Cyber-criminals are mostly a community of entrepreneurs who look for market gaps and then innovate to meet the needs of the market.
The cyber-crime industry is currently worth as much as $445 billion, as these criminals monetize your information and assets, said Glenn Chisholm, Cylance CTO, speaking at the seventh annual Dell Women’s Entrepreneur Network Summit (DWEN), hosted in Cape Town.
“Often misunderstood by senior leaders, the motivation behind cyber crime is crucially important, as it is what motivates the attacker and helps define their target,” he explained.
“And in short, the motivation is money. The people who are targeting you are themselves entrepreneurs, and they have built a very viable, very rich economy.”
While some attackers, like Anonymous, are politically motivated, this is incredibly rare. Gone too are the days of the huge, big-splash outbreak, such as SQL Slammer and Nimda.
Nowadays, the longer an actor can remain under the radar, the more revenue can be generated or the more data can be harvested long-term, translating into financial gain.
This trend really came to light in the early 2000s in the form of spam, DDoS botnets, FakeA, Ransomware, and other long-term persistent stealth threats like APTs state-sponsored campaigns.
Ransomware attacks, for instance, are often launched by very unsophisticated attackers, with a very clean, simple business model that is very successful.
Chisholm explained that cyber-criminals no longer even need hacking skills in order to engage in cyber crime, as they can pay someone for the ability and the tools.
“These criminals target different industries depending on ease of access, and they know most people are going to pay it,” Chisholm said.
Also if the malware is being secretly passed on through emails or corrupted files, the attacker gets a much higher return for a fractional investment.
And the cost is astronomical, even if it is a minor amount for the attack itself, it can be much more – hundreds of thousands – for the cleanup and protection.
The biggest cost, however, is to the reputation of the affected company.
“Breaking someone’s trust is like crumpling up a piece of paper, and you can work to smooth it over, but it’s never going to be the same again,” Chisholm said.
“For this reason, cyber security is a CEO issue – because the CEO’s job is on the line at the end of the day.”
And the threat is considerable, with at least one in three organisations reporting having been targeted by cybercrime, although Chisholm believes the number is closer to three in three.
Cybercrime is the second most reported economically-impacting crime across large corporations and enterprises, costing the global economy an estimated $445 billion in 2016.
“The key to preventing becoming a target is to ensure that you have good endpoint security and also that you train your people regularly and thoroughly,” Chisholm advises.
“You also need to value the information that you have, as most people don’t realise what their data is worth to them until after the breach is over.”
He concluded that there is no silver bullet security solution for any single business.
“You need to sit down and discuss your unique needs with a professional, and you need to continually maintain and revise your approach.”