Page 48 - Cyber Warnings
P. 48
Among other things, it can be used as a remote phishing or gambling server, or as part of a
botnet engaged in clickbait fraud or spewing out spam messages.
Cybercrime as a profession
When considering information security, legitimate enterprises can no longer afford to ignore the
emerging cybercrime business model. It is now far more sophisticated and leads to a number of
the following kinds of nightmarish scenarios:
1. An engineer calling the tech support hotline to ask about customizing some off-the-shelf
software his organization has just bought. That off-the-shelf software? A ransomware kit.
2. A call center employee logging into her call management database, opening her script
and picking up the phone to make the first call of the day. She and her colleagues are
posing as bank employees to trick consumers out of their financial information.
3. The manager of a manufacturing plant sitting down with a client to review the blueprints
of a new part. The manager suspects that the blueprints are stolen, but doesn’t care. His
plant produces legitimate and counterfeit products side by side.
4. A hacker monitoring an online marketplace, waiting for the stolen account information
from a breached bank to upload. This is a cybersecurity engineer who is tracking how
this underground marketplace is disseminating stolen data.
Cybercrime as a profession has vastly increased its efficiency, scale, and scope. As a result, its
impact on legitimate enterprises and economies has risen as well. This creates a compliance
challenge for industries, executives, IT departments, operations departments, auditors and
regulators.
While it is easy to focus on compliance with regulations and standards, it’s difficult for regulators
themselves to keep pace with the rapidly evolving cyber security landscape. As a result, even
perfect compliance is typically insufficient for true security.
Executives and management must read beyond the compliance report and develop defenses
against the latest threats.
Beyond compliance to comprehensive security
It’s time to use awareness of the organization as a tool to think and act beyond simple
regulatory compliance.
48 Cyber Warnings E-Magazine – September 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
