2015 will be another tough year in the continuing fight against cybercrime. Today’s Internet threat landscape is highly dynamic, as thousands of malicious actors disseminate hundreds of millions of global threats daily. While some actors are hacktivist organizations and even nation-states, the main threat remains that of well-funded cybercriminal gangs. Their goals are simple: to steal data that can be readily monetized – such as credit card data, or vital intellectual property – and generate a high return on investment (ROI) from their efforts.
They use techniques like phishing emails, waterhole attacks and “malvertising” (compromised web ads) to lure targets into clicking on malicious links. Malware is then silently installed, creating a bridgehead inside the network. With this in place, the criminal gradually increases access privileges without alerting suspicion. Whether the objective is to steal information or commit financial fraud, he has free reign to do what he wants.
Any Organization Can Be a Target
A surprising finding from the Verizon 2014 Data Breach Investigations Report was that the distribution of breaches was consistent regardless of industry and ranging from small and medium-sized businesses to large enterprises. It states, “…we don’t see any industries flying completely under the radar. And that’s the real takeaway here — everyone is vulnerable to some type of event.”
Mobile and BYOD Opens New Doors for Cybercriminals
Mass adoption of mobility, cloud computing and BYOD (bring-your-own-device) policies render the classic network perimeter obsolete. The ubiquitous Web access and high utility of these technologies is driving an explosion in their use, in turn increasing the amount of under-protected devices used outside the firewall. Unfortunately, but not unexpectedly, this trend also triggered a massive increase in Web-borne mobile malware. Now, practically any worker can unwittingly bring malware back inside the company network. This is why it’s vitally important to protect end-user devices of all types—whether company or end-user owned—to stop infection by malware.
Read more in Destroying the ROI of Cybercrime – Part 2