CYBERCRIME AND THE INTERNET OF THREATS. www.juniperresearch.com



Similar documents
The Goods, the Payment and the Mobile!

Global Corporate IT Security Risks: 2013

Evolving Threats and Attacks: A Cloud Service Provider s viewpoint. John Howie Senior Director Online Services Security and Compliance

CYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES

Mobile Voice ~ Whispers of Change?

2012 Bit9 Cyber Security Research Report

Primer TROUBLE IN YOUR INBOX 5 FACTS EVERY SMALL BUSINESS SHOULD KNOW ABOUT -BASED THREATS

M2M. In an IoT World. Whitepaper.

IT SECURITY RISKS SURVEY 2014: A BUSINESS APPROACH TO MANAGING DATA SECURITY THREATS

Is your business secure in a hosted world?

Cyber security Time for a new paradigm. Stéphane Hurtaud Partner Information & Technology Risk Deloitte

WHITEPAPER. Recall Cyber Intelligence

Promoting a cyber security culture and demand compliance with minimum security standards;

Hitting the N-Mark with NFC

Cybercrime Security Risks and Challenges Facing Business

Cyber Risk Management

A CHASE PAYMENTECH WHITE PAPER. Expanding internationally: Strategies to combat online fraud

THE PERFECT STORM WEATHERING CYBER THREATS IN THE HEALTHCARE INDUSTRY

Privacy Rights Clearing House

FINANCIAL FRAUD: THE IMPACT ON CORPORATE SPEND IT SECURITY RISKS SPECIAL REPORT SERIES

DENIAL OF SERVICE: HOW BUSINESSES EVALUATE THE THREAT OF DDOS ATTACKS IT SECURITY RISKS SPECIAL REPORT SERIES

Collateral Effects of Cyberwar

DAMAGE CONTROL: THE COST OF SECURITY BREACHES IT SECURITY RISKS SPECIAL REPORT SERIES

Combatting the Biggest Cyber Threats to the Financial Services Industry. A White Paper Presented by: Lockheed Martin Corporation

SPEAR PHISHING UNDERSTANDING THE THREAT

Enterprise Apps: Bypassing the Gatekeeper

BYPASSING THE ios GATEKEEPER

Protecting against cyber threats and security breaches

How To Protect Your Business From A Cyber Attack

IS YOUR CUSTOMERS PAYMENT DATA REALLY THAT SAFE? A Chase Paymentech Paper

Small businesses: What you need to know about cyber security

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES.

SMART WIRELESS DEVICES & THE INTERNET OF ME

Botnets: The dark side of cloud computing

Executive Summary 3. Snowden and Retail Breaches Influencing Security Strategies 3. Attackers are on the Inside Protect Your Privileges 3

New challenges in Data privacy.

Anthony Minnaar Dept of Criminology & Security Science School of Criminal Justice College of Law University of South Africa

WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY

Vulnerability Assessment & Compliance

Five Trends to Track in E-Commerce Fraud

Combating a new generation of cybercriminal with in-depth security monitoring

Bad Ads Trend Alert: Shining a Light on Tech Support Advertising Scams. May TrustInAds.org. Keeping people safe from bad online ads

Threats and Attacks. Modifications by Prof. Dong Xuan and Adam C. Champion. Principles of Information Security, 5th Edition 1

The Advanced Cyber Attack Landscape

Internet Reputation Management Guide. Building a Roadmap for Continued Success

Security & Compliance. Thursday, September

Your Customers Want Secure Access

of firms with remote users say Web-borne attacks impacted company financials.

ONLINE AND MOBILE BANKING, YOUR RISKS COVERED

Course 4202: Fraud Awareness and Cyber Security Workshop (3 days)

State of Security Survey GLOBAL FINDINGS

Cyber Security. CYBER SECURITY presents a major challenge for businesses of all shapes and sizes. Leaders ignore it at their peril.

Mobile Application Security. Helping Organizations Develop a Secure and Effective Mobile Application Security Program

Cybersecurity report As technology evolves, new risks drive innovation in cybersecurity

Perception and knowledge of IT threats: the consumer s point of view

Phone: Fax:

The author(s) shown below used Federal funds provided by the U.S. Department of Justice and prepared the following final report:

September 20, 2013 Senior IT Examiner Gene Lilienthal

Cyber/IT Risk: Threat Intelligence Countering Advanced Adversaries Jeff Lunglhofer, Principal, Booz Allen. 14th Annual Risk Management Convention

E Commerce and Internet Security

Office of Emergency Communications (OEC) Mobile Applications for Public Safety (MAPS)

Cybersecurity Awareness. Part 1

How To Cover A Data Breach In The European Market

ES ET DE LA VIE PRIVÉE E 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISSIONERS

KASPERSKY FRAUD PREVENTION FOR ENDPOINTS

Cyber-security: legal implications for financial institutions. IAPP Europe Data Protection Intensive 2013

Kaspersky Fraud Prevention platform: a comprehensive solution for secure payment processing

Information Protection in Today s Changing Mobile and Cloud Environments

CSM-ACE 2014 Cyber Threat Intelligence Driven Environments


Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center

1. Economic factors: Positive global market for IDS/IPS security solutions and services.

2015 CENTRI Data Breach Report:

Addressing Big Data Security Challenges: The Right Tools for Smart Protection

CHECKLIST: ONLINE SECURITY STRATEGY KEY CONSIDERATIONS MELBOURNE IT ENTERPRISE SERVICES

NEW ZEALAND S CYBER SECURITY STRATEGY

Project 2020: Preparing Your Organization for Future Cyber Threats Today

INVESTIGATIONS REPORT

White Paper. Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation

The Cost of Phishing. Understanding the True Cost Dynamics Behind Phishing Attacks A CYVEILLANCE WHITE PAPER MAY 2015

Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime

Global Web Application Firewall Market

INTELLIGENCE DRIVEN FRAUD PREVENTION

Top Fraud Trends Facing Financial Institutions

10 Smart Ideas for. Keeping Data Safe. From Hackers

IDENTIFY YOUR CUSTOMERS

WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY.

Brochure More information from

10 Things Every Web Application Firewall Should Provide Share this ebook

Network security policy issues. Ilias Chantzos, Director EMEA & APJ NIS Summer School 2008, Crete, Greece

A strategic approach to fraud

Cyber- Attacks: The New Frontier for Fraudsters. Daniel Wanjohi, Technology Security Specialist

Statistical Analysis of Internet Security Threats. Daniel G. James

Cybercrime in Canadian Criminal Law

Internet Reputation Management Guidelines Building a Roadmap for Continued Success

White Paper. What the ideal cloud-based web security service should provide. the tools and services to look for

White paper. Phishing, Vishing and Smishing: Old Threats Present New Risks

Security strategies to stay off the Børsen front page

The UK cyber security strategy: Landscape review. Cross-government

Cybercrime: risks, penalties and prevention

Transcription:

CYBERCRIME AND THE INTERNET OF THREATS www.juniperresearch.com

1 1.1 Introduction As more and more business infrastructure moves online, so do those wishing to destroy or defraud that infrastructure. Cybercrime is a growing threat to corporations and consumers, who are increasingly using online methods to run their businesses and lives. With the advent of mobile computing, this is only likely to become more common. 1.2 Definitions Cybercriminals carry out their activities for a range of reasons and in a variety of ways, which Juniper Research defines as follows: Cybercrime - any illegal activity conducted primarily through the covert use of hardware or software. This means that other commonly used terms, such as cyberespionage and cyberterrorism, are also defined as cybercrime. Cyberespionage illegal use of hardware or software with the intent to steal secrets, whether from a business or governmental target. Cyberactivism also called hacktivism, this is the process of organising, or practicing, politically-motivated action of any type through Internet-based media, computer systems and data. This definition includes all forms of cyberterrorism. Readers should also note that cyberactivism is not necessarily illegal, although it can be if direct action is taken by cyberactivists. Cyberterrorism a process of premeditated illegal attacks against computer systems, computer programs and data, with the intended result of violence against civilians or civilian targets in the service of political aims. Cyberwar a process of premeditated attacks against computer systems, computer programs and data of one state by another state or state-sponsored actor. 1.3 Cybercrime and the Finance Industry Banks themselves are likely to be some of the most safety-conscious entities, so the areas most targeted by cybercriminals do not focus on banks, but on methods to target the consumer; phishing, vishing and keystroke logs to enable forms of identity theft being the most common. This relies the consumer s lack of knowledge, rather than breaching the bank s security itself. The damage caused by many uncovered attacks against banks themselves in recent years has been primarily reputational and could, potentially, result in abnormal churn as customers feel unsafe and leave their current bank for another, with associated financial effects. However, a recent attack on JPMorgan Chase showed that customer details are often targeted by cybercriminals even if there is no immediate financial use for them. A probable reason for this is that when cybercriminals have consumers details, those customers can then be targeted as part of a spearphishing operation, where information in the phishing communication is tailored to be more attractive to the specific target.

2 1.3.1 The Importance of Social Engineering Many types of banking cybercrime rely on social engineering ; convincing the consumer that they have a legitimate reason to respond to the demands of the cybercriminal. The aim is to either modify a user s behaviour to accept the redirection required as part of a phishing MITM (man-in-the-middle) attack, bypassing or disclosing security requirements because they believe the source of the instruction to be genuine. 1.4 Mobile Malware is Miniscule Despite the increasing prevalence of smartphones and other connected devices worldwide, traditional computing remains the focus of most cybercrime. A report published by Kindsight highlights that mobile malware is comparatively rare, with an estimated infection rate of 0.68% of the smartphone installed base in 2014. 1 This is due to a combination of limited profitability for cybercriminals (with no guarantee of valuable details through the hack) and the need to develop a sophisticated understanding of mobile software, which is still relatively new and evolving at a much faster rate than that observed for desktop PCs. available. Mobile malware will remain a relatively small proportion of the overall malware in circulation until truly cross-platform OSs (Operating Systems), particularly Windows-based cross-platform Oss, are introduced. 1.5 The Cost of Cybercrime Cybercrime creates financial costs for those it targets, either directly through loss of data or money as a result of the attack, or indirectly in the form of additional preventative measures required to combat cybercrime (additional staff, server resources, advanced software etc). Typically the most expensive forms of cybercrime are data breaches, those attacks which result in the criminals seizing business or personal records. The cost of cybercrime is disproportionately heavy on smaller businesses. Larger organisations are more likely to be able to weather the resultant costs from a large scale data breach. Juniper Research estimates the global average cost of a cybercrime attack to be close to $6 million (higher in North America and West Europe), which is more than many small and medium-sized enterprises annual revenue. However, smartphones will be the most common mobile device targeted by cybercriminals, as there is virtually no Internet of Things-based malware 1 Available for download at https://resources.alcatel-lucent.com/asset/184652

3 1.5.1 Variations by Industry The size of reported data breaches varies by industry, as does the frequency of those breaches. The following figure shows the distribution of recorded data breach 2 sizes in in the US during 2014, as a proportion of the total data breaches per industry. Figure 1: Distribution of Records Exposed per Breach as a Proportion of the Total Data Breaches per Industry (%) US 2014 60.0% 50.0% 40.0% 30.0% 20.0% 10.0% 0.0% <101 101-1,000 1,001-10,000 10,001-100,000 100,001-1,000,000 1,000,001-10,000,000 10,000,001-100,000,000 Banking/Financial Business Education Government/Military Medical/Healthcare Overall Source: ITRC (Identity Theft Resource Centre), Juniper Research 2 These breaches are recorded according to the definition of the ITRC: The ITRC defines a data breach as an incident in which an individual name plus a Social Security number, driver s license number, medical record or financial record (credit/debit cards included) is potentially put at risk because of exposure.

4 Note that this is not the same as the overall attack distribution. In terms of number of breaches, the Medical/Healthcare category surpassed all others; 300 out of the 490 data breaches recorded by the ITRC with a number of records exposed originated in the Medical/Healthcare category. We would also remind our readers that this and any estimates of the cost of cybercrime is, by virtue of imperfect knowledge, a partial view. We note that 37.4% of the 783 breaches recorded by the ITRC do not include a number of records and are therefore excluded from this analysis. Table 2: Distribution of Breach Sizes as a Proportion of the Total Data Breaches per Industry (%) US 2014 Records Exposed Banking/ Financial Business Education Government/ Military Medical/ Healthcare Overall 100 or less 0.0% 6.4% 0.0% 3.0% 1.0% 2.0% 101-1,000 11.1% 16.7% 22.2% 20.9% 27.3% 24.1% 1,001-10,000 22.2% 25.6% 33.3% 43.3% 51.7% 44.5% 10,001-100,000 55.6% 34.6% 33.3% 25.4% 17.7% 23.3% 100,001-1,000,000 0.0% 10.3% 11.1% 3.0% 2.0% 4.1% 1,000,001-10,000,000 11.1% 5.1% 0.0% 4.5% 0.3% 1.8% 10,000,001-100,000,000 0.0% 1.3% 0.0% 0.0% 0.0% 0.2% Source: ITRC (Identity Theft Resource Centre), Juniper Research 1.5.2 Cost of Cybercrime-Related Data Breaches In calculating the global cost of cybercrime, Juniper Research has focused on the data breach as the primary unit of analysis. While downtime from DoS and DDoS attacks does account for a significant proportion of lost revenue, the volume and frequency of such attacks, as well as their success rate, varies greatly, which makes accurately modelling their effect impossible. We have not attempted to model the cost of malware-enabled cybercrime because only a small fraction of attacks do the bulk of the damage, making it impossible to generalise. For example, IBM enterprise clients experienced on average 74,300 cyberattacks in a year as of July 2013, of which only 90.2 (0.12%) resulted in security incidents.

5 Juniper Research anticipates that the annual cost incurred from malicious data breaches will exceed $2 trillion in 2019. This is 2.2% of the IMF s forecast global GDP that year. Figure 3: Annual Cost of Criminal Data Breaches in 2019 ($2.0 Trillion) While it is responsible for under 80% of global criminal data breaches, the high-value nature of US breaches means they account for over 90% of the global cost of data breaches. We assume that the cost-per-record is going to increase in future, as more sensitive data is stored online as a matter of course. a) However, the global increases in income means that this will become less concentrated over time, as greater numbers of wealthier targets emerge in other regions. North America Latin America West Europe Central & East Europe Far East & China Indian Subcontinent Rest of Asia Pacific Africa & Middle East Source: Juniper Research

DIGITAL ADVERTISING GETS PERSONAL 6 Order the Full Report The Future of Cybercrime & Security: Financial & Corporate Threats & Mitigation 2015-2020 This incisive report on the current and future cybercrime landscape provides an in-depth analysis of the current threats posed to a variety of vital digital commerce and connected device markets, as well as roadmapping their future evolution. Key Features Investigates the threats posed to key ecommerce and mcommerce sectors, including payments, money transfer, retail and banking. Analysis of developments in the cybercrime ecosystem and what they imply for the future direction of malware for devices, from smartphones to wearables and the Internet of Things. Typology of cybercrime threats, with key features and protective strategies included alongside the likely evolution of cybercrime. Juniper Threat Landscape Assessment and future projections for the level of threat and its probable impact on each sector. Projections of the scale and cost of data breaches at a global and regional level from 2015 to 2020. What s in this Research? from cybercrime has changed in past couple of years in response to changes in the IT industry. Sector-by-Sector Cybercrime Threat Analysis outlines the most prominent malware-based threats to different business types and presents an assessment of the current threat landscape and its evolution in the coming years. Interactive Forecast Excel Highly granular dataset comprising almost 400 data points, allied to a What-If Analysis tool giving user the ability to manipulate Juniper s data (Interactive XL). Publications Details Publication date: May 2015 Author: James Moar Contact Jon King, Business Development Manager, for more information: Jon.King@juniperresearch.com Juniper Research Ltd, Church Cottage House, Church Square, Basingstoke, Hampshire RG21 7QW UK Tel: UK: +44 (0)1256 830001/475656 USA: +1 408 716 5483 (International answering service) Fax: +44(0)1256 830093 http://www.juniperresearch.com Outline of Trends and the Future Direction of Cybercrime discusses the evolution of the cybercriminal market and how the threat

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information