Financial executives receive cybercrime wake-up call
If data security protocols fail to progress, hackers will continue to count off corporate money.
If you want to get to the root motivation of any criminal enterprise, just follow the money. Emerging research tells us that the computer hackers of today are really no different than the highwaymen of old; they're just using a different path to reach the same destination. The latest support for this theory comes from a global survey of business and IT executives conducted by Check Point software, which suggested that the majority of cybercriminal plots targeting corporate networks are driven by financial fraud.
Blunt force, enlightened tactics
Although business executives once scoffed at the notion that one tech-savvy malcontent could scale the walls of the corporate castle and make off with a king's ransom, a growing proportion of their industry colleagues have had that arrogance exposed in recent years.
"Cybercriminals are no longer isolated amateurs. They belong to well-structured organizations, often employing highly skilled hackers to execute targeted attacks, many of whom receive significant amounts of money depending on the region and nature of the attack," Check Point security evangelist Tomer Teller explained.
As cybercriminals begin to organize themselves in a manner similar to the enterprises they are attacking, hackers are finding themselves with the tools and funding to focus exclusively on creating corporate chaos. According to the survey, responding executives indicated that they field an average of 66 new Internet security attack attempts each week.
One of the favored tactics among hackers seems to be Distributed Denial of Service (DDoS) attacks – typically regarded as a blunt object in the cybercriminal arsenal. This low-effort, high-volume strategy can quickly overwhelm corporate servers and take a corporate website offline for hours or even days. In that time, a business can lose untold revenue from frustrated customers and lost leads, as well as lost productivity that can have more direct consequences.
But while DDoS attacks can certainly take money out of a company's pocket, it isn't likely those funds will find their way into cybercriminal accounts. When hackers really want to replenish their capital, customer data and corporate trade secrets are still the holy grail.
"These days, credit card data shares space on the shelves of virtual hacking stores with items such as employee records and Facebook or email logins, as well as zero-day exploits that can be stolen and sold on the black market ranging anywhere from $10,000 to $500,000," Teller added. "Unfortunately, the rate of cybercrime seems to be climbing as businesses experience a surge in web 2.0 use and mobile computing in corporate environments – giving hackers more channels of communication and vulnerable entry points into the network."
Once inside the gates, the most feared tool in the cybercriminal arsenal may be the SQL injection. While more than a third of survey respondents reportedly experienced advanced persistent threats (APTs), botnet infections and DDoS attacks, database breaches were still cited as the most loathsome of all.
Shoring up defenses
Considering the financial implications of successful cybercriminal attacks – both in terms of reputational damage and remedial expenses – more companies are realizing that data security strategies deserve a place atop their risk management priority lists. Survey respondents commonly cited firewall reinforcement, intrusion detection systems and specific anti-bot and application security solutions as future areas for investment. But considering the ever-expanding number of network access points, employee training will also garner renewed attention.
More than one-third of respondents admitted that their organizations still lack dedicated security awareness programs, potentially leaving underinformed workers guarding the front lines.
Data Security News from SimplySecurity.com by Trend Micro
Spotlight
Cloud Computing
- Security in backups means more than just encryption
- Employees must buy into the company policy for better cloud security
- Desktop virtualization can enhance security performance
- Cybersecurity cooperation becoming military necessity
Virtualization
- Virtualization-specific challenges could threaten data security
- Evolving threats put security skills in high demand
- Virtualization security requires education, access control management
- Tips for launching effective virtual security tools
Internet Safety
- Virtualization-specific challenges could threaten data security
- Evolving threats put security skills in high demand
- Virtualization security requires education, access control management
- Tips for launching effective virtual security tools
Vulnerabilities & Exploits
CTO Insights
First Line of Defense
Newsletter
Stay up to date with the latest news and information on online threats.
Recent News
- FBI trying to train financial execs on cyber threats
- Wall Street has data security concerns over Bloomberg reporting
- Security in backups means more than just encryption
- Employees must buy into the company policy for better cloud security
Tag Cloud
cloud cloud computing cloud computing security Cloud Security Compliance & Regulations Consumerization Current News cybercrime Data Privacy data security Encryption Government Policy Internet Protection Internet Safety Internet Safety - DO NOT USE Internet Security Malware Mobile Security Mobility Policy Policy - DO NOT USE Privacy Privacy & Policy Private Cloud Public Cloud Reports Research Spotlight threat intelligence threat research Trend Labs Underground Economy virtualization Vulnerabilities Vulnerabilities - DO NOT USE web security web threats
Comments
No comments yet