Cyber crime as a service forces changes in information security

Cyber crime has been commercialized. Infecting computers with ransomware or using an advanced persistent threat to pilfer intellectual property no longer requires deep technical knowledge. Just use Google to learn how to access the Dark Web, and you can find hackers who, for a price, are more than happy to write malware, create highly effective spear phishing campaigns and develop bogus websites for harvesting login credentials.

+ Also on Network World: DDoS-for-hire services thrive despite closure of major marketplace +

Major companies (think Fortune 500 organizations) understand that cyber crime as a service has changed how they handle defense. But for organizations still maturing their defensive measures, here’s what the transformation of cyber crime into an industry means for how you approach information security.  

You’re enemies aren’t script kiddies

Security and IT professionals need to accept that they’re not facing inexperienced hackers. The good guys typically realize that adversaries are skilled but don’t fully realize their technical prowess. Script kiddies are still out there, but I’d argue that they’re not going after enterprises.

The real threat is from the group of hackers who worked for the Russian government, realized their skills could command a high price in the private sector, and now sell their services on the Dark Web. For them, hacking isn’t a pastime. It’s their profession. Often times they get paid only if the mission is successful, giving them an incentive to make sure the goal is achieved. If you’re a defender, adopt the perspective of the enemy. Think what points you would try to exploit if you were on the offensive side.

Leave a Reply

Your email address will not be published. Required fields are marked *