CYBERCRIME AND THE INTERNET OF THREATS www.juniperresearch.com
1 1.1 Introduction As more and more business infrastructure moves online, so do those wishing to destroy or defraud that infrastructure. Cybercrime is a growing threat to corporations and consumers, who are increasingly using online methods to run their businesses and lives. With the advent of mobile computing, this is only likely to become more common. 1.2 Definitions Cybercriminals carry out their activities for a range of reasons and in a variety of ways, which Juniper Research defines as follows: Cybercrime - any illegal activity conducted primarily through the covert use of hardware or software. This means that other commonly used terms, such as cyberespionage and cyberterrorism, are also defined as cybercrime. Cyberespionage illegal use of hardware or software with the intent to steal secrets, whether from a business or governmental target. Cyberactivism also called hacktivism, this is the process of organising, or practicing, politically-motivated action of any type through Internet-based media, computer systems and data. This definition includes all forms of cyberterrorism. Readers should also note that cyberactivism is not necessarily illegal, although it can be if direct action is taken by cyberactivists. Cyberterrorism a process of premeditated illegal attacks against computer systems, computer programs and data, with the intended result of violence against civilians or civilian targets in the service of political aims. Cyberwar a process of premeditated attacks against computer systems, computer programs and data of one state by another state or state-sponsored actor. 1.3 Cybercrime and the Finance Industry Banks themselves are likely to be some of the most safety-conscious entities, so the areas most targeted by cybercriminals do not focus on banks, but on methods to target the consumer; phishing, vishing and keystroke logs to enable forms of identity theft being the most common. This relies the consumer s lack of knowledge, rather than breaching the bank s security itself. The damage caused by many uncovered attacks against banks themselves in recent years has been primarily reputational and could, potentially, result in abnormal churn as customers feel unsafe and leave their current bank for another, with associated financial effects. However, a recent attack on JPMorgan Chase showed that customer details are often targeted by cybercriminals even if there is no immediate financial use for them. A probable reason for this is that when cybercriminals have consumers details, those customers can then be targeted as part of a spearphishing operation, where information in the phishing communication is tailored to be more attractive to the specific target.
2 1.3.1 The Importance of Social Engineering Many types of banking cybercrime rely on social engineering ; convincing the consumer that they have a legitimate reason to respond to the demands of the cybercriminal. The aim is to either modify a user s behaviour to accept the redirection required as part of a phishing MITM (man-in-the-middle) attack, bypassing or disclosing security requirements because they believe the source of the instruction to be genuine. 1.4 Mobile Malware is Miniscule Despite the increasing prevalence of smartphones and other connected devices worldwide, traditional computing remains the focus of most cybercrime. A report published by Kindsight highlights that mobile malware is comparatively rare, with an estimated infection rate of 0.68% of the smartphone installed base in 2014. 1 This is due to a combination of limited profitability for cybercriminals (with no guarantee of valuable details through the hack) and the need to develop a sophisticated understanding of mobile software, which is still relatively new and evolving at a much faster rate than that observed for desktop PCs. available. Mobile malware will remain a relatively small proportion of the overall malware in circulation until truly cross-platform OSs (Operating Systems), particularly Windows-based cross-platform Oss, are introduced. 1.5 The Cost of Cybercrime Cybercrime creates financial costs for those it targets, either directly through loss of data or money as a result of the attack, or indirectly in the form of additional preventative measures required to combat cybercrime (additional staff, server resources, advanced software etc). Typically the most expensive forms of cybercrime are data breaches, those attacks which result in the criminals seizing business or personal records. The cost of cybercrime is disproportionately heavy on smaller businesses. Larger organisations are more likely to be able to weather the resultant costs from a large scale data breach. Juniper Research estimates the global average cost of a cybercrime attack to be close to $6 million (higher in North America and West Europe), which is more than many small and medium-sized enterprises annual revenue. However, smartphones will be the most common mobile device targeted by cybercriminals, as there is virtually no Internet of Things-based malware 1 Available for download at https://resources.alcatel-lucent.com/asset/184652
3 1.5.1 Variations by Industry The size of reported data breaches varies by industry, as does the frequency of those breaches. The following figure shows the distribution of recorded data breach 2 sizes in in the US during 2014, as a proportion of the total data breaches per industry. Figure 1: Distribution of Records Exposed per Breach as a Proportion of the Total Data Breaches per Industry (%) US 2014 60.0% 50.0% 40.0% 30.0% 20.0% 10.0% 0.0% <101 101-1,000 1,001-10,000 10,001-100,000 100,001-1,000,000 1,000,001-10,000,000 10,000,001-100,000,000 Banking/Financial Business Education Government/Military Medical/Healthcare Overall Source: ITRC (Identity Theft Resource Centre), Juniper Research 2 These breaches are recorded according to the definition of the ITRC: The ITRC defines a data breach as an incident in which an individual name plus a Social Security number, driver s license number, medical record or financial record (credit/debit cards included) is potentially put at risk because of exposure.
4 Note that this is not the same as the overall attack distribution. In terms of number of breaches, the Medical/Healthcare category surpassed all others; 300 out of the 490 data breaches recorded by the ITRC with a number of records exposed originated in the Medical/Healthcare category. We would also remind our readers that this and any estimates of the cost of cybercrime is, by virtue of imperfect knowledge, a partial view. We note that 37.4% of the 783 breaches recorded by the ITRC do not include a number of records and are therefore excluded from this analysis. Table 2: Distribution of Breach Sizes as a Proportion of the Total Data Breaches per Industry (%) US 2014 Records Exposed Banking/ Financial Business Education Government/ Military Medical/ Healthcare Overall 100 or less 0.0% 6.4% 0.0% 3.0% 1.0% 2.0% 101-1,000 11.1% 16.7% 22.2% 20.9% 27.3% 24.1% 1,001-10,000 22.2% 25.6% 33.3% 43.3% 51.7% 44.5% 10,001-100,000 55.6% 34.6% 33.3% 25.4% 17.7% 23.3% 100,001-1,000,000 0.0% 10.3% 11.1% 3.0% 2.0% 4.1% 1,000,001-10,000,000 11.1% 5.1% 0.0% 4.5% 0.3% 1.8% 10,000,001-100,000,000 0.0% 1.3% 0.0% 0.0% 0.0% 0.2% Source: ITRC (Identity Theft Resource Centre), Juniper Research 1.5.2 Cost of Cybercrime-Related Data Breaches In calculating the global cost of cybercrime, Juniper Research has focused on the data breach as the primary unit of analysis. While downtime from DoS and DDoS attacks does account for a significant proportion of lost revenue, the volume and frequency of such attacks, as well as their success rate, varies greatly, which makes accurately modelling their effect impossible. We have not attempted to model the cost of malware-enabled cybercrime because only a small fraction of attacks do the bulk of the damage, making it impossible to generalise. For example, IBM enterprise clients experienced on average 74,300 cyberattacks in a year as of July 2013, of which only 90.2 (0.12%) resulted in security incidents.
5 Juniper Research anticipates that the annual cost incurred from malicious data breaches will exceed $2 trillion in 2019. This is 2.2% of the IMF s forecast global GDP that year. Figure 3: Annual Cost of Criminal Data Breaches in 2019 ($2.0 Trillion) While it is responsible for under 80% of global criminal data breaches, the high-value nature of US breaches means they account for over 90% of the global cost of data breaches. We assume that the cost-per-record is going to increase in future, as more sensitive data is stored online as a matter of course. a) However, the global increases in income means that this will become less concentrated over time, as greater numbers of wealthier targets emerge in other regions. North America Latin America West Europe Central & East Europe Far East & China Indian Subcontinent Rest of Asia Pacific Africa & Middle East Source: Juniper Research
DIGITAL ADVERTISING GETS PERSONAL 6 Order the Full Report The Future of Cybercrime & Security: Financial & Corporate Threats & Mitigation 2015-2020 This incisive report on the current and future cybercrime landscape provides an in-depth analysis of the current threats posed to a variety of vital digital commerce and connected device markets, as well as roadmapping their future evolution. Key Features Investigates the threats posed to key ecommerce and mcommerce sectors, including payments, money transfer, retail and banking. Analysis of developments in the cybercrime ecosystem and what they imply for the future direction of malware for devices, from smartphones to wearables and the Internet of Things. Typology of cybercrime threats, with key features and protective strategies included alongside the likely evolution of cybercrime. Juniper Threat Landscape Assessment and future projections for the level of threat and its probable impact on each sector. Projections of the scale and cost of data breaches at a global and regional level from 2015 to 2020. What s in this Research? from cybercrime has changed in past couple of years in response to changes in the IT industry. Sector-by-Sector Cybercrime Threat Analysis outlines the most prominent malware-based threats to different business types and presents an assessment of the current threat landscape and its evolution in the coming years. Interactive Forecast Excel Highly granular dataset comprising almost 400 data points, allied to a What-If Analysis tool giving user the ability to manipulate Juniper s data (Interactive XL). Publications Details Publication date: May 2015 Author: James Moar Contact Jon King, Business Development Manager, for more information: Jon.King@juniperresearch.com Juniper Research Ltd, Church Cottage House, Church Square, Basingstoke, Hampshire RG21 7QW UK Tel: UK: +44 (0)1256 830001/475656 USA: +1 408 716 5483 (International answering service) Fax: +44(0)1256 830093 http://www.juniperresearch.com Outline of Trends and the Future Direction of Cybercrime discusses the evolution of the cybercriminal market and how the threat