Far from the socially isolated, hoodie-wearing, stereotypical cyberpunk hacker, today’s computer criminals are more sophisticated, organized and professional than ever before. Cybersecurity experts say that a large multinational cybercriminal enterprise can bring in more than $1 billion annually. Top “employees” can earn up to $2 million a year, while freelancers can get about $30,000 per job.
Like most savvy professionals, cybercriminals understand that they must reinvest in the business to support continued growth. The World Economic Forum has estimated that cybercriminals spend approximately $1 trillion annually to develop new cyberattack weapons. That’s almost 10 times the $145 billion legitimate organizations are spending on cybersecurity.
All signs indicate those investments are paying off for the bad guys. Cybercrime is now considered the most lucrative criminal activity in the world, surpassing even the illegal drug trade. What’s more, cybercriminals have their own underground economy, selling malware, exploit kits and even cloud-based attack services on the dark web. Compromised systems can be purchased for use as command-and-control servers or botnets.
Not so long ago, cybercrime was more of an annoyance than an actual existential threat. Most attacks took the form of cyber vandalism conducted by “lone wolf” actors and script kiddies looking to display both their computer skills and their disdain for corporate culture. Through the 1990s, the most common computer crime involved defacing web sites.
With most types of businesses becoming reliant upon Internet connectivity and digital transactions, the profit potential of cybercrime has skyrocketed. Information theft, extortion and sabotage have all become obscenely profitable endeavors. It is believed that ransomware attacks alone generate more than $20 billion a year.
To fully exploit the possibilities, today’s cybercriminals have adopted organizational structures similar to that of legitimate businesses. Research from IBM and Google suggests that the most sophisticated hacking groups operate with a top-down organizational structure featuring a CEO-like leader who broadly defines the organization’s goals and turns much of the detailed work over to a layer of middle management.
Individual departments are assigned specific duties, with some responsible for developing malicious code while others work on delivery mechanisms and still others handle the actual data theft. They often have training programs for new employees and service agreements with their customers.
Cybercrime Does Pay
Cybersecurity Ventures has predicted that the global cost of cybercrime will total $6 trillion in 2021, making it the equivalent of the world’s third-largest economy. And the cost is expected to increase by 15 percent per year over the next five years, reaching $10.5 trillion by 2025.
Most disturbing is the toll cybercrime has on most companies. Every dollar spent on security is a dollar that can’t be spent on growth or innovation. It’s difficult to fully quantify the costs of business disruption, lost productivity and reputational damage. IBM President and CEO Ginny Rometty says cybercrime has become “the greatest threat to every profession, every industry, every company in the world.”
With a more sophisticated organizational structure, cybercriminals have become more effective and more profitable. In response, organizations must adopt more formidable countermeasures with defenses at every potential point of vulnerability — from endpoints to Internet gateways.
The experts at RMM Solutions can help you develop a layered security approach featuring leading-edge services and solutions. Give us a call for a confidential consultation.