Hacking exploits and exposés continue to dominate media headlines – and for good reason too.
In 2017 alone, according to McAfee and CSIS’s joint report, Economic Impact of Cybercrime – No Slowing Down, cybercrime cost the global economy more than US$600 billion (R7.6 trillion at today’s rate) – of which approximately $3 billion was concentrated in sub-Saharan Africa. Alarmingly, recent estimates by Forbes indicate that cybercrime will cost $6 trillion a year by 2022 – an almost unimaginable number to most of us.
Whether it is known as state-sponsored cyberterrorism, organised crime 2.0 or hacktivism, cybercrime makes a lot of sense to growing numbers of people. One of the reasons can be ascribed to the world’s current unemployment figures. After depressed global economic conditions in recent years, attention has turned to other means of making a living and the rise of a new, unvirtuous cycle.
Cybercrime has become a viable “career path” for a number of reasons, not least of which is the perception that it’s a “victimless crime”, particularly in the corporate world. It’s also hard to trace and prove, and even harder to prosecute. Legislation hasn’t kept pace with the evolving criminal landscape – some inroads have been made, but there’s still a long way to go.
Connected and dangerous
Now consider just how low the barriers of entry are. It couldn’t be easier to access connectivity, buy an exploit kit or two, read some forums, watch a few videos and the next cybercriminal is on the path to graduation.
In fact, online crime is fast becoming industrialised through the efforts of criminal multinational organisations on the dark web. One-stop shops are being developed and run like businesses with all the tools and services needed to commit cybercrime. Exploit kits, custom malware, botnet rentals and ransomware distribution provide a diverse toolkit for as little as $100.
This is the new, sophisticated generation of organised crime. The motivations might vary between creating a new income stream to the thrill of the chase and everything in between hidden behind relative anonymity on the dark web.
Cybercrime as a Service isn’t a new concept, but it’s rapidly evolving to include everything a criminal could need, including product development, technical support from help desks and even money-back guarantees.
Sophisticated crimes against the unsuspecting and underprepared
The “regular” threats we see, including those like ransomware holding data or devices hostage – or breaches threatening to expose sensitive data like medical records, banking details or personal particulars – are fairly well known.
But there are emerging technologies that open up an entirely new threat landscape. For instance, blockchain technology is a robust, disruptive technology that’s predicted by Gartner to increase business value-add to $176 billion by 2025. The newness of the technology presents cyberattackers with opportunities for exploitation.
Alongside technological advancements are the development of their cybercriminal counterparts’ sophistication. For example, today’s viruses are smart and malware is equipped with artificial intelligence capability that self-adjusts until it finds vulnerabilities, is more energy-efficient and more effective than any human hacker, and also more economically attractive.
With this in mind, it’s surprising that many organisations are underprepared or unaware of threats which then impedes their ability to identify attacks and defend themselves. Startlingly, NTT Security’s 2017 global threat intelligence report revealed that nearly 47% of vulnerabilities are more than three years old and only a third of companies had a formal incident response plan in place.
In summary, crime isn’t just for your neighbourhood hoodlum. It has evolved to open an entire digital threat landscape. So no matter your business size, maturity or perceived degree of cyber-risk, it’s a business imperative to implement risk management, cyber-resilience protection and defence strategies.