Book Image

The Cybersecurity Playbook for Modern Enterprises

By : Jeremy Wittkop
Book Image

The Cybersecurity Playbook for Modern Enterprises

By: Jeremy Wittkop

Overview of this book

Security is everyone's responsibility and for any organization, the focus should be to educate their employees about the different types of security attacks and how to ensure that security is not compromised. This cybersecurity book starts by defining the modern security and regulatory landscape, helping you understand the challenges related to human behavior and how attacks take place. You'll then see how to build effective cybersecurity awareness and modern information security programs. Once you've learned about the challenges in securing a modern enterprise, the book will take you through solutions or alternative approaches to overcome those issues and explain the importance of technologies such as cloud access security brokers, identity and access management solutions, and endpoint security platforms. As you advance, you'll discover how automation plays an important role in solving some key challenges and controlling long-term costs while building a maturing program. Toward the end, you'll also find tips and tricks to keep yourself and your loved ones safe from an increasingly dangerous digital world. By the end of this book, you'll have gained a holistic understanding of cybersecurity and how it evolves to meet the challenges of today and tomorrow.
Table of Contents (15 chapters)
Section 1 – Modern Security Challenges
Section 2 – Building an Effective Program
Section 3 – Solutions to Common Problems

Why cybercrime is here to stay – a profitable business model

In the year 2017, if cybercrime was a country, it would have the 13th highest GDP in the world, between South Korea and Australia. In 2021, according to a recent Cybercrime Magazine article, "If it were measured as a country, then cybercrime — which is predicted to inflict damages totaling $6 trillion USD globally in 2021 — would be the world's third-largest economy after the U.S. and China." (Morgan, Cybercrime to Cost the World $10.5 Trillion Annually by 2025, 2020). The same article predicts that the number will grow to $10.5 trillion by 2025. Part of the reason for this growth is that cybercrime is an attractive proposition for attackers.

Cybercrime is a very profitable business with few risks. Think of a bank robber. Prior to the invention of the internet, if someone wanted to rob a bank, they would need to be in the same physical location as the bank and plan to physically enter the bank and demand money and get away from the bank with the money without being apprehended by the authorities. If someone were to undertake such a robbery and were not successful, there is a significant likelihood that they would be arrested, wounded, or killed. Cybercriminals can attempt to rob thousands of banks around the globe with little fear of repercussions. If their attack is unsuccessful, they can simply move on and target another bank. Compare the risks and effort involved with the example case given as follows:

Example Case: The GozNym Gang and the $100 Million Heist

In 2016, the GozNym gang, using a piece of malicious software known as a banking trojan by the same name, stole $100 million from individual bank accounts, mostly in the United States and Europe. The GozNym banking trojan was a piece of malicious software the gang could install that would wait for a user to log onto a bank account, and then transmit their credentials to a GozNym server. Once they had the credentials, "certain members of the GozNym crew then used the stolen credentials to access the victim's bank account, to steal money from it, and launder the funds via US and foreign bank accounts controlled by the gang." (Vijayan, 2019)

This case was one of the few where the criminals were pursued across borders, and most were brought to justice. The numbers in this case are staggering. As a criminal endeavor, what other means outside of cybercrime could a criminal gang use to steal $100 million per year? Cybercrime is profitable and has a relatively low risk because a clever piece of software can victimize thousands of people with little effort on the part of the attacker. Adding to the allure for cybercriminals, in all but the largest cases, is that it is difficult to get the international cooperation necessary to identify the members of a criminal enterprise, find those people, and extradite them to another country for prosecution. In many cases, it is an open secret that criminal gangs are operating, and there is little political will to stop them. It is worth noting that this criminal gang chose to use traditional currency and bank accounts, which made them much easier to track. Criminal gangs using ransomware and cryptocurrency for payment are far less traceable. While their exploits are generally less lucrative, their risk of being caught is also far lower.

The Romanian city of Râmnicu Vâlcea is a well-known hotspot for cybercriminals. In this city, the cybercriminals are very wealthy and are unafraid to flaunt their wealth, since there is very little fear that they will be arrested and brought to justice. Cybercrime and the internet, along with anonymous cryptocurrencies and few global authorities with the power to pursue international criminals across jurisdictions, create the perfect conditions for the growth of cybercrime. While steps could be taken to curb the rise of cybercrime, in the current environment, it is incumbent on people and organizations to protect themselves.

Most people do not realize cybercriminals benefit from an entire underground economy hosted on the dark web. The dark web is not a place but is essentially a secretive network. Think of it as the dark side of the internet. Just like the regular internet, the dark web is a collection of websites. Unlike the internet, these websites are not indexed by most search engines and require a special browser known as The Onion Router (TOR). The TOR browser is designed to make internet traffic anonymous, which is a key element for criminals in cyberspace to remain hidden. Most destinations on the dark web are not accessible to anyone who is browsing like they are on the traditional internet. The dark web is more akin to a collection of forums that have moderators and require invitations to gain access. The best example in the physical world is to think of the dark web as a network of speakeasies. Each has its own password and verifies the identities and intentions of its attendees, but once a person is accepted into a few and becomes a known entity in the underworld, they would have an easier time gaining access to other establishments.

The dark web itself serves two major purposes for cybercriminals. First, it provides access to marketplaces where stolen information can be bought and sold. Criminals may hack into a database such as Yahoo, for example, and steal millions of email addresses and passwords. The attacker may have no use for that information, so they can go to the dark web and offer it for sale. Other criminals can buy the information and use it for different purposes, such as launching a campaign against the list of email addresses to fool the user into clicking on a link or delivering a virus. Alternatively, attackers could use the email address and password combinations in popular sites to see whether the victim reuses their password so they can gain access to high-value sites to steal something of value. This underground economy provides an efficient marketplace where those who have the skills to steal data can profit from their work.

Second, the dark web offers marketplaces for criminals to purchase exploit kits containing phishing lures and malicious software or contract with other criminals for expertise they may not have. For example, if you wanted to deliver a ransomware attack, you could purchase the ransomware itself from one group, complete with documentation, instructions, and even technical support, and purchase a sophisticated phishing lure from another criminal and a list of potential victims from a third. TOR networks and botnets can be used to launch attacks to make their origins more difficult to trace. In fact, all you need to launch a relatively sophisticated and low-risk cyber-attack in the modern world is access to the dark web, a Bitcoin wallet, and a questionable moral compass.

Bitcoin and other cryptocurrencies make cybercrime more profitable and less dangerous. Whether you like or dislike cryptocurrency, there is little debate that its existence and the corresponding rise in the scale and profitability of cybercrime is no coincidence. Bitcoin is the most popular cryptocurrency. Cryptocurrencies operate on a technology known as blockchain. Blockchain is a distributed transaction ledger that allows the anonymous transfer of stored value between parties. For example, if you were to hold someone for ransom and asked them to pay you in United States dollars, somewhere there would be a record of that transaction, and with enough effort, the owner of the account, the kidnapper, would be identified. When ransoms are paid in Bitcoin, it is impossible to trace who the actual recipient of the money is or how they spent the money they received.

These factors lower the barriers to entry for cybercriminals to get into a profitable business. Never in human history has crime had higher rewards with lower risk. In fact, in some places throughout the world, there is a technically skilled population whose best economic prospects are to become criminals.

There is also a significant imbalance between the proceeds of cybercrime and the cost of cybercrime, which means the attackers are more motivated than the defenders. For every dollar cybercrime costs an economy, it generates $3 for the attacker. It stands to reason those attacks would continue to proliferate until balance is reached. If I could purchase something from you for $1 and sell it for $3, I would make as many purchases from you as I could. The equation for cybercrime is similar. While these macro-economic forces are unlikely to change in the short term, there are measures we can take to increase the costs and risks of cybercrime to make these attacks less appealing to criminals. Currently, it is far too easy for attackers to infect systems. People and organizations fail to follow simple best practices that make it significantly more difficult for attackers to be successful. Those best practices are explained in detail in Chapter 4, Protecting People, Information, and Systems with Timeless Best Practices.

Many people ask why cybercrime is growing and attacks are increasing in terms of scale, complexity, and frequency. The simple answer is that cybercrime is good business. If a person does not take moral issue with cybercrime, the economic opportunity is attractive, and the risk is lower than other criminal opportunities. In fact, economically speaking, cybercrime is the most lucrative profession available to many people around the world. However, there is another side to the equation. While criminals can benefit from crime, the damage to individual victims and economies is serious.