There was a time when the biggest perceived threat to corporations online was the lone, basement-dweller whose mission to unleash makeshift mayhem left unsuspecting networks vulnerable to attack. Names like Albert Gonzalez, who notoriously extracted millions of credit and debit card numbers from TJX Companies, might come to mind.
Cybercrime, however, has evolved to unprecedented levels of complexity that looked more like business structures than singular bad actors. Today, crime rings often include organizational charts, international reach, C-level executives and even human resources departments. Crimeware-as-a-service (Caas) tools like these make recruiting easier than ever for ring leaders. In fact, some even choose cybercrime as a career path.
Many offenders now employ social engineering specialists to trick users into divulging personal details by impersonating someone that the victim knows. Others go so far as to employ 24-hour technical support for victims to ensure they pay a ransom for the safe return of their own files, a practice which seems to have conditioned its victims all-the-more through a warped sense of assurance. Premade exploit kits cheapen the purchase and simplify the launch of malware, even for novices.
Researchers at the University of California, San Diego, successfully exposed the elaborate business structure beneath the surface of online crime in 2010 with computers outfitted for backtracking spam emails. The results revealed an incredible level of sophistication, including the involvement of banking institutions and third party suppliers, website development, databases, credit card payment processing and customer-service departments. Computer scientist Stefan Savage called it “the purest form of small-business capitalism imaginable.”
Cybercrime costs the global economy up to $575 billion each year in intellectual property loss, theft of financial assets and sensitive information, opportunity costs, costs for securing networks and the cost of recovering from cyberattacks, so it’s important to remember these facts and take precautionary measures when you can.
Tips for securing your brand
Keep in mind that cyberattacks can happen to any organization, especially given their evolving nature. According to the 2014 Trustwave Global Security Report, 71 percent of corporations that experienced a security breach did not detect the incident themselves.
Here are a few pointers to remember:
- Employee education and awareness, especially with regard to email communication, is paramount.
- Consumer education is important as well, so that they understand not only your security protocols, but why those protocols are in place (to help protect their account transactions).
- Stay ahead of new threats by staying aware, and plan for ever-changing threats. Never think it can’t happen to your organization.
- Leverage AntiFraud protection tools provided by MarkMonitor.
- Listen in on The Life Cycle of a Cyber Attack, an antifraud webinar hosted by in-house expert Stefanie Ellis.
“Think of cybercrime as a business with all of the different job roles playing their parts. Each role is specialized and is needed to execute on the attack, dependent on the type of attack the threat actor is carrying out – phishing, malware, ransomware, spear phishing, SQL injections, etc.” Stefanie Ellis, AntiFraud Product Marketing Manager
Watch now: The Life Cycle of a Cyber Attack