real trends in cybercrime?

What are the real trends in cybercrime? Recent media coverage has been rife with stories of large-scale data breaches, hacks and online financial crime. IT security firms publish yearly reports that generally show the security of cyberspace to be poor and often getting worse, but, as argued in this paper, the level of security in cyberspace is actually far better than the picture we’re given. Currently, numbers on the occurrence of cybercrime are almost always depicted in either absolute numbers or year-over-year terms. To get a more accurate picture of the security of cyberspace, cybercrime statistics — including mobile vulnerabilities, malicious web domains, zero-day exploits and web-based attacks, among others — need to be expressed as a proportion of the growing size of the Internet.

This paper better illustrates cyberspace security by normalizing the statistics for cybercrime around various measures of the growing size of cyberspace. A clear picture emerges: the absolute numbers always paint a worse scenario of the security of cyberspace than the normalized numbers. With this in mind, the following policy recommendations are proposed for the improvement of IT security: focus on the individual user; detect and counter new vulnerabilities faster by relying on open source software; develop international agreements on spam and phishing emails; figure out how to spread the costs of cybercrime; private companies must do more to protect themselves; and cyber security companies should collect and represent data on cybercrime in normalized terms.

Hacking a car

It’s a sunny April morning in 2020 but, as you start your car for the morning commute, something is wrong. The 20in touchscreen is dead. Suddenly it flickers into life but instead of the usual map there’s a message: “Your car’s computer has been locked. We control your data, brakes and steering. To unlock your computer you’re obliged to pay a fine of $200.”

You’re not alone. As one of 8.6 million connected cars in the UK (up from a mere 1.8 million in 2016) that are capable of vital wireless internet updates and diagnosis – and now destructive malware – you are one of many getting their first taste of auto ransomware.

“It might sound like fantasy but this could happen,” says Alex Moiseev, managing director of the European arm of software security specialist Kaspersky Lab, as he sits in his hi-tech Paddington office. “It happens with desk computers now. It’s just a question of time before the bad guys move into your car, too.”

                       Firewalls are Important, but they’re Not Enough

Firewalls are an essential part of your IT security infrastructure. In fact, in many cases, they are the foundation and rightfully so. It’s important to note, however, that the target has changed and so have the perpetrators. These days, the masterminds behind cyber-attacks are infinitely more sophisticated than they once were. Many will stop at nothing to achieve the results they’re after – gaining access to sensitive data and exploiting it for their criminal purposes.

Unfortunately, most companies have not shifted their focus to account for these changes. The current ideology is that hackers install agents on your network and let them do the work. They install them in what we like to call the Red Zone. This is the weakest part of your network – the spot where your PC and device are located.  Not coincidentally, this also happens to be where most human decisions are exposed on your network; for example, which website to go to, what file to download, and what e-mail to open.

Legacy Security Measures are No Longer Sufficient

Perhaps even just as recently as a decade or so ago, firewalls and sandboxes were enough to keep hackers at bay. Unfortunately, those hackers have developed newer, better and more effective ways to get around these security measures. They are relentless in their efforts to identify and expose network vulnerabilities and legacy protections are simply no match for their complex tactics.

To complicate matters, most businesses now operate remotely at least a portion of the time. Thanks to mobile and cloud technology, individuals, teams and even entire companies can perform just about every duty imaginable from anywhere. But firewalls and other on-premise security platforms are ineffective when using your tablet to access your email while waiting at the airport or logging onto the network while sipping a latte at your local coffee shop, which means your sensitive data is being exposed much more frequently than you may even imagine.

Even if your IT team has worked hard to secure additional endpoints from cyber-threats, new dangers are lurking around every corner, from spear phishing and ghostware to ransomware and any of the latest threats that are popping up almost daily. The security tools of the past were not designed to protect against these cutting-edge attacks, which is why relying solely on legacy systems is simply not a wise business decision. In fact, most of the newer threats have been specifically developed to get around basic security methods like firewalls.

Furthermore, the use of efficient, affordable cloud resources, including such popular tools as Salesforce and G Suite, along with the widespread adoption of BYOD (bring your own device) policies has given hackers a much broader attack surface and subsequently increased the number of endpoints businesses must protect. In other words, the topic of cyber security has become exceedingly more complicated and therefore much more challenging. As such, appliance-based network security methods are no longer enough.

Focus Has Shifted from Protection to Remediation

These days, it’s not a question of whether a company will become a victim of a cyber-attack, but rather when. Obviously the goal is to stop these attacks before they occur, but the reality is this simply isn’t always possible. That’s why security measures such as firewalls and anti-virus software must be backed up by a solid incident response strategy. As mentioned in a recent post, most of the damage that occurs as a result of a successful breach takes place during the time between when the intrusion initially happens and when it is finally discovered – a window known as Time Til Live or TTL for short.

In the modern multi-device, mobile-first business world where threats are complex and relentless, the solution lies in the use of actionable intelligence, which works in two distinct ways. First, it operates around the clock to quickly and effectively pinpoint, isolate and eradicate network intrusions before they have the chance to wreak havoc. Second, it analyzes network data to identify all indicators of compromise (IOC) to ensure the response methodology includes measures to help prevent future occurrences.

In war it is easier to identify who has already attacked you than it is to figure out who is going to attack you in the future. This is where the Red Zone will help turn the tables on would-be hackers and hacking corporations. As a business professional, you must make sure your IT strategy is up to date. The next war will not be fought in the board room or the battlefield; it will be fought in the Red Zone.

In conclusion, if you are currently operating under the assumption that a firewall is the first, last and only line of defense you need to protect your business from cyber threats, you are inadvertently playing into the hands of would-be hackers. To the contrary, your firewall should be viewed as a foundation upon which to build a strong, solid defense that leverages the advanced intelligence technology necessary to meet cyber criminals right where they are and stop them in their tracks. FireDragon can provide that kind of protection.




This spring marked a significant turning point regarding worldwide cyber aggression. The massive ransomware attacks on May 12 began in Europe and spread across the world infecting over 300,000 computers in more than 150 countries. Those infected were confronted with messages to pay $300 in bitcoin to unlock the files on the infected computer.

The hackers were playing the percentages that some number of computers would not be properly patched. They were not targeting any specific companies or individuals There was no bias whatsoever — if the computer was connected to the internet, it was fair game. A significant amount of corporate cyber defenses were found to be lacking during the attack, and improvements need to be made.

The attack was enough to make you “WannaCry,” which is the namesake of this insidious ransomware. The WannaCry episode presents a tremendous learning experience. Businesses across various industries learned that daily operations could be pervasively and negatively impacted by a cyberattack. Gas pump electronic pay systems would be disrupted, automotive manufacturing processes would be crippled or halted, hospitals would need to reschedule patient surgeries, and power generation utilities would have interruptions.

Many business leaders learned that their software patch management was behind. Additionally, many were surprised their backups didn’t work as planned, and their incident response planners didn’t have a playbook. There were also constraints that further contributed to the damage: lack of investment, lack of controls, or plain old apathy.

Although cyber defenders were mostly able to disarm hacker’s attacks, hackers are constantly creating variants that will be harder to detect, and perhaps costlier to the public and private sector. This type of malware has exceeded just nuisance and embarrassment — it is translating into serious dollars.

The insatiable appetite for better, faster, cheaper, and connectivity is our collective “new normal.” Cyber threats are becoming more numerous and damaging with every device that connects to the internet. The Verizon’s 2017 Data Breach Investigation Report illuminates how damaging attacks are for a company. Cyber risk is a business risk that has managerial, operational, financial, legal, and technological dimensions.

Technology changes faster than all the other dimensions, making it difficult for businesses to adapt to it. We’ve been trained to deal with catastrophic loss by reviewing business continuity plans and getting the right insurance coverages. That said, these strategies or tactics need to be revisited or updated to understand the appropriate mitigations to protect your company from a cyberattack. Insurance is a logical risk tool, but it doesn’t fix your cybersecurity posture. People, processes, and technology help you do that.

Do you have the right people, processes, and technologies to protect your business from cyber threats? A good place to start is to review the National Institute of Standards and Technology (NIST) Cybersecurity Framework, which has become a benchmark for what to do both nationally and across the globe.

Additionally, there is complementary guidance from the National Association of Corporate Directors (NACD), Information Systems Audit and Control Association (ISACA), and the Institute of Internal Auditors (IIA) on how to elevate cybersecurity to your company board’s governance agenda.

If that is too much to consider, review the Center for Internet Security punch list of 20 critical information security controls to determine not only are they in place but whether they are being done well enough. There are no silver bullets for cybersecurity. These frameworks do nothing for your organization if the company is unwilling to accept it has some gaps that will require a plan of action to close them.

The corporate world has demonstrated with previous attacks that it is not adequately prepared in regard to cyber defense. Cyberattacks will only increase, and the hackers will become more sophisticated. Thus, it’s vitally important that businesses ensure their assessments, vulnerability scanning, training, and incident response plans are functional and up to date.