A Look Into Cybersecurity Part 2: What Cybercriminals Do – And What To Do About It

In part 1 of this blog, we covered the common approaches and attack vectors that malicious actors will use to get to your company's information.  Today, we'll move on to covering how they can use that information – and how to prepare.

The Purpose of Cybercrime

It's good to know the strategies that cyber crime uses to access your business's information and internal systems – but how exactly would they plan to use them?

Understanding the use that your information could have is a significant step forward in understanding why you need to protect yourself from attacks.  At heart, most hackers are motivated capitalists, interested in extracting value from your compromised information.

The simplest way to flip compromised information is to think about that information like a market.  Compromised a payment processing system?  Sell the credit card information on.  Picked up thousands of social security numbers from a company with poor HR security?  Pass them on to indentity thieves for a price.

Hackers will analyze the data they have accrued and bundle them according to information types (names, phone numbers, social security numbers) before selling them, or may sell them in bulk once the data has been normalized. 

Another approach is to approach the party most likely to want the information – the original party.  If significant portions of corporate records are exposed or compromised, a common strategy is to encrypt them, and then sell access to it back to the business.  This approach – colloquially called ransomware – has become one of the primary strategies for cybercriminals, who know that many businesses depend on access to their information just to keep daily operations running.  Hospitals, government agencies and banks in particular tend to become targeted by these kinds of attacks.

A particularly sneaky strategy appearing recently involves exploiting cloud functions and using them as processing power for cryptomining. [3]  If that sounds confusing, just think of your existing infrastructure as being hosted online (through AWS, Azure, Google Cloud or something similar).   Creating cryptocurrency (like Bitcoin) requires doing a large number of mathematical operations and thus a lot of processing power.  Instead of running the risk of immediate discovery, hackers may prefer to use compromising your account to run a huge amount of calculations on your dime.

The Culture of Cybersecurity

Unless you are willing to commit to ripping cables out of the walls, unplugging modems, and following employees around 24/7, you can't build the Fort Knox of information systems. 

What you can do is invest into a 'culture of cybersecurity.'  What this means is making it not only a key part of your IT strategy, but of your business strategy in general – define who has final responsibility over cybersecurity matters and make it clear that you are viewing the endeavor as a central investment into your business' ROI.  Invest in expertise beyond yourself – whether that's an experienced IT Manager, reputable cybersecurity audits or external expertise.

'Attack vectors' isn't just an example of technobabble that would have fit in Star Trek, but a real roadmap for you to base your cybersecurity strategy around.  An attacker's toolkit is always evolving but the vast majority of their arsenal is not going to be based around reinventing the wheel.

CompTIA, a non-profit trade association active in the IT space, provides a few suggestions on how to minimize your chances of suffering a cyberattack by instilling a culture of cybersecurity at the highest level.  

Be aware of what information you ingest, process and store which would be valuable to compromise.  Provide a strategy of accountability at the highest level so that IT security initiatives take hold throughout the company within an integrated strategy for preventative and reactive procedures. 

Take that accountability and train your employees frequently.  Act as if compromised data is not a matter of if, but of when – and develop contingency plans based on those scenarios.  Test your contingencies, assuming the possibility of both external malicious actors as well as internal (malicious or unwitting), and run through your action plan at a senior level.

Cybersecurity preparedness may feel gratuitous, but with the increasing frequency and sophistication of attacks, a clear strategy and roadmap is key.  Putting a serious, conscientious effort into your strategy will prepare you for a wide range of situations which will protect your business and your customers.  You don't necessarily have to be the best (though it wouldn't hurt), you just have to make yourself not worth the trouble.

 

Blog Categories:

Add new comment