From the outside looking in, it may appear that the press regularly reports stories when a company's website, database or intellectual property has been hacked, stolen or compromised. The more eye-opening fact of the matter is that the scale and scope of the cybercrime problem is much, much larger and the actual incidences of these types of threats and attacks are far underreported.
Take a look at these two quotes from IDC's recent report "Worldwide and U.S. Security Services Threat Intelligence 2011-2014 Forecast – Christian Christiansen, Chris Liebert & Charles Kolodgy":
"Ten years ago, government, financial services, and very large enterprises were the target of cybercriminal activity, but over the past five years, attacks have enlarged their scope to even commercial SMBs..."
"...many companies are more concerned with public relations issues from data breaches, not with the mitigation of risk. This short-sighted and erroneous perception that compliance equals security delights attackers."
The findings above highlight that within the past five years, attacks have expanded and targeted a much larger and diverse population of potential victims. Perhaps of more concern is a recent statistic I came across where the Russian Security firm Group-IB reported that the global cybercrime market was estimated to have generated $12.5 Billion in revenues for 2011. This is a strong indicator that there are a huge number of victims and significant dollars at stake!
We at Malwarebytes have always considered ourselves to be a key component of a "Defense in Depth" strategy both for businesses and personal security. As more businesses and consumers alike are seeing Advanced Persistent Threats (APTs), targeted threats and zero-day malware threats making their way onto systems they previously assumed were secure, we have purposefully built both our protection and remediation technologies to adapt right into the majority of existing defenses that may already include antivirus, firewall, anti-spam, SIEM and other security technologies.
Today, it does not matter the size or type of your business, institution or organization. They are all an attractive target to today's sophisticated digital criminals. Intellectual property, financial information, personal data and proprietary technologies are all valuable targets and subject to digital theft.
What can you do?
As a concerned business or individual, you can help make a difference by reporting cybercrimes. Law enforcement is then able to create and act upon a more detailed and comprehensive picture of how criminal organizations are structured and victims are targeted.
- The United States Department of Justice (DOJ) has put together a very useful online reference on how to report a cybercrime.
- For sensitive situations or crimes that require the ability to anonymously submit, complaints can be sent to the IC3 which is a partnership between the FBI and the National White Collar Crime Center and Bureau of Justice.
- The FBI Cyber Division also has online resources about cybercrime.
- The United States Department of Homeland Security (DHS) is also an important resource.
Questions or comments are welcome; I would especially like to hear from our friends and colleagues in Europe, Asia and Latin America.