Cybercrime−The New Growth Industry
Hacking has become a big business with a variety of tools and services available to those with criminal intent. The cost of buying advanced malware kits that let hackers carry out cyber attacks can be as little as $500. Contrast this with the amount of money companies are spending to update their security arsenal. Worldwide spending on information security will reach $71 billion this year, according to the latest research from Gartner, Inc.
Cybercrime will continue to grow and cause corporate losses in the range of $445 billion annually, according to a recent report published by the Center for Strategic and International Studies, a Washington, D.C. policy think tank. “Cybercrime is a tax on innovation,” the report notes and slows the pace of economic growth through the theft of intellectual property and consumer financial information.
Unlike the world of 20th century organized crime, which was highly centralized and hierarchical in nature, 21st century cybercrime is decentralized, with major players able to mask their identities, intent and actions. Hackers across the globe work in anonymity in a loosely coupled fashion, constantly changing their tactics to evade the best efforts of corporations and governments. Cybercriminals are able to react quickly to new “business” opportunities and corporate system vulnerabilities.
Cybercrime is flourishing as a result of the formation of a criminal ecosystem. Hackers no longer have to build their own malware but purchase commercially available software and cloud computing resources on the dark web to launch a variety of exploits ranging from massive distributed denial of service (DDoS) attacks to spear phishing scams. Black markets have sprung up on the Internet where hackers can issue RFP’s to deliver attack operations to the highest bidder.
Rather than lone wolf hackers, it’s common to find teams of who work in concert to execute a variety of sophisticated attacks. These distributed teams consist of specialists who work as subcontractors on multi-faceted attacks that can be launched over the course of weeks and months. The malware exploits they launch can live within a corporate system for months and years, collecting proprietary information, observing user and system behaviors and repeatedly exfiltrate valuable corporate information.
To remain undetected, malware can be programmed to self-destruct after it has achieved its intent. Malicious hackers are also using encrypted communications to avoid detection by corporate security systems. These data breaches can take on average over 200 days to detect, according to various industry reports.
A survey of IT security professionals published this year by the Ponemon Institute indicates that most respondents do not think their existing security systems are sufficient to anticipate, identify and reduce advanced threats. The report, “Exposing the Cybersecurity Cracks: A Global Perspective” indicates that over half of those surveyed feel they need heightened threat intelligence methods to deal with the rapidly evolving nature of cyber crime.
"The question remains; can the billions of dollars being spent on cyber security outpace the skills and motivation of highly focused and determined hackers? Only if these solutions are more dynamic and adaptive than the cyber threats they seek to eradicate."