In March, a chart came out comparing the stereotypical computer hacker of 1995 to that of 2015. According to the chart’s characterization, the hacker of 20 years ago was in every sense an amateur: often aÂ kid in a basement seeing how much he or she could get away with. By today’s standards, the 1995 hackers come off as almost benign. Sure, they would play around with the data on your computer and cause you a hassle here and there, but at the end of the day they were not stealing your identity, making off with your credit cardsÂ or trying to take control of the car you’re driving.
Flash forward 20 years and you have an image of the hacker that is entirely different from its predecessor. A cybercriminal is no longer a tech geek being criminallyÂ mischievous to explore what they can do on the Internet. By today’s standards, that kind of criminal looks positively tame. By contrast, the hacker of 2015 represents the ultimate threat: aÂ calculating, well-connected, organized career criminal out for huge profits “” or worse.
Working Toward A Composite Sketch Of Today’s Hacker
As the 1995 vs. 2015 comparison chart tells us, the hacker of today is someone who will “kidnap your data for ransom”,Â “like[s] selling your information to the highest bidder”,Â and is located just about anywhere in the world. Shadowy, elusive and criminally connected, the 2015 cybercriminal is only one cog in a well-oiled machine that seemingly cannot be stopped. But perhaps by working toward understanding who these criminals are, we can be better equipped to defend against them.
The first thing to understand about hacking these days is that it is a lot closer to the drug trade than it is to computer geekdom. The image of the hacker as a lone techÂ wiz kid pounding out malicious code is an outmoded one. Today’s hacker is an organized criminal.
Back in March, The Telegraph ran a story reporting a migratory shift of international criminals away from drugs and into cybercrime. The shift makes sense. After all, drug dealing is an illicit practice that is about as risky and unreliable as it gets. From customs agents intercepting drug shipments to the constant threat of police, the drug trade is one where the threat of capture is always present. This is unfortunately not often the case with cybercrime. Because cybercrime takes place in the virtual realm, it is a lot harder to trace than any other illicit practice. For this reason, it is becoming an increasingly lucrative option for criminals.
A successful criminal is an opportunist. And when it comes to cybercrime, there is nothing but opportunity for lawbreakers looking to make money with a significantly reduced risk of capture. As a result, cybercrime is increasingly becoming a gold mine for organized crime.
According to the Telegraph article, “Up to a quarter of all organized criminals in Britain are now thought to be involved in some form of financial crime, netting them tens of billions …Â in profit every year.”
But even that 25 percent figure may be something of an understatement, since, as the article pointed out, the difficulty of tracing cybercrime makes it hard to realistically represent its pervasiveness. Yet if there’s uncertainty surrounding the exact percentage of organized crime that happens virtually, there is no question about the extent of its impact.
“If you ask a room full of people who has been a victim of some sort of fraud or financial crime, half of them will put their hand up,” said Adrian Leppard, Commissioner of the City of London Police. “You would have difficulty finding any other area of crime with similar statistics.”
Gearing Up For A Fight Against An Unseen Enemy
The reality is that the vast majority of cybercrime goes unreported. For every high-profile hacker who is nabbed by police “” the recent arrest of the so-called ‘Bitcoin Baron’ is one recent example “” there are innumerable others actively evading capture. Back in 1995, the prototypical cybercriminal was not someone with a criminal record. Today, that has completely changed. According to a separate Telegraph article, six out of 10 Internet criminals have a criminal record that extends beyond the virtual realm.
What this statistic points to is the fact that hackers aren’t thinking like tech geeks anymore “” they are thinking like hardened criminals. As a result, it’s not only credit card theft and identity swiping we have to worry about, but also the realistic threat of hacker-spawned violence. Those who follow cybercrime headlines have already gotten a sense of how the virtual can bleed “” quite literally “” into the real world. During the trial of alleged Silk Road founder Ross Ulbricht, for instance, prosecutors revealed a plot by Ulbricht to have five people assassinated. And even as you read this article, there are active forums in the dark web where hitmen mingle with hackers.
But perhaps the scariest thing about cybercrime is that it all happens in the dark. For the most part, the enemy is unseen, leading victims to confusion and a lack of preparation. After all, how can you prepare for something you don’t know about? This is something that a lot of businesses are asking themselves. But there is a solution.
Ultimate Threat Calls For Ultimate Preparation
The answer to defending against an unseen enemy is to be prepared for the worst possible scenario 100 percent of the time. Don’t just assume that your business is the next target of a huge hack “” assume that hack is happening tomorrow. So what will you do about it?
Unfortunately, for most enterprises, the answer is, “Not much.” Within the enterprise sphere, there’s an overwhelming lack of preparation for virtual threats, which is why the exact same breach scenario plays out again and again: Company is attacked, doesn’t realize it, has privileged data comprised, throws up its handsÂ and loses the trust of its patrons. But this doesn’t have to be your business’ story. Here’s how your enterprise can prevent being the next up-in-arms hacked business:
- Rigorously protect the most vulnerable platforms “” like email:Â The first step to defending your organization is to understand the areas hackers are likely to target first and defend those places. Email, for instance, represents a prime target for cybercriminals because it presents an easy means of getting external threats onto an internal network. A single phishing email opened by an employee has the potential to swiftly derail an entire business network. Hackers know this and often try to capitalize on it.As a business leader, it’s your responsibility to identify these weak spots and make sure cybercriminals can’t exploit them. The first key to doing this is to implement email encryption, a tool ensuring that a business email account is secured against outside threats. The nice thing about the email encryption solution that Entrust offers is that it doesn’t require any computing behavioral changes in business users. That said, as a company, it’s important to educate your staffers in the fundamentals of secure emailing, including not opening messages from unknown senders “” and underÂ noÂ circumstances downloading any file that hasn’t been administratively vetted.
- Don’t become complacent:Â One of the most important tools a well-defended business can have is a lack of complacency. A company whose network is truly secure will not be the same business that’s self-satisfied about its security. With the cyberthreat atmosphere in a state of constant growth, no business should ever feel that it’s done all the necessary work to secure its network. The reality of cybercrime is that it’s always evolving. Therefore, so too must your company’s defense plan. Take measures to stop today’s threats with tomorrow’s advanced solutions, such as device certificates and smart credentials. Pursuing future-focused tools like these will give your business a decisive step ahead of the hackers. In addition to enterprise tools, your business should make a consistent effort to give cybersecurity issues the company-wide attention they deserve at enterprise meetings and corporate training sessions.
By following these steps, your organization can prepare itselfÂ for the worst possible scenario “” which, in a world of rampant and ever-growing cybercrime, is a very likely scenario. Don’t let that become a reality for your organization.