Got a question? Call 1800 853 276   |   

Cybercrime: Defending your enterprise

Cybercrime

Cybercrime costs the global economy an estimated $445 billion per year, according to a 2014 report by the security firm McAfee Labs.1 As the 21st century advances, rapid technological evolution continues to establish an interconnected world of online enterprise and personal activity, increasing the threat to our global economy and security. Cybercrime, defined as criminal activity that is committed or facilitated via the Internet, continues to grow along with the number of global Internet users.2, 3, 4 The increased convenience and interconnectivity of the Internet that is encouraging entire enterprises to move their business, data and financial resources to the digital domain is multiplying cybercrime opportunities, while decreasing the risk of exposure for criminals. The movement of money onto the digital domain attracts enterprising criminals, resulting in greater criminal activity worldwide.5 Criminals leverage sophisticated tools to target and attack millions of people and enterprises online. Ineffective coordination of Internet protection, minimal incident data sharing and incompatible international laws and regulations further embolden nefarious actors in the digital space. However, applicable security measures to protect enterprise assets are being created, with the help of analyses of current attacks and emerging target vectors.

A Survey of Attacks

Comprehension of the cybercrime threat requires a cursory analysis of its effects on today’s industry. Since 2010, online criminal activity continues to explode. Juniper Research estimates the cost of cybercrime will climb to an estimated US $2.1 trillion by 2019,6 far exceeding the revenue generated by more traditional criminal activity, such as the drug trade (estimated at US $600 billion).7 Certain high-profile hacking incidents involve targeting of personally identifiable information (PII). Collectively, cyber attackers stole approximately 100 million records, including names, Social Security numbers, financial information and dates of birth, during attacks on UCLA Health, Premera Blue Cross Blue Shield and Anthem. Criminals also target retailers and online forums to gain access to PII. Approximately 15 million T-Mobile customers were compromised when a third-party vendor (credit company Experian) was attacked in September 2015. Experian lost credit check-related information of T-Mobile customers, including passport information. 37 million PII records that were stolen during the Ashley Madison website breach resulted in a dump of PII on public-facing websites for the purpose of humiliation.9, 10 In 2014, the Singapore K Box Entertainment Group had over 300,000 customer records stolen.11 In India, according to a 2015 KPMG report, the number of cyber incidents has risen with a trend toward financial cybercrime. KPMG respondents indicated that 63 percent of their enterprises suffered financial loss due to cybercrime. Cybercriminals also regularly launch attacks against enterprises across Europe where Germany, the second biggest victim of cybercrime, experiences attacks against the financial, energy and pharmaceutical sectors. With no end in sight, Ernst and Young declared cybercrime the greatest global threat to enterprise survival today.

You can download the full report here.

View all of our ISACA courses here.

Feature Articles

Our AIICT brand expands portfolio with ten new courses to help address ICT skills shortage
The Australian Institute of ICT (AIICT) has introduced a new series of industry certified bootcamp programs and nationally-recognised qualifications to meet the surging demand for skilled ICT professionals in Australia.  The bootcamps support the Morrison Government’s recently announced Digital Skills Organisation (DSO) pilot, which recognises the importance of non-accredited training to support the development of skills of the future workforce. The bootcamp programs run for six months and comprise of several vendor-specific certifications. The courses include ‘Cloud Computing Certified Professional’, ‘Certified Microsoft Full Stack Developer’, ‘Certified Artificial Intelligence Professional’, ‘Growth Marketing Professional’ and ‘Certified Project Management Professional’. The decision to introduce the bootcamps follows the VET sector’s increasing move away from nationally recognised qualifications to vendor-specific, industry-certified training. According to the National Centre for Vocational Education Research, preference for accredited training courses has declined steadily in recent years, with employers increasingly less satisfied that these courses provide their employees with the most relevant and important skills for their business. This has led many organisations to preference non-accredited training provided by private technology vendors such as Microsoft and AWS.
Read more...