The New Face of Cybercrime: Considerations for Personal and Enterprise Security
Dr. Serge Droz | December 3, 2019
Dr. Serge Droz is a Cybersecurity Expert at Open Systems
Cybercrime is relentless, undiminished, and unlikely to stop. It’s just too easy and too rewarding, and perpetrators perceive the chances of being caught and punished as low.
Cybercriminals are as sophisticated as the most advanced information technology (IT) companies with enormous stores of money, know-how, and technology. They use both simple and advanced technology to identify targets, automate software creation and delivery, and monetize what they steal. It’s become a global industry and many criminal organizations operate like real businesses. Some even have their own help desks!
The cost to the global economy is enormous. Billions of dollars are lost each year through techniques including malware ransom, blackmail, identity theft, and phishing. According to a 2019 study by Accenture and the Ponemon Institute, the average cost of cybercrime for an organization has reached $13 million, a $1.4 million increase over the past year. The average number of security breaches for organizations rose 11% in the same period, from 130 to 145.
While cybercriminals may be small groups of five to 10 people who work together, others work in larger groups and can form global criminal communities. Nation-states are now involved, each with their own specialty. These countries take the information or assets they want and leave the rest to the hackers. Some nations are targeting their own citizens, a new phenomenon that is becoming more common.
Networks Front and Center
To avoid becoming victims of cybercriminal organizations — or at least to mitigate the damage when it does occur — individuals and enterprises must exercise good security hygiene. This means taking the time to assess security risks, and then reducing vulnerabilities through planning an incident response strategy and putting solutions and services in place to protect networks, data, and devices.
Because networks are the backbone of today's personal and business communications and transactions, they require special consideration in any security planning or assessment. Simple measures include setting clear administrator privileges, segregating networks and endpoints, maintaining firewalls, establishing intrusion detection and prevention systems, using encryption programs, monitoring networks, and defining and practicing a continuity/disaster recovery plan.
Ultimately, enterprises and individuals are on the front line of protecting themselves, but government regulation is starting to catch up as new business models and ways of communicating emerge.
Transparency, Legislation, and Compliance
Recently, calls for information transparency have been on the rise. This has called into question who owns data and how it should be protected.
Privacy laws such as the General Data Protection Regulation (GDPR) enacted by the European Union help better protect citizens and enterprises by giving control to individuals over their personal data and defining clear responsibilities. Other examples of government regulation include the Payment Card Industry Data Security Standard (PCI DDS) for securing credit-card payments, the U.S. Health Insurance Portability and Accountability Act (HIPAA) for protecting healthcare information, and International Standards Organization (ISO) 27001, which provides a legal, physical, and technical framework for controls in an enterprises’ risk-management approach.
These laws have arisen, among other reasons, because of increased cybercrimes that focus on information theft, which is the most expensive and fastest-rising consequence of cybercrime. In the future, as society struggles to balance security and privacy, we can expect to see more regulation.
How Do We Protect Ourselves?
As cybersecurity gets more sophisticated, so will cybercriminals. In many ways, this is an arms race and government and industry must lead with better security protection and standards. Today, organizations and individuals must realize that there is no such thing as being “fully protected.” Each of us is responsible for educating ourselves and doing what it takes to mitigate risks. Those who don't act will become victims. For many, it's not a question of if but when. And for most, it will not just be a dent into their operations; it may well be a question of survival.
While the rise of cybercrime is worrisome, our hyperconnected world cannot go backward. In areas as far-reaching as human development, healthcare, and education, as well as business transactions of all kinds, the internet, and mobile devices have changed the world we live in forever and mostly for good. While technology continues to advance, security hygiene and the protection of our networks, devices, and data are and will always remain an important concern. Educating ourselves on ever-evolving cyber risks and taking steps to mitigate those risks is now as much a part of life as the internet itself.
Learn more about the current state of cyber threats in our security series.