Profit from winning the cyberwar

Roger Laing

Tuesday 21 May 2019

Received wisdom is that it’s the cybercriminals who gain from their attacks, at your expense. How would you like to turn the tables?

It’s unlikely to surprise you to hear that cybercrime is increasing. Or that it’s taking longer and proving more costly to sort out the damage and disruption caused by cybercriminals.

But just in case, the Ninth Annual cost of Cybercrime Study1 puts some figures on it. The average cost of cybercrime is $13 million (up $1.4 million over the last year) with an 11% rise in the average number of security breaches to 145.

The nature of the attacks are also changing.

Until recently, cybercrime was largely opportunistic, individuals or small groups using tools freely available on the dark web to make money from mischief.

As your people mark the weakest link in your defence, they remain the main target with ransomware, phishing and social engineering attacks as the easiest way to get to them.

Europol’s Internet Organised Crime Threat Assessment study2 shows that ransomware attacks are particularly lucrative. They have evolved over the last couple of years to cryptocurrency mining, where crooks secretly use your processing power to steal cryptocurrencies.

 

Traditional security, from two-factor authentication to encrypted data and anti-malware technologies, is the best defence to keep this sort of ‘disorganised’ crime at bay.

 

Cybercrime gets organised

Cyberattacks are now becoming the territory of organised criminals.

A Europol study found that two such recent attacks cost financial services companies in 40 countries €1 billion.

The method in both cases was similar: malware was developed by the gang, sent in phishing emails to bank staff, which then infiltrated bank networks and ATMs. Money was transferred to accounts, emptied through ATMs by gang members and then laundered by being converted into cryptocurrency.

In addition, to criminal gangs, there’s an increasing number of state-backed hacking threats aimed at getting industrial secrets from commercial companies.

There’s also a new breed of hacktivist, with the aim not to steal information but to destroy or change data. In an era of fake news, attacking data integrity to destroy trust, marks the next frontier of cyber threats.

 

Secure extra revenues – don’t lose them

There is an upside to this.

The Accenture study shows that while the cost of cybercrime is rising, investing in better cybersecurity processes can be a way of creating greater value for your business.

As such, it’s worth thinking about such an investment on a ‘ground up’ basis. With ThinkShield for instance, Lenovo has approached the issue of security from the very origins of product development, right across our supply chain, through the full lifecycle of the device and beyond. Protecting the device and the business at every conceivable point.

There’s more protection, fewer breaches and reduced cybercrime costs. Just as importantly, trust, which the Accenture report describes as the fuel of the digital economy, is strengthened. As customer confidence in your business rises, it will fall in companies that do not inspire the same level of trust, creating new revenue-generating opportunities for you.

So, what’s to be done? The report identifies three approaches to security that can help protect against cybercrime and give you a competitive advantage.

 

  1. Increase security against people-based attacks

Create a security-first mindset and make people accountable for their security.

It’s not yet at the stage of setting up your own internal investigations department – although there are search dogs trained in electronic storage detection (ESD) that can be used to spot suspicious devices.

Just like their counterparts sniffing out bombs or people, these dogs are trained to smell a tell-tale chemical – called triphenylphosphine oxide or TPPO – found in most electronic devices. It means they can search out everything from a hidden hard drive to a concealed phone or even a surveillance camera disguised in a coat hook.

 

  1. Invest in tools that help secure data and limit information loss

This is particularly important with the potential for punitive fines from new privacy regulations, like General Data Protection Regulation (GDPR).

The study shows that all organisations can reduce cybercrime costs by investing more in encryption technologies as well as advanced identity and access management – such as fingerprint readers with anti-spoofing technology found on ThinkPads, like the X1 Carbon.

 

  1. Go for breakthrough security technologies before everyone else does

Gain an edge over the competition. Lead the way by Investing in automation, including artificial intelligence and machine learning, which substantially lowers recovery costs, at a time when most of your rivals are yet to get started.

 

 

1 Ninth Annual cost of Cybercrime Study, Accenture and the Ponemon Institute, 2019
based on 355 companies in 11 countries.

2 Europol’s Internet Organised Crime Threat Assessment, 2018, https://www.europol.europa.eu/activitiesservices/main-reports/internet-organised-crime-threat-assessment-iocta-2018

Building the next-gen data centre

Where traditional and web-scale apps co-exist