An effective governance framework for monitoring cyber activities and a process for gathering, analyzing and sharing cyber intelligence are two of the weapons in an organization’s arsenal to counter cybercrime, according to the not-for-profit Information Security Forum. SD Times asked Steve Durbin, ISF’s global executive vice president, about cybercrime, and how enterprises can counter its effects and prevent privacy breaches.
SD Times: What factors are driving cybercrime?
Steve Durbin: Cybercrime at its basic level is really being driven by the criminal fraternity. So we’ve seen organized crime come into that space. And they’ve determined that, by collaborating, they’re able to be much more effective and efficient than they have been in the past.
We also then have cyber-terrorism, which is slightly more worrisome than pure cybercrime. And then, on the other end of the spectrum, we have state-sponsored espionage, which has moved from the guys who were sort of walking the streets to those that are sitting at computers instead and stealing information—particularly when it comes to things like R&D or state secrets.
How are organizations being affected by cybercrime?
From an organization standpoint, what we have seen is a lot of these things moving out of the general environment to become much more pertinent and relevant to individual organizations. So, if we walk through each of those different areas, let’s start with state-sponsored espionage, for instance. If you imagine that you are one of the leading missile or defense manufacturers in the United States, of course, then the sort of information that you have and that you are holding are going to be particularly interesting to certain rogue states that are out there.
Certainly a number of individuals might have information that they’re holding—particularly if they’re CEOs or if they’re senior executives within organizations—that would be interesting for you (if you were a cyber criminal) to get a hold of at the individual, personal level. Because you might want to combine that information with their Facebook page and then build some social engineering profile that will enable you to access their bank accounts or their stock portfolios. You don’t need too many data points to be able to do this kind of thing. But this is actually a known problem. What is really more concerning, I think, is the unknown. It is that combination of these sorts of things that, when applied in a number of different ways, provide you with inputs or opportunities that you probably hadn’t imagined were out there.
How does ‘malspace’ affect individuals and organizations?
ISF’s research goes into quite some detail about the way in which what we call ‘malspace’—which is where the bad guys live—is developing. The fact is, we’re all potentially victims to it because we all exist in a joined-up environment, whether it be at the personal level, organizational level or state level. Nobody actually works in isolation anymore. Our research has looked at the different attack types, the roots of attack, the services and tools that can be used, and really works through, from an information security standpoint, the sorts of things that enterprises can do in order to guard against them.
What are cybercrime’s four major attack types?
We’re seeing much more sophistication in the combination of different attacks that are now being used. So, we’re seeing them fitting into a number of different areas that we would call “reconnaissance” or “disruption” or “extraction” or “manipulation.” Those tend to be the four major attack types that we’re seeing when we talk about cybercrime.
Reconnaissance is really intended to just gain information about a potential victim or victims that you can then use to help plan or implement further attacks. So, if you imagine we’re talking about a high net worth individual, what we’re seeing now is a move from phishing (which is going after the likes of you and I, perhaps) to whaling, which is really targeting the people who have really high net worth. So, to do that initially, there would probably be a reconnaissance type attack which, again, is just about gaining more information about them that can help you then be more focused in terms of how you might want to attack that individual.