Go to the profile of NTT i3
NTT i3
Accelerating the transformation of innovative technology ideas from the R&D lab into marketplace reality. www.NTTi3.com

Cybercrime: a Powerful, Agile Competitor to Today’s Global Business

Written by Rich Boyer, Chief Architect for Security and Dr. Kenji Takahashi, VP Product Management for Security at NTT Innovation Institute, Inc.

Cybercrime is nothing new. What is different now is the intimacy of those attacks. It is no longer only about some big name company looking foolish. Cybercrime now touches the lives of everyone in society. The enormous profit to criminals and the risk to individuals brings the scope of the evolution of cybercrime directly into every house and home — everyday, everywhere.

In the 1970s and 1980s, there were stories of individual bank teller embezzlements, “phone phreaks” manipulating computerized systems in search of free long distance service, and college students breaking into Department of Defense communications systems. In the late 1990s and early 2000s, several computer viruses drew attention to expanding threats and resulted in the birth of a whole new industry of anti-virus software. And in the year 2000, there was the first documented denial-of-service (DoS) attack traced back to a 15 year old Canadian who called himself “mafiaboy,” causing more than a billion dollars in damage against a number of prominent e-commerce sites.

All of this pales in size, sophistication, reach, and intent to the organized and highly sophisticated global cybercrime we have seen steadily growing over the past 15 years.

Today, cybercriminals and “black hat” attackers look less like yesterday’s nerdy hackers hunched over computers in basements while harboring a vendetta against “the system.” Now they act more like Mafioso versions of sophisticated Silicon Valley startups. The digital criminal element has worked harder, become more innovative, and successfully broadened their toolset in order to compete, and outstrip, the efforts of the established enterprise security industry. They are more sophisticated and agile than the companies they attack. They are masters at taking full advantage of the cloud, crowdsourcing, open exchange of data, mobile technologies and they are often untethered to any particular infrastructure, supporting their ability to appear and disappear at need.

Their new modes of attack are as equally diverse and innovative as the more powerful cybercrime toolkits, including:

  • Lateral attacks are on the rise as security breaches originating in one organization but spread quickly increasingly interconnected partner networks.
  • Users are becoming the new perimeter of IT security as BYOD and increased telecommuting has resulted in a dramatic increase in security vulnerabilities initiated outside the physical walls of an organization.

The results? Hundreds of billions in losses each year. This unsettling state of affairs has created a seemingly binary world with really only two kinds of companies: those that have been hacked and admit it, and those that have been hacked and don’t admit it or don’t know it yet. Worse yet, for the vast majority of individuals, very few of us have been untouched whether we know it or not.

So what’s an organization to do?

In order to compete with the scale and agility of modern cybercriminals, forward-thinking enterprises and security leaders must begin to relate to them as some of the most powerful and innovative digital competitors that they will ever face. Security needs to be reframed in a larger strategic context as a value-creating investment rather than a value-protecting investment.

I believe that in the war against cybercrime, if we are to have a fighting chance — we all need to embrace a radical new approach to security. This means that companies must begin to share what they learn about security threats with their colleagues, other companies and customers. The bad guys already readily share, and they win as a result of that shared knowledge. This means we need to go far beyond the current ongoing sharing efforts and embrace new approaches to thinking including:

  • threat intelligence,
  • security as a service, and
  • communities of sharing.

Our current path will only lead to more of the same, multiplying security complexity, higher costs and increasing success of the criminal element. To expect something different is foolish at best, and ultimately disastrous. Let’s take a new road to successfully combating cybercrime together.

This is the first in a 3-part series of blog posts where I’ll be discussing the state of cybercrime and cybersecurity. The series will focus on specific tools used by criminals, as well as the approaches and platforms that businesses need to adopt to fight them. You can also download my latest book on cybercrime here.