Last month I talked about cybercrime as big business and how crime rings take advantage of point of sale (PoS) technology to collect and sell the data they gather. I’d like to build on that conversation, using a new study from Hewlett Packard Enterprise (HPE) that takes an in-depth look at the underlying economy driving cybercrime.
I had the opportunity to talk to HPE researchers involved with this report, and they told me that cybercriminals operate their business in much the same way that any other small business person does. They seek out people who are skilled in different areas – not just computer programmers, but also, say, those with good financial chops or a talent for marketing. They recruit and vet potential employees. The biggest differences between their business operation and yours are that theirs is involved in illegal activities and it is all done anonymously. That’s right – these folks operate under their online alias so you probably will never know anyone’s true identity. It’s a business model that is based primarily on trust and reputation within the Dark Web.
Why should you care about these cybercriminal business ventures? They are your competitors, according to Kerry Matre, senior manager, Security Portfolio Marketing with HPE. Maybe they aren’t going head-to-head with you in a specific industry, but they are looking at how you use technology and the type of data you collect in the course of everyday business, and they are coming up with ways on how to target attacks against that data.
The more you know about how cybercriminals operate, the better you can develop the right security posture, and that’s one of the things that HPE’s researchers hope you’ll get from this study. As Andrzej Kawalec, Head of HPE Security Research and Chief Technology Officer, HPE Security Services, said in a formal statement:
Organizations that think of cybersecurity as purely another checkbox to mark, often do not leverage the value in high-fidelity cybersecurity intelligence. This report gives us a unique perspective on how our adversaries operate and how we can disrupt them at each step of their criminal value chain.
This is fascinating stuff because I don’t think most of us think of cybercriminals as business persons. I doubt that they’ll show up at your local Chamber of Commerce happy hours – but hey, you never know. Yet, what they are doing in secret is extremely professional. If they are treating crime as a viable business operation, shouldn’t you be thinking about cybersecurity in business terms, too? You are both competing for certain information; after all, you want that credit card information, too, albeit for different reasons. Maybe if we begin thinking of these criminals as competitors, we can come up with a much better security stance.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba