Unfortunately, there is no such thing as 100% security for businesses.
The key question is whether some industries or organisations are disproportionately more prone to vicious attacks than others.
In the past we would have said that banks, healthcare, insurance, and government services are prime targets. This was for various reasons - whether it be financial, political, or other gains. We’ve entered a new era though, where all organisations and individuals are vulnerable to attacks.
This is because of the way organised crime has become interconnected with cybercrime, inevitably resulting in a shift in focus and scope. The different ways businesses are being attacked invariably has led to individuals as well as groups offering cybercrime as a service.
You can hire people to effectively work Monday to Friday, much like your usual 9 to 5 gig, to perform cyber-attacks for you. They will have you sign contracts and even provide money-back guarantees in some cases.
What are the differences in cybercrimes?
In terms of differentiating between the crimes, it is less about the various approaches to a specific crime and more about the attackers behind the operation. As such, we can put cybercrime attackers into four very broad main categories:
1. Nation-sponsored attackers
Where the news is full of fixing election outcomes - for example the allegations against the Russians in the 2018 U.S. election - this is just one aspect of nation-to-nation attacks.
One hears of Chinese-sponsored attempts to gain military information, but it's easy to look at nation-funded endeavours to steal intellectual property for technological areas of interest for them.
These crimes are not solely nation to nation, but are often targeted at private enterprises with valuable information.
2. Organised cyber criminals
Think of this like the mafia of cyber activity who run a lucrative business with crime.
As part of a highly organised operation, cybercrime is just another revenue stream. It is a much cleaner way of making money as you avoid trafficking, protection, and other traditional crimes, such as robberies.
3. Script kiddie
These attackers should be likened to the typical teenager, sitting at home in their room with loud music on. They are not really into crime but there is a lot of prestige that comes from the ability to break into something usually off-limits.
They have sites where they compete with others, where peer-to-peer recognition is the main motivator.
4. Insider threats
Organisations might also be affected by resentful ex-employees who are looking to get back at them. Similarly, current staff through negligence or ignorance, compromise their organisation's security can pose a major risk to businesses.
What does this mean for you?
By nature, larger organisations that have been targeted by cybercrime for some time now have built significant defences and proactively monitor their networks. However, if you function as a small to medium enterprise (SME), there is a chance that you have limited resources available to dedicate towards security.
As a consequence of limited security, businesses need to not only be aware of the potential threats but willing to move beyond the paralysis we've seen so far.
What are you doing about your cyber-safety?
Reach out to Avec to enhance your plan of attack.