You don’t need to be the fastest one in the water when a shark attacks—as long as you’re not the slowest. To some degree, this sentiment translates well to cybersecurity. On one hand, no one should ever advocate that businesses do “just enough” when it comes to network security. But on the other hand, many organizations don’t realize their biggest threat isn’t necessarily those script kiddies hiding in Grandma’s basement firing off random attacks.
What’s needed is a little refresher on who these bad guys are—and, more importantly, how they operate. Developing a better understanding of the who and how of cyber attacks will help you create an environment that’s 100 percent not worth the effort to attack.
Who’s behind the mask of those cybercriminals making headlines every few weeks? The logical answer is some bored teenager downloading malware tools from the dark parts of the web. His parents, aloof of the mischievous shenanigans, probably wonder why their internet bill always incurs extra data charges at the end of the month. These script kiddies are a go-to assumption when someone starts thinking about cybercriminals. Surely it’s not the highly organized, mysterious double agents with three-digit code names, right?
In reality, those Hollywood interpretations may not be as far off as you think. According to the Harvard Business Review, costly cyber attacks are much more intricate than random “kiddies” passing the time during summer vacation. Brazil and the former Soviet Union, as it turns out, are ideal locations for organized cybergangs.
Thanks to softer laws regarding cybercrimes, digital thieves flock to these regions to connect with like-minded individuals. The result is a hotbed for organized cybergangs composed of previously unemployed computer experts. Understanding the level of sophistication these bad guys represent should change your approach to cybersecurity. Let’s talk about that.
Not all criminals are dumb
Script kiddies aren’t the primary concern when it comes to cyber attacks. For once, it actually is more likely to be that shadowy, highly organized crime ring you see on the big screen—and you know what? They have more than one way to drain your bank account.
On the surface, you’d think these sophisticated groups of computer wizards would focus on massive heists that even the Ocean’s 11 crew would be proud of. To a large extent, they are. A Brazilian group managed to pull the wool over the eyes of a prominent financial institution to the tune of $3.75 billion, HBR writes. Siphoning this impressive sum occurred over the course of nearly half a million transactions through a surprisingly complex strategy.
Elaborate schemes—though flashy and tailor-made for George Clooney’s portrayal—aren’t necessarily the biggest threat. The number of headline-inspiring cyber attacks that send the general public into panic are really only a drop in the bucket compared to smaller, more subtle dangers. Those same cybergangs trimming dollars off bank transactions are also hard at work creating the next generation of malware. These trojans, viruses, and rootkits aren’t hoarded in some cybervault either. No, they go to the highest bidder—or anyone with enough cash to spend—on the dark web. Yes, even those script kiddies can get access for the right price.
Script kiddies and cybergangs be damned
Unfortunately, when a bunch of really smart people put their minds together to fleece the internet, defense becomes problematic. The malware they produce and the intricate schemes they dream up will continually evolve.
But all hope is not lost. All that’s needed is a proactive strategy. You don’t even have to brush up on your Russian or Portuguese. Instead, just add a few trusted security sources to your morning newsfeed. Stay on top of current events in the cybercrime world. Better yet, take a look at deploying technology that can adapt to a changing security climate in the same way. And for the love of god, secure those endpoints.
In the end, knowing your enemy and the ways they currently operate will help you, in turn, build a security structure that’s more trouble than it’s worth.