A Tale Of Cyber And Crime — Part One
Get an insight into what cyber-crime really means, the motifs behind it and the consequences it leads to.
Almost every aspect of our everyday lives is “touched” by technology. Technological development has created tremendous opportunities and improvements to our life, but also gives criminals increasing opportunities to gain access to more victims.
What is it?
Encyclopaedia Britannica defines* cyber-crime as:
Cyber-crime, also called computer crime, the use of a computer as an instrument to further illegal ends, such as committing fraud, trafficking in child pornography and intellectual property, stealing identities, or violating privacy. Cyber-crime, especially through the Internet, has grown in importance as the computer has become central to commerce, entertainment, and government.
Even though there is more than one accepted definition, it is usually divided by law enforcement agents into two types:
- High-tech crime, which are mainly the attacks on software and hardware.
- Cyber-enabled crime, which is the more traditional type of crime, such as financial crimes.
In the past, cyber-crime was mainly performed by small groups or individuals, but the sophistication level is not what it used to be. If back then cyber-criminals were more like nerdy hackers in their parents’ basement, now they act like the evil twin from the Silicon Valley start-up.
Hackers are breaking the systems for profit. Before, it was about intellectual curiosity and pursuit of knowledge and thrill, and now hacking is big business.**
Why?
What are the factors that contributed to the development of cyber-crime, you ask? As economies grow, cultural and social factors are changing the face of modern businesses as we know them today, offering these cyber-offenders the chance to overcome borders limitations.
This results in an unprecedented cyber agility, which is further fuelled by factors such as:
- The inconsistency of laws across the globe
- Sympathy for some forms of hacktivism
- The easy distribution of malicious software
- Development of the dark web
- Employment of hackers against security measures
Apart from all these factors, there’s also the development of technology drivers that also fuel both businesses and cyber-crime.
The Cloud
The development of “The Cloud” makes them easily accessible, cheap and reliable. This allows cyber-criminals to have a very dynamic activity, being able to rapidly setup, use and abandon the network.
Crowdsourcing
Cyber-crime organisations are able to offer fast to market and innovative SaaS solutions, such as a DDoS for hire, disguised as a legitimate network stressing service.
Data Monetisation
The monetisation of data started with sensitive data such as credentials, credit card and personal info. The development of underground markets led to the switch to intellectual property and data theft with the purpose of attracting new customers.
Wireless And Mobile Technology
The widespread nature of these technologies allows criminals to set their “office” basically anywhere they want to. This way they have the ability to attract fresh talent with a drive for results.
In the cyber-crime world, what matters are the results and their activity revolves around finding and exploiting vulnerabilities. Using these vulnerabilities, they are able to attract or leverage businesses and persons. Sort of like in the legitimate business world.
What’s The Cost?
If in the past cyber-criminals focused their activity on the big players in the business, now they’re turning their attention to smaller, easier to target companies.
There are various consequences of cyber-crime against people and organisations, but the main consequences are:
Revenue loss
Losing money is always tough on companies, no matter their size, but as the company is bigger, the amount of sensitive information it holds increases. Besides money, a company can also lose revenue by having its e-commerce site compromised.
Time loss
Whenever a cyber-attack takes places, the company’s IT department must turn their full attention to handling the situation. This stalls the progress on their ongoing projects and leads to missed deadlines.
Productivity loss
Having to enter loads of passwords on a daily basis just to be able to do your job is counter-efficient enough, but in the event of a cyber-attack, the amount of pressure increases. Therefore, as employees spend more time on protecting the company, their effective working time decreases.
Reputation loss
Whenever customer data is compromised due to lack of cyber-security in a company, guess who they will be blaming? The company, of course. This will in turn lead to a bad reputation amongst present or potential customers and decrease in company trust.
What’s The Solution?
It’s not possible for companies to continue with the same security habits and procedures but expecting different outcomes. In the best case scenario, these companies have managed to slow down a little bit the attacks, or even redirect them, but not stop.
One possible solution to regain employee productivity is switching from the classic account and password based authentication, to multi-factor authentication. Companies’ digital properties stay protected, while the employees don’t have to remember annoying passwords anymore.
Multi-factor authentication is an effective response to the need of data and transaction security, as it has been demonstrated by its recent addition to the PCI Data Security Standard. It uses a combination of independent credentials such as:
- What your users know (passwords)
- What your users are (biometric verification)
- What your users have (security tokens)
UNLOQ offers multi-factor authentication solutions by providing protection in 3 areas: User authentication, Transaction authorisation and Data at rest.
*http://www.britannica.com/topic/cybercrime
**http://www.ntti3.com/wp-content/uploads/CybercrimeRadicallyRethinkingTheGlobalThreatV1.pdf
