Cyber Risk Part 1: The Explosion of Cyber Crime
Risk comes in many forms. Likewise, cyber risk or risk emanating from the cyber domain, has gone from ‘Zero’ on the Richter scale to one of the major threats faced by businesses and individuals alike. As cyber ubiquity has become a reality, so has #cybersecurity risk.
As we discussed in the last blog, there are four major categories of cyber risk:
- direct criminal cyber attacks designed to steal money and/or information
- regulations promulgated for minimum cyber defense capabilities
- legal liabilities
- competitiveness in the marketplace.
I would like to take these risks in turn and devote one or more blogs to each in my Risk Management Radar series...
So, to establish context, let’s first answer the question ‘why are cyber attacks and #cybercrime growing so rapidly?’ The answer involves three elements; good tools, safe operating environments or sure getaway capability, and profit or financial payments.
The Tools of Cyber Criminals:
The tools of cybercriminals are referred to as viruses, worms, botnets, exploits, and payloads. For you "history buffs" in the audience... the first generally recognized computer virus was called "Creeper" and appeared in 1971. See the sidebar at right for a list of the first three...
When software was infected with a virus, it stopped working or did not work correctly. The vandals are still around but they are hunting bigger game – they are out to do major damage, and they are much better at destroying software then they used to be. But everyone knows about computer viruses, but that is where the knowledge of the general public stops. The problem is they think anti-virus software fixes everything. The truth is that although anti-virus is still important, it is a small fraction of what is needed to be safe on the internet.
Worms and Bots, and Payloads... Oh My !
Most people don’t think a moment about worms in their computers – most don’t know what it is. A worm is a software program that spreads itself through replication – fast replication. It can circle the globe in about 10 minutes. Worms first made the scene in 1988 and have been around ever since. The purpose of a worm is to carry and deliver a ‘payload’- another software package written for specific purposes like delivering ransomware software or any other of hundreds or thousands of evil purposes.
Twenty years later the botnet was introduced. I tell my clients that this is when the ghost of Henry Ford joined the cyber gang. Officially, a botnet is a large number of private computers and servers that are networked together for beneficial use. However, there are many malicious botnets of computers networked together and controlled by the bad guys without the owners knowledge. These malicious botnets automate cyber-attacks.
The number of payloads or malicious programs has exploded with millions of #hackers in just about every country on earth developing hacking payloads. These payloads usually use well known and publicly available exploits designed to allow access to networks. The tools of the trade have become very strong and they are available to everyone who wants them.
In 1990 the Dark Web was invented. It was first used for government purposes but was soon discovered by the criminal element who saw the value of having a place to launch their cyber-attacks – a place where there were no laws and where no law enforcement organization could come after them. Much like the old ‘hole-in-the-wall’ used by bandits. A safe place for bad people. So, the second need was satisfied with a safe operating environment.
Bitcoin came along in 2009. With #cryptocurrency now a #hacker has a way of transferring money in a totally untraceable way. Prior to cryptocurrency cashing in on cybercrime was a dicey business – the riskiest part for the cybercriminal. Bitcoin fixed that. Now it is very easy to get paid from anywhere in the world. The third component went into place in 2009.
The complete cyber criminal ecosystem has now been operating for a decade this year. It is paying very well and is #cybercrime is growing exponentially. Exploding. No organization big or small is safe and no individual is either.
It is time for everyone to #CyberUpAmerica. We all need to access the benefits of the cyber domain but to do so we all need to learn how to #CyberDeny the bad guys.