Interpol: Organized Crime Behind Cyber Attacks
The head of Interpol, the international police agency, said that organized criminal gangs are behind most cyber-crime attacks. Cyber-crime is also increasingly international in structure. The message for midsize firms and their IT managers: You are a prime target.
Unlike politically motivated "hactivists," organized-crime hackers are not seeking publicity. They aren't in it to send a message or even for self-glorification. They're just in it for the money. Midsize firms are large enough to be tempting targets. But most do not have extensive cybersecurity organizations or policies. And they are not so big that attacks draw unwanted public attention.
Khoo Boon Hui, president of Interpol, recently addressed the agency's European Regional Conference in Tel Aviv, Israel, As reported by AFP's Steve Weizman via Yahoo News, Hui said that most cyber crime is conducted by organized international gangs. And their take makes cyber crime more costly than global cocaine, heroin, and marijuana trafficking combined.
Hui estimated that 80 percent of online crime is "connected to organised gangs operating across borders." For organized criminal groups, cyber crime offers multiple advantages. It is more lucrative and less risky than traditional rackets. And the global character of the Internet makes cyber crime much easier to organize on an international basis.
Another report on the same conference, by AP's Daniella Cheslow, also at Yahoo News, noted that the Internet allows a sort of cloud crime: cyber criminals can operate from countries with weak law enforcement, yet take advantage of the latest technology.
As part of its response to the growing challenge, Interpol plans to open a cyber-crime and digital security complex in Singapore in 2014.
Protecting Against Organized Cyber Crime
Along with illegal gambling, credit card and bank fraud were cited as activities favored by organized cyber-crime groups.
Most consumer-facing midsize firms have credit card operations, and their credit card data is a prime target. But other potential risks can hardly be ignored. Technical specifications or product information can be stolen and peddled on the black market. Memoranda, emails, or other internal communications may be used to blackmail the firm or individual executives.
Organized cyber criminals prefer to keep a low profile and avoid drawing the attention of international law enforcement. This makes midsize firms an attractive class of targets--large enough to offer a substantial haul, but not so large that attacking them makes news.
The good news for IT managers at these midsize firms is that in spite of the scale and scope of organized cyber crime, most actual attacks are relatively simple, exploiting security holes that could have been plugged. Cyber criminals are looking for the easy heist. Thus, good basic security measures will greatly reduce midsize firms' vulnerabilities to organized online crime.
This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet. Like us on Facebook. Follow us on Twitter.<hr class="header"/>