Cybercrime and security overview: terms, trends, statistics, and takeaways

Posted:
04/20/2019
| By:
Brian Downey

For businesses, cybercrime falls into two major areas. The first comes in the form of attacks against computer hardware and software from threats such as viruses, malware, botnets, and network intrusion. The second is financial, and can include fraud, theft of financial information, and phishing.

It is estimated that cybercrime costs businesses more than $12.7 million annually in the United States alone.

Register for IT Nation Certify cybersecurity training!  Sign up >>

Key terms and definitions

Anti-malware—Software that prevents, detects and eliminates malicious programs on computing devices.

Antivirus—Software that prevents, detects and eliminates computer viruses.

Backdoor Trojan—A virus that enables remote control of an infected device, allowing virtually any command to be enacted by the attacker. Backdoor Trojans are often used to create botnets for criminal purposes.

Botnets—A group of Internet-connected devices configured to forward transmissions (such as spam or viruses) to other devices, despite their owners being unaware of it.

Cybercrime—Also known at computer crime or netcrime, cybercrime is loosely defined as any criminal activity that involves a computer and a network, whether in the commissioning of the crime or the target.

DoS—An attempt to interrupt or suspend host services of an Internet-connected machine causing network resources, servers, or websites to be unavailable or unable to function.

DDoS—Distributed denial of service attack. A DoS attack that occurs from multiple sources.

Malware—An overarching term describing hostile and/or intrusive software including (but not limited to) viruses, worms, Trojans, ransomware, spyware, adware, scareware, and other more, taking the form of executables, scripts, and active content.

Phishing—An attempt to acquire sensitive information like usernames, passwords, and credit card details for malicious purposes by masquerading as a trustworthy entity in a digital environment.

Rootkit—Trojans that conceal objects or activities in a device’s system, primarily to prevent other malicious programs from being detected and removed

Social engineering—Non-technical malicious activity that exploits human interaction to subvert technical security policy, procedures, and programs, in order to gain access to secure devices and networks.

Trojan—Malicious, non-replicating programs that hide on a device as benign files and perform unauthorized actions on a device, such as deleting, blocking, modifying, or copying data, hindering performance, and more.

Zero-day vulnerability—a security gap in software that is unknown to its creators, which is hurriedly exploited before the software creator or vendor patches it.

Origins of cybercrime

It may be hard to believe, but the term “hack” was not originally associated with cybercrime, or computers at all. In the 1960s, students who were model train enthusiasts at MIT coined the term to describe the act of modifying a product or procedure to alter its normal function, or to fix a problem. Simply put, hacking is the process of changing certain functions without re-engineering the entire device. A hacker is someone who finds a clever way to fix a problem with a product or seeks an easy way to improve its function.

However, hacking became intermingled with malicious intent in the 1970s with a phenomenon known as phreaking, where tech-savvy people sought to subvert early computerized phone systems. These “phreakers” discovered the correct codes and tones that would result in free long distance service. They impersonated operators, dug through Bell Telephone company garbage to find secret information, and performed countless experiments on early telephone hardware in order to learn how to exploit the system. Law enforcement had difficulty with this sort of criminal activity, due in part to lack of legislation to aid in criminal prosecution, and a shortage of investigators skilled in the technology that was being hacked. These incidents made clear that computer systems were open to criminal activity, and as the technology became more sophisticated, so did the crime.

By the mid-1980s, cybercrime was an established channel to control and destroy computer systems, acquire information, and steal millions in cash. Action was needed, and in 1986 the first cybercrime legislation was passed—the Federal Computer Fraud and Abuse Act—making harmful computer activity a felony crime punishable by jail time and fines.

Since those days, cybercrime has evolved and grown. Criminals range from single-minded hackers to complex networks of agents working in unison to state-sponsored attacks across nations. Threats are ever present as the world becomes more and more interconnected and with more connected devices every year, coupled with the emerging sector of the Internet of Things, the opportunities for cybercrime persist for the inventive and daring hacker.

The state of cybercrime today

In a recent US State of Cybercrime Survey, three out of four respondents detected a security event during the past 12 months, yet at the same time many organizations report that they are suffering from technology debt, estimated to exceed one trillion dollars. This means that companies are effectively spending IT budgets on emerging business technologies while allowing IT infrastructure to age into obsolescence until they cannot provide effective security functions.

Common security deficiencies have been found in organizations most susceptible cybercrime:

  • Reactive or unplanned cybersecurity spending
  • No assessments of the security capabilities of their third-party providers
  • Lack of understanding and/or assessment of supply-chain risks
  • Inadequate or nonexistent mobile device management and security
  • Insider threats and risk not adequately addressed
  • Lack of thorough employee security and awareness training

Despite these challenges, cybercrime is increasing at a geometric rate. There’s roughly 900 phishing attempts detected per financial institution, and more than 9,000 attempts detected per technology company on average. Phishing sites are mimicking all the major technology players as well. Google, Apple, Facebook, and Yahoo, are all phishing targets, as well as Dropbox, where insidious phishing sites could actually dupe users into uploading their files to cybercriminals.

On average, 85,000 malicious IPs are launched every day, bringing the average reputation score of all URLs worldwide to 65 percent. It is a worldwide endeavor, with large concentrations in the United States, Russia, and throughout Asia. The result is that in one year, users have a 30% chance of falling for a zero-day phishing attack.

Cybercrime is not restricted to the desktop alone; Mobile devices have proliferated in recent years, and with them viruses, malware, and phishing scams. Because of its open marketplace, the Android platform is home to a variety of malware in particular. In a recent survey, 72% of all apps for the OS were regarded as suspicious, unwanted, or malicious, with Trojans making up the majority of threats.

External cybercrime is bad enough, but many experts agree that internal attacks pose as great or greater risk to businesses and organizations, due to the sensitive information gained from employment. Insider risk can be mitigated with robust employee awareness and security training; however, the tragic reality is that a vast amount of organizations do not conduct this training at all. Insider cybercrime risk typically has precursors with IT policy violations; awareness and scrutiny of these trends can help prevent crimes that would otherwise go unnoticed until after the fact.

Why does this behavior among organizations persist? Data suggests that many decision makers at organizations do not have a full understanding of the extent or seriousness of threats, do not believe they are at risk, or have become desensitized to the warnings. Over the course of one year, businesses that have fallen victim to cybercrime tend to take security more seriously, and with good reason. Businesses with more than one thousand employees also take cybercrime more seriously and have more processes in place to mitigate risk internally as well as externally.

Impact

Attacks on American businesses and organizations increased by 176 percent in 2014—that’s 138 successful attacks each week. These attacks are also taking more time to resolve as well, with the worldwide average to detect an attack at 170 days, the longest average time at 259 days and the average time to resolve an incident at 45 days. Virtually every US industry deals with the impact of cybercrime, with the highest annual costs in the energy & utilities and defense industries.

Cybercrime threatens the critical infrastructure of businesses and government around the globe, and can harm civilians in myriad ways. It is estimated hundreds of billions of dollars have been lost from the global economy due to cybercrime, and unfortunately there is no sign of it slowing down.

Cybercrime impact can take many forms, including:

  • Direct financial loss
  • Damage to company and brand reputation
  • Loss of sensitive data and intellectual property
  • Mitigation and recovery costs
  • Regulatory penalties
  • Customer compensation
  • SLA breaches
  • Job loss
How can cybercrime be prevented?

MSPs face a unique challenge in combating cybercrime; not only must they ensure their clients’ endpoints are secure, they must also safeguard their own servers, systems, and devices as well. Therefore, they must have fast, effective and easily deployable antivirus and anti-malware tools in place that will optimize efficiency and keep their users safe at the same time.

Further, MSPs need to be sure that the proper backup and disaster recovery systems are in place on servers and on user endpoints should the unthinkable happen as a result of a cybercrime attack. Downtime can decimate a business and damage the reputation as well as the clientele of an MSP, so systems need to be prepared, secure, and easily restorable in the event that a user clicks on a phishing link and unleashes malicious code.

MSPs today are not only limited to securing SMB computers—the explosion of devices, from smartphones to tablets, have created an increasing demand for mobile device management (MDM) to ensure password policies are enforced, anti-malware tools are up to date, and attacked and viruses are thwarted. SMBs are increasingly looking to the MSP to be at the forefront of combating cybercrime so they can focus on moving their business forward.