Cybercrime and cybersecurity are continually of increasing importance and concern for businesses and their data. Equiniti’s Chief Information Security Officer Sabrina Feng pulled back the curtain on today’s global state of cybercrime at EQ’s 2018 Annual Conference.
What is cybercrime?
There is no universally accepted definition of cybercrime, but it is often categorized into two buckets.
- Advanced cybercrime or high-tech crime: Attacks specifically against computer hardware and software.
- Cyber-enabled crime: This bridges the gap between the cyber and physical worlds. Many ‘traditional’ crimes have taken a new turn with the advent of the internet, such as crimes against children, financial crimes and terrorism.
Who are cybercriminals?
The traditional profile of a criminal is someone who has the ability to assert him or herself physically and force violence on others. This is in stark contrast to who we imagine as a cybercriminal - a socially inept person in a dark room behind bright screens. This century, the two groups have come together, and the intensity and impact of cybercrime has grown exponentially ever since.
The impact of cybercrime
The impact on the world’s economy cannot be understated as the reach of cybercriminals continues to expand. According to the World Economic Forum, $445 billion global economy is lost to cybercrime annually.
Characteristics of cybercrimes
Developments in technology have proved to be a catalyst in the world of cybercrime, making efforts organized, sophisticated and borderless. Law enforcement agencies must collaborate across borders to take down networks comprised of dozens of individuals. The image of a lone hacker behind a computer is no longer accurate. These criminal networks are compared to corporations due to their levels of organization and collaboration. Elaborate methods and processes are employed to accomplish significant heists and data breaches. Roles are spread across the globe to fulfill the needs of an operation.
The dark web makes cybercrime ubiquitous because it is not indexed by public search engines. While not all content is dangerous per se, it is a breeding ground for criminal collaboration and the exchange of illicit and illegal services. Products such as compromised financial credentials can be purchased from user-friendly sites that provide reviews and ratings. The dark web has proved to be a major cornerstone in the increasingly organized world of cybercrime.
Encryption and cryptocurrency are two innovations that have led to the increased complexity and efficiency of cybercrime attacks. Cryptocurrency, like bitcoin, simplifies paying and receiving ransoms, which has fueled ransomware attacks. These attacks lock down a computer through encryption and demand money in return. The level of sophistication allows for the scale of cyber-attacks to reach massive volumes of affected individuals and organizations.
The internet has no borders. A recent ransomware attack entrapped 200,000 victims from 150 countries within 24 hours. Malicious software can spread across borders and industries due to the connective nature of the internet. Cybercrime now crosses into the physical world as the internet of things expands and connects devices and services: security cameras, pacemakers, smart devices, smart homes, self-driving cars, the electrical grid, water systems and more.
How business leaders are addressing threats
Organizations and their boards are focused on mitigating and minimizing risk, taking an introspective look after industry attacks occur. Business security leaders are protecting data by knowing exactly where it is, how it’s being used and what cybercriminals are potentially after. Putting controls in place, like encryption, enable and protect the business.
“We incorporate security by design,” said Feng. “It’s not something added on at the end, but at the heart of our infrastructure.”
Between 80-90 percent of cyberattacks are rudimentary, like email phishing, but there will be increased volume and scale of cybercrime in the near future. To that, security technologies and implementations are no longer being seen as expenses, but rather fundamental. The best thing companies can do regarding cybersecurity is to start by understanding your unique environment, because you can’t protect what you don’t know you have. Scan your systems and perform data mapping. Additionally, encourage cyber aware behavior.
“You don’t want employees to feel punished for failing a test phishing email,” said Feng. “Train everyone on what the right behaviors are and are not. In this day and age, to be cyber aware and to be security aware is a survival skill.”