Despite investing billions of dollars in state-of-the-art cyber defense, including technology, processes and frameworks, hacks still happen and organizations continue to stay a step behind cybercriminals.
Cybercriminals are getting bigger, better and bolder. According to 2019 ‘Mind of a Hacker Report’, 71% of cybercriminals say they can breach the perimeter of a target within 10 hours. The Cosmos Bank hack is a case in point – 22 countries, 15,000 transactions, Rs. 94 crores lost in a matter of few hours.
We are in the age of information warfare and heightened cybercrime, which is both organized and aimed at bigger financial gains. According to ‘Into the Web of Profit’ study undertaken by Dr. Michael McGuire, Senior Lecturer in Criminology, University of Surrey, new criminality platforms and a booming cybercrime economy have resulted in $1.5 trillion (equivalent to the GDP of Russia) in illicit profits being acquired, laundered, spent and reinvested by cybercriminals.
Not only are the profits high, but also the risks are low. One look at the conviction rates and it’s understandable. As per the National Crimes Records Bureau of India, in 2015 while 8045 cybercrimes were reported and 5,102 people arrested, only 250 were convicted. Though this data is a little old, not much has changed over the years as none of the big and high profile breaches have seen any convictions so far.
To give you an idea of the current scenario consider this report published in The Economic Times in January 2019, which states that only one person has been convicted in a cybercrime case in Bangalore thus far. This is a phenomenon applicable globally.
As research exposes a cybercrime-based economy and the professionalization of cybercrime, the web of profit speaks for itself. High profits and low risks make for perfect business sense.
With this fundamental shift in the nature of cybercrime, how many CISOs are really equipped to handle the new age cybercriminal who is in it for huge stakes and not for some fun intellectual high of breaking into secure systems? How many CISOs are prepared for an adversary backed by a huge team, investments, research and strategy?
Referring back to the Cosmos Bank case – if you are an MNC working in 22 countries, how many times can you get a few 100 people to do the same thing in a matter of few hours?
It’s time for the CISOs to get into the mind space of their adversary (cybercriminal) to understand what really goes in there and what how the hacker manages to break into their carefully planned and strategized defenses.
Who can answer this better than a hacker? DynamicCISO in it’s upcoming blogs series will get two of India’s leading white hat hackers to share why CISOs fail in creating a credible defense against the creative and technologically superior hacker brains and what they need to do fight the new age cybercriminal.
(Image Courtesy: www.cryptoinsider.com)