Cybercrime: Defending your enterprise
Cybercrime costs the global economy an estimated $445 billion per year, according to a 2014 report by the security firm McAfee Labs.1 As the 21st century advances, rapid technological evolution continues to establish an interconnected world of online enterprise and personal activity, increasing the threat to our global economy and security. Cybercrime, defined as criminal activity that is committed or facilitated via the Internet, continues to grow along with the number of global Internet users.2, 3, 4 The increased convenience and interconnectivity of the Internet that is encouraging entire enterprises to move their business, data and financial resources to the digital domain is multiplying cybercrime opportunities, while decreasing the risk of exposure for criminals. The movement of money onto the digital domain attracts enterprising criminals, resulting in greater criminal activity worldwide.5 Criminals leverage sophisticated tools to target and attack millions of people and enterprises online. Ineffective coordination of Internet protection, minimal incident data sharing and incompatible international laws and regulations further embolden nefarious actors in the digital space. However, applicable security measures to protect enterprise assets are being created, with the help of analyses of current attacks and emerging target vectors.
A Survey of Attacks
Comprehension of the cybercrime threat requires a cursory analysis of its effects on today’s industry. Since 2010, online criminal activity continues to explode. Juniper Research estimates the cost of cybercrime will climb to an estimated US $2.1 trillion by 2019,6 far exceeding the revenue generated by more traditional criminal activity, such as the drug trade (estimated at US $600 billion).7 Certain high-profile hacking incidents involve targeting of personally identifiable information (PII). Collectively, cyber attackers stole approximately 100 million records, including names, Social Security numbers, financial information and dates of birth, during attacks on UCLA Health, Premera Blue Cross Blue Shield and Anthem. Criminals also target retailers and online forums to gain access to PII. Approximately 15 million T-Mobile customers were compromised when a third-party vendor (credit company Experian) was attacked in September 2015. Experian lost credit check-related information of T-Mobile customers, including passport information. 37 million PII records that were stolen during the Ashley Madison website breach resulted in a dump of PII on public-facing websites for the purpose of humiliation.9, 10 In 2014, the Singapore K Box Entertainment Group had over 300,000 customer records stolen.11 In India, according to a 2015 KPMG report, the number of cyber incidents has risen with a trend toward financial cybercrime. KPMG respondents indicated that 63 percent of their enterprises suffered financial loss due to cybercrime. Cybercriminals also regularly launch attacks against enterprises across Europe where Germany, the second biggest victim of cybercrime, experiences attacks against the financial, energy and pharmaceutical sectors. With no end in sight, Ernst and Young declared cybercrime the greatest global threat to enterprise survival today.
You can download the full report here.
View all of our ISACA courses here.