Follow the Money

For most of today's cybercriminals their activities are not a hobby to brag about with mates. What they do is a serious business to them and they employ many of the best 'traditional' business practices mainstream companies use with the goal of making money. Today's cybercriminal gangs are highly professional and motivated.
|

Often friends and family ask why it is that we hear so many stories in the media these days about companies being hacked and information being leaked and stolen.

The answer is simply that more and more of what we do in work and play takes place online.

Indeed if new statistics from the Office of National Statistics are to be believed, more Britons than ever are online every single day. The latest UK Opinions and Lifestyle Survey, reports that 36 millions Brits use the Internet everyday - a doubling of numbers since just 2006!

And this trend is not just in the home - increasingly all businesses have a substantial presence online. Indeed it is an exception if you can't find that a business has a website. Even if they don't have a public web presence, you can almost certainly guarantee they will use some sort of online solution, service or tool to run their business behind the scenes.

Criminals know that as we do more online we also open ourselves up to more risk of compromise and attack.

They simply follow the money and as we use certain tools and applications, they look for a weak link as a way to infiltrate a company and make money via their activities.

After all it is a numbers game. If businesses start to use a certain tool, then it is worth the cybercriminal gangs investing their time to find an exploit and way in via that tool. If only very few businesses use something, it is unlikely to be worth the criminal's efforts to break in.

For most of today's cybercriminals their activities are not a hobby to brag about with mates. What they do is a serious business to them and they employ many of the best 'traditional' business practices mainstream companies use with the goal of making money. Today's cybercriminal gangs are highly professional and motivated. They often outsource some of their activities; bring in particular expertise for a particular 'job' and even utilize R&D and helpdesk-like teams.

Their sole goal is to make money, either directly via their own efforts, or by working on behalf of someone else.

So we as business leaders need to treat security in an equally professional manner. We cannot afford the luxury of spending money on defences and assuming they will protect us. Today's senior executives have to plan for the worst and look at their security with different eyes. They have to think and act like an attacker and recognize that a determined criminal will get in, and so what is critical is that you know they have got in and can mitigate the damage quickly.

Cybercrime was never a game, but much like the cybercriminals, company executives have to act more professionally.

It is a fact that as a certain piece of software is used widely, the incidents of security compromise also rise. As companies and people spend more time online, they are potentially opening up their front doors to the world and so need to be aware that, while this brings huge benefits, it also comes with increased risks and so you have to be prepared for those risks.