The world of cybercrime is maturing into a sophisticated business model. These organizations are starting to take on "corporate" traits, with business processes, continuity plans, and even their own information security programs.
Monetary drivers force hackers to continually adapt who they target, their methods of attack, and what information is valuable to them. And the most innovative attackers are the most well funded.
Just like your business, they seek to maximize profit and reduce risk.
This was the point of emphasis in a recent report written by Hewlett-Packard Enterprise, "The Business of Hacking", in which they perform a SWOT analysis of the hackers and their businesses.
It's an interesting read, but one quadrant matrix, in particular, caught my attention:
This matrix rates various cybercriminal activities based on Effort and Risk, and Payout Potential. Items further to the right are easier and less risky, and items higher on the matrix have a larger payoff potential.
From a business perspective, hackers want to pursue opportunities that are of low risk and high payoff, and items in the upper right-hand quadrant provide just that. On the other hand, hackers want to avoid high risk, low payoff items and are less likely to involve themselves in activities in the lower left-hand quadrant.
Studying the matrix with that in mind, it became very clear as to why we've seen a rise in ransomware (extortion): behind ad fraud, it is the easiest, most lucrative method of hacking in the matrix.
Ransomware changes the game. It is easy to deploy through phishing and malvertising. No exfiltration is necessary. Payments are getting simpler. And its very nature makes any data that's important to you, important to cybercriminals, which means that anyone is a target, even your grandmother.
Studying further, we see that there could be a business case for the bad guys to lessen their focus on conventional tactics like card fraud, identity theft, and bank fraud in general. These methods are becoming harder to execute and the payoff is low, relative to other opportunities.
It means you have to change your mindset on how you protect your information and containing assets. It used to be that just protecting NPI and card data was enough to get by. But with this new business model, where "anything that's important to you, is important to them", that won't cut it any longer.
It also means that your customers need to have a new level of awareness to the threats they face, especially ransomware (for which, many of them are totally unprepared). And that now includes customers who have never had to worry about these things in the past.
For help with preventing ransomware, check out this article. Please feel free to share with anyone who might find it helpful.
