Page 38 - GS170402
P. 38
Views
The sobering state of Cybercrime is an aspect of transnational crime
The growth of cybercrime-as-a-business and distributed
cybercrime today crimeware is truly astonishing, particularly the onward
expansion of the attack space. To quote the retired RSA
Chair, Art Coviello, "It's broad, what's going on in terms
of the scope and nature of nation-state attacks. … With
the larger countries, we're probably already at a state of
mutually assured destruction. You take out my power grid;
I take out your dam. We do have the issue of attribution
and the difficulty in attributing a specific attack."
Further, writer Greg Masters wrote, "There are a lot of
skilled engineers in Russia, easily tempted by the possibility
of anonymously attacking for easy monetary gains. Not
to mention cyber forces within the Russian and Chinese
militaries intent on interfering with elections or purloining
industrial blueprints or intellectual property."
Cybercrime is just a part of the overall business of
transnational crime. The March 2017 report from Global
Financial Integrity found that globally, the business of
transnational crime is valued at an average of $1.6 trillion
By Brandes Elitch to $2.2 trillion annually (it's difficult to be more precise
CrossCheck Inc. because we are talking about criminal behavior here).
There are high profits and low risks for criminals, and
he Information Security Media Group is the there is the support of a global shadow financial system to
world's largest media organization devoted sole- perpetuate and drive these abuses.
ly to information security and risk management.
T This year, they will host 12 security summits With cybercrime-as-a-service, crime has been commercial-
throughout the world for senior information security (info- ized along the lines of other successful consumer business-
sec) and fraud professionals. es, and there is an industry of distributed crimeware with
open source software, marketing specialization and "pro-
On March 28 and 29, 2017, ISMG held a two-day fraud and fessional values" of customer service. You pay with bitcoin,
breach seminar in San Francisco. It covered the following of course.
topics (and more): fraud prevention, compliance, breach
prevention and response, identity and access management, Fraudsters' barrier to entry is lower
anti-phishing, ransomware, payments security, and risk If you weren't frightened at the end of the day by the extent
management. Individual sessions covered topics such as: of cybercrime, you just weren't paying attention. I found
• Artificial intelligence (AI) and the self-defending it sobering, and I work in the payments industry and
network should have known about this already. But it turns out I
• Privileged access management and secure code am not alone in my lack of awareness. A recent study by
the University of Alabama at Birmingham put things in
• New boundaries for perimeter security perspective.
• Cybercrime-as-a-service • 87 percent of business owners regularly upload
• Insider threat detection work files to a personal email or cloud account.
• How to work with law enforcement and regulators • 51 percent of senior managers have taken job files
after a breach with them after leaving a job.
• The emerging threat landscape • 15 percent of employees believe that they have zero
• Breakthroughs in account security to minimal responsibility to protect data stored on
their personal devices.
• Distributed denial of service, cyber extortion, and • An unknown number of employees connect
business email compromise their personal mobile devices to organizations'
• Security tools, for example, endpoint security, networks, use generic USB drives not encrypted or
border controls, data loss prevention, sandboxes, log safeguarded by other means, or unnecessarily carry
tools, threat intelligence, and behavioral analytics sensitive information on a laptop when traveling.
38
