I was recently asked by Security Magazine to share thoughts on cybercrime’s evolution and the resulting cyber threat landscape it created.
Transformation dominates corporate agendas. Organizations continue to invest significant sums into the cloud, automation, analytics, and artificial intelligence (AI) to accelerate productivity, improve market offerings, and enhance customer experiences. Disruptive brands such as Uber, Tesla, Airbnb, and Netflix have forced traditional industries to rewrite their playbooks. And the pandemic has prompted a massive deployment of online collaboration solutions and practices to accommodate today’s work-from-home environment.
At the same time, however, a less discussed industry transformation is well underway. Cybercrime is a $6 trillion annual industry, which would qualify it as the world’s third-largest economy after the U.S. and China. The FBI’s Internet Crime Complaint Center (IC3) annual cybercrime report analyzed 791,790 fraud and theft complaints from 2020 alone. There is a great deal of money to be made, and cybercriminals are adopting new strategies, business models, and tools to compete in this increasingly competitive market. In fact, the evidence would suggest that the pace of innovation among cybercriminals has outpaced that among defenders.
Given the shifting and potentially destructive market dynamics, here is a guide for C-suite executives and other decision-makers to use to understand cybercrime evolution and the resulting, more daunting cyber threat landscape it created:
They are outsourcing more than ever. Government warnings of nation-state espionage exploiting SolarWinds and Microsoft Exchange server software emphasized the reportedly coordinated efforts of different teams of intrusion experts attributed to Russian and Chinese actors, respectively. Yet, adaptive collaboration is hardly limited to foreign intelligence services or their proxies. As in legitimate business circles, collaboration increasingly drives this machine, with criminals flocking to the dark web and other underworld gathering areas to share insights and resources while acquiring more formidable capabilities. They realize that, as a combined unit, they are stronger than they are as individual, siloed operations. As a result, adversaries of all types are focusing on core competencies and outsourcing the rest. They can readily pull this off due to the availability of ransomware-as-a-service providers, who sell or lease their ransomware variants to affiliates or customers who license them to perform an attack. There are also what are called initial access brokers who exploit networks and then sell this access to the highest-paying buyer.
They are able to monetize … everything. Thanks to ransomware, the bad guys no longer need to figure out how to get to customer credit card accounts to steal money. With cryptocurrencies making it easy to anonymize, authorize, and conduct payout transactions, they can monetize pretty much anything of value to victim corporations, including proprietary data, employee human resources information, e-commerce systems, protected health information (PHI), etc. While availability has always been part of security, along with confidentiality and integrity, this move raises the stakes. If an organization can’t make direct deposits into employees’ bank accounts because their payroll servers are currently hijacked by a ransomware attack, for example, C-suite executives will feel more pressure to give in to the demand. Thus, cybercriminals are enriching themselves more than ever via the monetization of everything.
They don’t care how big a victim corporation is or what industry it’s in. As indicated, this new cybercrime operating model is expanding this underground economy through tight collaboration among thieves. They don’t need to target large companies only or stick to those within a particular, familiar industry. Through this criminal supply chain and the advancement of automated tools, these threat actors can move down-market and target thousands of midsize organizations instead of taking their chances against a few large financial services firms. They’re able to leverage automated scans to find businesses that are running outdated software or exposing risky ports or services.
C-suite executives and top decision-makers will struggle to defend against this new cybercrime operating model if they fail to adapt their defensive operative approach. The strategies of cooperation, innovation, and specialization leveraged by attackers must be similarly adopted by the organizations tasked with defending against them. That’s why their leaders should carefully consider partnering with a managed detection and response (MDR) provider.
MDR is essentially a security-as-a-service involving the hiring of an external team to monitor networks around-the-clock and launch mitigation and prevention measures when suspicious activity is detected. In its most advanced and fortified state, MDR includes threat hunting and response capabilities that combine the latest technologies, machine and human intelligence (or authentic intelligence), and expertise to stay one step ahead of attackers regardless of how their M.O. is shifting.
MDR enables companies to offload much or most of their security burden and focus on what they do best. Given that this simply makes good business sense, adoption is soaring: One-half of organizations will be using MDR services to contain threats by 2025, according to a projection from Gartner. Among those already investing in MDR, 72% are decreasing the time it takes to resolve attacks by 25% to 100%, according to research from IBM. Competitive interest has always fueled the drive toward transformation. “Greatness is not a function of circumstance. Greatness, it turns out, is largely a matter of conscious choice,” author Jim Collins notes in his book, Good to Great.
As companies explore new investments and strategies for the cloud, mobility, AI, infrastructure, etc., they cannot lose sight of the reality that cybercriminals are also constantly seeking emerging techniques, tools, and resources to build a bigger and better machine.
By forming the right MDR partnerships, organizations gain a team that lives and breathes security and maintains capabilities designed to thwart the latest attack methods. This allows C-suite executives and decision-makers to focus on transforming and digitizing their businesses while gaining the protection they need.
Chief Strategy Officer | Pondurance
Lyndon Brown brings a career focus in building high-growth technology companies to Pondurance where he is responsible for Product Management, Corporate Development, Marketing, and driving cross-functional performance. Prior to joining Pondurance, Lyndon served as Vice President of Business Development at FireEye Mandiant, where he focused on strategic growth initiatives. As an executive, Lyndon has successfully led product management, M&A, and global partnerships at firms such as Verodin (acquired by FireEye) and Endgame (acquired by Elastic).