Target Cyber Criminals to Stop Cyber Crime

Focus on the people, then the technology

Cyber criminals, threat actors, hackers--they know cyber crime pays. Your data and technology, stored in networks and the cloud, are vulnerable. And although the tactics, targets, and technology of attacks are all important, your most powerful defense against cyber crime is to understand threat actors.

To effectively prevent and respond to cyber crime, you need to establish the motivations (what they want) and methodology (how they work) of threat actors. Here are two ways advanced cyber attacks work:

Targeted – Malware, such as spear phishing, is used to reach a specific machine, individual, network, or organization. The malware tends to be signature-less, or otherwise evades antivirus and other traditional cyber security efforts using the criminal's knowledge of the target.

Persistent – Advanced cyber attacks are initiated via a series of email, file, web, or network actions. These individual actions might remain undetected by antivirus or other traditional defenses, or be ignored as harmless or a low priority. However, the malware becomes entrenched and pervasive, and culminates in a devastating attack.

Malware that uses both of these methodologies simultaneously represents an advanced persistent threat, or APT. And any organization in any industry can be a target.

Focus on the people,  then the technology

What Cyber Criminals Want

You can defend yourself more effectively and efficiently when you learn what cyber criminals want, because you'll understand your high-value vulnerabilities and your significance as a target.

Economic Espionage

Economic cyber espionage uses APTs to acquire intellectual property and sensitive information. Ultimately, the threat actor seeks an long-term economic advantage, either for themselves, or on behalf of their employer. The primary sponsors of cyber espionage include nation-states and businesses competitors. No company is safe, and fact, many network breaches often begin with attacks on secondary targets  such as vendors in the primary target's supply chain.

Organized Crime

Organized cyber crime uses APTs to realize short-term, rapid financial gain through activities such as credit card theft. Their cyber attacks are designed to evade traditional cyber security measures and remain on a victim’s network for a long period of time. While no business is safe, targets tend to be companies that provide retail and financial services, including banks and credit card processors.

Nuisance Threats and Hacktivism

Nuisance threats and hacktivist cyber attacks attempt to interfere with daily business operations, defame web properties, and make political statements. While embarrassing, they are typically neither targeted nor persistent. While attackers can be individuals, most are groups such as Anonymous and LulzSec who use botnets or spam to target both organizations and individuals.