, the bad guys find out about it and come up with methods to destroy the technology or simply come up with a technology themselves and use it against the manufacturers. They're always one step ahead."
To guard against Microsoft Outlook Web Access getting into the hands of a hacker, Kessler uses technology from Ontario, Canada-based Messageware Inc. to secure intellectual property and terminate inactive sessions. But some of his techniques are less technical. For example, he uses software in-house to block spam and then has a person go through the quarantine daily to strip out valid emails.
"In our business we have to be careful about the methods we use to block spam," Kessler said. "We do business with mortgage companies and deal with child pornography cases, so we can't just identify specific words because many valid emails would get blocked."
The risk of sensitive data loss as a result of email messaging is increasing tremendously, said Mark Rotman, president and CEO of Messageware.
"I think that if you look at what's in email today – if you're a CFO, you have draft financials being passed around. If you're in a law firm you've got case information and a development group could have plans for next generation products," Rotman said. "Email is a line of business now and it has to be treated with more respect."
A recent report from Elk Rapids, Mich.-based research firm, the Ponemon Institute, found that the costs associated with a data breach grew to $197 per compromised record, an increase of 8% since 2006 and 43% compared to 2005. The risk associated with a data leakage has increased so much that Kessler purchased an insurance policy to cover costs associated with data notification or serious lawsuits.
"Once firm like mine has had a data breach the confidence level of my clients would drop tremendously," Kessler said. "We have to have everything in place in order to make sure it doesn't happen, but if it does we need to immediately get a team in there to make the public aware and build back the confidence."