Everyone’s talking about cyber security these days, and there’s a seemingly endless list of protective measures to be taken to prevent cyber attacks. It can be a bit daunting, and at times hard to secure the right budget, so is all this hype about security really necessary? The short answer is – YES. The long answer is that in order to understand why cyber security has taken over the forefront of IT for businesses, you must first understand that cyber criminals are no longer just bedroom hackers; they’re a fully fledged industry.
Cybercrime costs the economy an estimated $450 billion globally
Cybercrime-as-a-Service is on the rise in a big way, with criminals constantly developing more advanced ways to steal businesses’ hard-earned cash over the internet. The industry continues to evolve and adapt and is now highly organised. All one has to do is log onto certain sites on the Dark Web and they’ll be greeted with professional hackers offering ransomware, malware, phishing, DDoS and much more as-a-service.
One of the more unusual ways in which cyber criminals have been generating revenue for themselves comes from Russian hacking website WWH-Club, which now features a six-week hacker training course on topics such as Bruteforcing PayPal, Working on Android, Carding (using stolen credit cards for fraud) and targeting specific industries such as hotels or finance. For this series of online seminars, they charge $745 for tuition and a further $200 for course materials. This course is the first of its kind so far, and is aimed at turning wannabe hackers into fully-fledged fraudsters. News students pay in crytocurrency such as Bitcoin to gain access to 20 lectures from 5 instructors, with required reading and quizzes, and a maximum class size of 15. That’s right, this isn’t amateur hour any more, it’s an organised curriculum with a business model that caters to a growing cyber crime industry.
“It’s on a scale that [we] haven’t seen before, and they refresh the course material every six months,” said Rick Holland, vice president of strategy at cyber security firm Digital Shadows. “You could know nothing and it ramps you up on understanding the different kinds of cards that are out there, the security measures that are out there, what do you need on your computer”.
However, not every hacker has to go down the route of enrolling in a course before they go forth and target businesses. Another worrying trend that experts are seeing now is the availability of extremely cheap hacking software that removes the need for advanced technical skills. One such example is Ovidiy Stealer, password-stealing malware that is sold online for between $7 and $13, depending on what your hacking needs are. This cheap malware builds encrypted executables, which makes it very difficult to detect and analyse, and can slip past anti-virus software that isn’t next-generation. Granted, this isn’t the next WannaCry – there’s only so much you’re going to get for under €10 – but it makes malware incredibly accessible to budding cyber criminals.
While ransomware as a service for dummies is still a very popular item in the shopping carts of cyber criminals on the dark net sites – crypto-mining software is also fast becoming one of the latest most financially lucrative options. It bypasses many firewalls and Antivirus scanning tools and runs in the background on your computer taking advantage of its processing power and electricity. Apart from making the infected computer run slower, many businesses don’t even know its running on their network generating money for the cyber criminals.
Now, let’s take a look again at the cyber security industry. According to the Hiscox Cyber Readiness Report 2017, a shocking 53% of companies assessed were not prepared to deal with an attack, with just 30% rated as “expert” in their cyber readiness. In 2016, this lack of preparedness cost businesses around the world an estimated $450 billion – marking cybercrime as an epidemic. According to Steve Langan, chief executive of Hiscox Insurance, it is imperative that companies “build the human firewall in your business, so train your staff to recognise those suspect emails which are getting increasingly sophisticated and very difficult to distinguish”.
Tech Guard, we recommend that any company wishing to mitigate the risk of cyber attack should take a layered approach, with next-gen antivirus, firewalls along with weekly patching to prevent the majority of malware from breaching your network, cyber security awareness training so staff don’t fall for the malware that sneaks past your anti-spam, anti-virus, firewall and finally a regularly tested backup and disaster recovery solution so that you can restore your business’s critical files and systems no matter what.