If you want to get to the root motivation of any criminal enterprise, just follow the money. Emerging research tells us that the computer hackers of today are really no different than the highwaymen of old; they're just using a different path to reach the same destination. The latest support for this theory comes from a global survey of business and IT executives conducted by Check Point software, which suggested that the majority of cybercriminal plots targeting corporate networks are driven by financial fraud.
Blunt force, enlightened tactics
Although business executives once scoffed at the notion that one tech-savvy malcontent could scale the walls of the corporate castle and make off with a king's ransom, a growing proportion of their industry colleagues have had that arrogance exposed in recent years.
"Cybercriminals are no longer isolated amateurs. They belong to well-structured organizations, often employing highly skilled hackers to execute targeted attacks, many of whom receive significant amounts of money depending on the region and nature of the attack," Check Point security evangelist Tomer Teller explained.
As cybercriminals begin to organize themselves in a manner similar to the enterprises they are attacking, hackers are finding themselves with the tools and funding to focus exclusively on creating corporate chaos. According to the survey, responding executives indicated that they field an average of 66 new Internet security attack attempts each week.
One of the favored tactics among hackers seems to be Distributed Denial of Service (DDoS) attacks – typically regarded as a blunt object in the cybercriminal arsenal. This low-effort, high-volume strategy can quickly overwhelm corporate servers and take a corporate website offline for hours or even days. In that time, a business can lose untold revenue from frustrated customers and lost leads, as well as lost productivity that can have more direct consequences.
But while DDoS attacks can certainly take money out of a company's pocket, it isn't likely those funds will find their way into cybercriminal accounts. When hackers really want to replenish their capital, customer data and corporate trade secrets are still the holy grail.
"These days, credit card data shares space on the shelves of virtual hacking stores with items such as employee records and Facebook or email logins, as well as zero-day exploits that can be stolen and sold on the black market ranging anywhere from $10,000 to $500,000," Teller added. "Unfortunately, the rate of cybercrime seems to be climbing as businesses experience a surge in web 2.0 use and mobile computing in corporate environments – giving hackers more channels of communication and vulnerable entry points into the network."
Once inside the gates, the most feared tool in the cybercriminal arsenal may be the SQL injection. While more than a third of survey respondents reportedly experienced advanced persistent threats (APTs), botnet infections and DDoS attacks, database breaches were still cited as the most loathsome of all.
Shoring up defenses
Considering the financial implications of successful cybercriminal attacks – both in terms of reputational damage and remedial expenses – more companies are realizing that data security strategies deserve a place atop their risk management priority lists. Survey respondents commonly cited firewall reinforcement, intrusion detection systems and specific anti-bot and application security solutions as future areas for investment. But considering the ever-expanding number of network access points, employee training will also garner renewed attention.
More than one-third of respondents admitted that their organizations still lack dedicated security awareness programs, potentially leaving underinformed workers guarding the front lines.
Data Security News from SimplySecurity.com by Trend Micro