Making sure cybercrime doesn’t pay
Helping companies make cybercrime too costly to turn a profit!
According to the Police.UK website, homes with no security measures in place are five times more likely to be burgled than those with simple security measures, such as good windows and strong deadlocks.
Sure, installing better locks is a good idea. But, that’s not the key issue here. The real reason burglars avoid a tough lock is that it takes longer, needs more know-how to beat, and forces them to buy (or steal) more tools. And why bother, when they can break into four out of every five other houses much more easily?
The same lesson applies to cybercrime. If a hacker has the choice of spending hours or days trying to get past a few sophisticated security solutions – or seconds on thousands of second-rate, poorly configured systems – what do you think they’ll do? Nine times out of ten, they’ll take the easy option.
That’s good news for companies concerned about the rising tide of security threats. It means they don’t have to be prepared to defeat every conceivable exploit in order to enjoy a reasonable level of protection. They just need to be better prepared than the majority of other enterprises.
Rebalancing the economics of cybercrime
Fundamentally cybercrime is a volume business. And, like any commercial endeavour, hackers are interested in minimizing the cost of acquiring a new victim. The majority of hackers use generic automated exploit kits. Although they can be purchased on the Darkweb for as little as US$150, they are nevertheless effective against 90 percent of today’s companies. That is largely because most firms aren’t anywhere near up-to-date when it comes to installing security patches.
Acquiring the expertise to crack the other 10 percent of companies can get expensive very quickly. More sophisticated tools and specialist expertise are needed. If the “take” is worth it, then the criminals may consider investing. But, most attacks aren’t that precisely targeted.
In most cases, the hackers simply move on to the next prospective victim as soon as they encounter anything that looks difficult. Fortunately, it doesn’t take too much work to put enough security hurdles in place to make your business look like a less tempting target.
Addressing the people problem
The ultimate answer to beating cybercrime isn’t just spending more on security boxes. It’s to implement the right services, policies and processes, and make sure that everyone understands them.
For example, in phishing simulations that we’ve run for clients, we’ve seen as many as 20 percent of staff opening phishing emails disguised as social media invites or internal organisational messages. And that is despite them having received training on how to spot phishing emails! People in finance and HR department – two departments that manage sensitive employee information – are more likely to be misled by phishing emails.
This highlights the critical importance of continuous and effective employee training on cyber security issues. Naturally, by beefing up the preparedness of your people, you ensure that criminals have to invest energy and time in upping their game. Or encourage them look elsewhere for less well-trained or perhaps more gullible targets.
Make the hackers work harder
Ultimately, success comes down to something quite simple. Cybersecurity is all about making cybercriminals work harder than they are prepared to.
Working with experts such as Adura, with proven approaches and methodologies like our Cyber Essentials framework, can get you there faster. That’s important, because the sooner you can make it too time consuming and expensive it becomes for cybercriminals to break into your systems, the sooner they’ll give up and move on to a softer target.
By: Anwar McEntee
Senior Business Development Manager, Adura Cyber Security
Based in Asia since 2001, Anwar combines a strong understanding of the region with extensive experience in the industry to deliver tailored cyber security insights for organisations in Asia.