Understanding and Managing Cybercrime
Digital technology continues to transform the world of business, exposing organizations to both opportunities and threats. Cybercrime, a threat growing since the early 2000s, continues to escalate ranking as a significant reported economic crime. Take a look at the types of cybercrime and the methods by which they’re committed so you can learn how to better protect your business.
What Is Cybercrime?
Cybercrime, also referred to as computer crime, is criminal activity that involves the Internet, a computer system, or computer technology. Examples include identity theft, phishing, ransomware, and other kinds of cybercrime.
This report discusses the various types of cybercrime and the methods by which they are perpetrated. An understanding of the cybercrime problem is a prerequisite for any discussion of computer security. The Federal Bureau of Investigation (FBI) is the lead federal agency for investigating cyber-attacks by criminals, overseas adversaries, and terrorists. The threat is incredibly serious—and growing.
Cyber intrusions are becoming more commonplace, more dangerous, and more sophisticated. The critical infrastructure, including both private and public sector networks, are targeted by adversaries. American companies are targeted for trade secrets and other sensitive corporate data, and universities for their cutting-edge research and development. The FBI is addressing the pervasive and evolving cyber threat. This means enhancing the Cyber Division’s investigative capacity to sharpen its focus on intrusions into government and private computer networks.
The FBI’s Internet Crime Complaint Center (IC3) provides the public with a trustworthy and convenient reporting mechanism to submit information concerning suspected Internet-facilitated criminal activity. The IC3 provides a series of definitions for various types of internet crime. The definitions are far reaching and include the definition for corporate data breach:
A corporate data breach is considered a leak/spill of business data which is released from a secure location to an untrusted environment. A data breach within a corporation or business where sensitive, protected, or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so.
The Incidence of Cybercrime
In 2016, financial and espionage were the top two motives combining to account for 93% of data breaches. Data breaches driven by internal parties have remained relatively constant, with an increase of around 12%. The most comprehensive report on cybercrime activity is provided in the Verizon Data Breach Investigation Reports (DBIR). These reports have been around since 2010 and the most recent data show that financial gain and stealing secrets remain primary motives for cybercrime.
There are many types of cybercrime attacks ranging from hacking to ransomware, or even the low-tech act of losing a laptop or having it stolen from an unlocked vehicle. These activities are captured by a variety of services from law enforcement to insurance carriers. The DBIR analyzes thousands of events because many different organizations contribute data using a community database known as Verizon Information Sharing Community Database (VERIS).
Types of Cybercrime
Threats to computers can be classified into the following types:
Insider Threat. The disgruntled insider is a source of cybercrimes. Insiders do not need a great deal of knowledge about computer intrusions because their knowledge of victim systems often allows them to gain unrestricted access to cause damage to the system or to steal system data. According to the DBIR, in 60% of cases, insiders abscond with data in the hope of converting it to cash in the future. Sometimes it is a case of unsanctioned snooping (17%) or taking data to a new employer or to start a rival company (15%).
Hackers. Hackers are a common threat. They sometimes crack into networks simply for the thrill of the challenge or for bragging rights in the hacker community. While remote hacking once required a fair amount of skill or computer knowledge, hackers can now download attack scripts and protocols from the internet and launch them against victim sites.
Distributed Denial of Service Attacks. In these attacks, the hackers plant tools on several unwitting victim systems. Then when the hacker sends the command, the victim systems in turn begin sending messages against a target system. The target system is overwhelmed with the traffic and is unable to function. Users trying to access that system are denied its services.
Data Breach. A data breach is the intentional or unintentional release of secure information to an untrusted environment. Other terms for this phenomenon include unintentional information disclosure, data leakage, and data spilling. A data breach is a security incident in which sensitive, protected, or confidential data is copied, transmitted, viewed, stolen, or used by an individual unauthorized to do so.
Malware Infection. Short for malicious software, a malware infection consists of programming (code, scripts, active content, and other software) designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, gain unauthorized access to system resources, and other abusive behavior.
Cyber Espionage. This threat is a type of cybercrime where attacks are linked to state-affiliated actors with the motive of espionage. A malicious phishing email is usually the way that the attackers can infiltrate the network. They do not try to be noticed but, instead, set up a portal where they can access data for long periods of time without being noticed.
Ransomware. For the attacker, holding files for ransom is fast, low risk, and easily monetizable, especially with Bitcoin to collect anonymous payment. Ransomware is a more recent type of cybercrime, extorting millions of dollars from people and organizations after infecting and encrypting their systems. It has moved from the 22nd most common variety of malware in the 2014 DBIR to the fifth most common in the 2016 data.
Physical Theft. This type of crime still happens though it does not make the headlines that other, more high-profile thefts get in the news. Measures, such as encryption, can stop theft and loss incidents from becoming breaches. However, encryption cannot always help; most confirmed breaches involved the loss of hardcopy documents.
Payment Card Skimmers. While ATMs continue to be the main target for skimming, the number of gas pump terminals used to harvest payment card information more than tripled compared to last year’s Verizon DBIR. Skimming attacks are almost always discovered by third parties.
Point-of-sale Intrusion. Point-of-sale (POS) environments are almost always successful, with nearly 98% of all recorded POS attacks resulting in a confirmed data breach. The focus of attacks has shifted from hotel chains to restaurants and small businesses.
Phishing Schemes. This may be a catch-all category, but that does not mean there are not interesting and important trends. A key emerging tactic is email compromises where “the CEO” orders wire transfers with an urgent and believable back story.
Security breaches and the compromise of sensitive information are a very real concern for organizations worldwide. When such incidents are discovered, response is critical. The damage must be contained quickly, customer data protected, the root causes found, and an accurate record of events produced for authorities. Furthermore, the investigation process must collect this evidence without adversely affecting the integrity of the information assets involved in the crime.
The Secret Service is the only entity within the Department of Homeland Security that has the authority to investigate violations of Title 18, United States Code, Section 1030 (computer fraud). Congress also directed the Secret Service in Public Law 107-56 to establish a nationwide network of Electronic Crimes Task Forces (ECTFs) to “prevent, detect, and investigate various forms of electronic crimes, including potential terrorist attacks against critical infrastructure and financial payment systems.” Members of ECTFs include academic partners, international, federal, state, and local law enforcement partners, and more than 3,100 private sector partners.
In response to the proliferation of highly publicized data breaches, Congress is considering legislation that would create a federal data breach notification requirement and data security standard.
Prevention of Cybercrime
The cyber attacks that have already taken place demonstrate that significant damage can be incurred by attackers and attacks pose serious risks to businesses. No business can anticipate all potential vulnerabilities, and even if one could, it may not be cost-effective to implement every measure available to ensure protection. However, some basic steps can be taken by businesses to improve its position against attackers. These steps include strengthening the following:
- Monitor and mine event logs. By monitoring and extracting certain events from logs, there is a focus on the obvious issues that logs pick up. Reducing the compromise-to-discovery timeframe from weeks and months to days can pay huge dividends.
- Eliminate unnecessary data. If you do not need it, do not keep it. For data that must be kept, identify, monitor, and securely store it.
- Use two-factor authentication. This can limit damage with lost or stolen credentials.
- Secure remote access services. Restrict these services to specific IP addresses and networks, minimizing public access to them. Also, ensure that the business is limiting access to sensitive information within the network.
- Audit user accounts and monitor users with privileged identity. The best approach is to trust users but monitor them through pre-employment screening, limiting user privileges, and using separation of duties. Managers should provide direction, as well as supervise employees to ensure they are following security policies and procedures.
- Educate staff to spot warning signs and essentials of good password protocols. Practice identifying phishing schemes so that everyone knows what an email may look like. Establish open communication for informing IT about suspect emails. Reward employees for reporting suspicious activity, such as potential phishing or pretexting attacks.
- Patch and update software promptly. Strengthen passwords to limit the chance of them being guessed.
- Be aware of physical security assets. Pay close attention to payment card input devices, such as ATMs and gas pumps, for tampering or manipulation.
See Engineering and Safety Services Client Handouts for information that can be shared with business owners to educate them on how to minimize the chance of cybercrime in their operations:
- CH-20-24, Computer Security Tips for Small Business
- CH-20-52, Cyber Incident Preparedness Checklist
- CH-20-32, Cybersecurity Tips for Business
For a more detailed discussion of computer security, see reports under the section “Computer Security” in the Crime Prevention Report series.
Information security is gradually improving. However, the business reality of computer and internet use make the reality of cyber intrusion and possible cybercrime inevitable. Financially-motivated attacks typically rely on computer code that hackers plant on victims' computers, often as attachments or links in emails sent to employees. While these malicious programs are well known to security experts, hackers tweak them frequently enough to render them undetectable to antivirus software.
Cybersecurity is not something that line of business executives are measured on until something goes wrong, but they are the stewards of data that is most coveted by cybercriminals. Ensure everyone is aware of the part they play in keeping the organization secure and invest in security training for all employees.
Head to our loss control and risk management page to learn more ways to protect your business.
1. Federal Bureau of Investigation. Internet Crime Complaint Center. 2016 Internet Crime Report. Washington, DC: FBI, June, 2017. https://pdf.ic3.gov/2016_IC3Report.pdf.
2. Ponemon Institute. 2016 Cost of Cybercrime Study. North Traverse City, MI: Ponemon Institute, 2017. https://www.accenture.com/us-en/insight-cost-of-cybercrime-2017.
3. PwC Global Economic Crime Report. https://www.pwc.com/gx/en/services/advisory/forensics/economic-crime-survey/cybercrime.html.
4. Verizon. 2017 Data Breach Investigations Report. http://www.verizonenterprise.com/verizon-insights-lab/dbir/2017/#report.
5. 2017 Data Breach Digest. Perspective is Reality. Verizon Business, New York, NY: May, 2017. http://www.verizonenterprise.com/verizon-insights-lab/data-breach-digest/2017/.
COPYRIGHT ©2017, ISO Services, Inc.
The information contained in this publication was obtained from sources believed to be reliable. ISO Services, Inc., its companies and employees make no guarantee of results and assume no liability in connection with either the information herein contained or the safety suggestions herein made. Moreover, it cannot be assumed that every acceptable safety procedure is contained herein or that abnormal or unusual circumstances may not warrant or require further or additional procedure.
Related Topics: Protecting Your Business