Home' Trinidad and Tobago Guardian : January 23rd 2014 Contents BG20 | COMMENTARY
BUSINESS GUARDIAN www.guardian.co.tt JANUARY 2014 • WEEK FOUR
The recent credit card security
breach at US retail giant Target
affected 70 million customers
was a major wake up call to
businesses around the world.
The incident underscores that the notion of
a hacker as some lone, geeky miscreant, tap-
ping away at a keyboard in a darkened room,
is now obsolete. The modern cybercriminal
is formidable, sophisticated and very well
The shifting frontlines
Data breaches like the one Target suffered
are typically conducted by organised crime
syndicates or similar groups with high levels
of technology savvy, engaging highly-skilled
resources from around the world. They present
a very real threat to the modern technolo-
gy-enabled organization -- both large and
The first line of defense is also no longer
simply the individual, as it once was. In today's
world consumers no longer "own" their data.
Much of the information consumers routinely
share with government, banks, insurance
companies, businesses and schools, for exam-
ple, are now stored on many servers they
neither see nor control.
The key then is to counter cyber threats
with the same level of investment, sophis-
tication and thoughtfulness as the cyber-
criminals. As clever and well-resourced as
they may be, they can be thwarted.
Know the enemy
The face of today's cyber criminal looks
remarkably like any modern tech savvy enter-
prise. They have expansive networks of part-
ners and technology experts. They contract
out software development, research and tech-
nical support. They hire skilled managers to
ensure that logistics run smoothly and human
resource are optimally utilised to fulfil the
core mission: revenue generation. They are
typically run by shrewd entrepreneurial-
minded business leaders who is able to moti-
vate others and forger global partnerships in
pursuit of the corporate mission.
Sounds like a business you can relate to,
right? That's precisely the problem. That
players in space are emblematic of the new
wave of criminal using the power and global
reach of the Internet to rake millions out of
the coffers of legitimate businesses and pockets
of consumers around the world.
The Attraction of the Internet
The incentive is quite compelling. The
Internet is a vast mosaic of economic activity,
covering hundreds of millions of daily online
transactions and communications. The Inter-
net accounts for a significant and growing
portion of global GDP. The economic activity
generated around the Internet is now larger
than the economy of Spain, and surpasses
traditional global industry sectors such as
agriculture and energy.
A recent study by the McKinsey Global
Institute (MGI) examined the Internet
economies of the G8 nations (Canada, France,
Germany, Italy, Japan, Russia, the United
Kingdom, and the United States), as well as
Brazil, China, India, South Korea, and Sweden.
It found that the Internet accounts for 3.4
per cent of overall GDP in the nations studied.
More than half of that impact arises from
private consumption, primarily online pur-
chases and advertising. An additional 29 per
cent flows from investments by private-sector
companies in servers, software, and commu-
It is not surprise then that cyber criminals
are so well incentivised to claim their share
of this multi-billion dollar Internet economy.
And like any good enterprise they have iden-
tified a particular target market that offers
the best return for their cyber criminal invest-
ment: small businesses.
Spotlight on small businesses
Small businesses are ideal targets for the
cyber criminals because they typically have
more Internet connected computers, more
stored data and more money to steal from
than an average consumer. They also typically
have much less security measures in place
than larger enterprises.
This presents a particular risk to business
and economies in Latin America and the
Caribbean. Regionally, thousands of small
businesses operate in all of the major sectors:
agricultural, industrial, manufacturing, and
services. In fact, SMEs are significant con-
tributors to the region's economies. In the
Caribbean they contribute about 40 per cent
to the region's GDP and account for about
50 per cent of employment.
One of the big misconceptions amongst
small-business owners and sole proprietors
is that they aren't significant enough to pos-
sibly be targeted by the bad guys. One line
of reasoning is, it's already hard enough to
get customers to find your Web site, so how
would some cyber crook from somewhere in
Eastern Europe even know to find you? The
lies in the how of the search. While you cus-
tomers search manually, cybercriminals use
sophisticated tools to completely automate
their discovery and hacking schemes.
Taking defensive action
So what what's a business to do to defend
itself? Here are four steps you can take:
Prioritize what's valuable and what needs
to be protected. Survey your digital assets
and develop a matrix of what data your store
and what may be of interest to would-be
cyber criminals. This can serve as a starting
foundation for your strategic data protection
Properly map your digital user base. Identify
people and map them to data access activities
to develop potential threat profiles. This can
help in focusing efforts to thwart attacks that
occur from or are caused by careless or
improper actions from within your organi-
Identify and monitor system vulnerability
points. Identify all entries and exits; be they
printers, thumb drives, network boundaries,
etc. Watch happenings at these key points as
well as system wide. More importantly, don't
just track the raw activity levels, but trends
as well. Develop baseline metrics to identify
abnormalities quicker and take action in a
more rapid fashion.
Increase awareness and strengthen skills.
Investing in employee training, internal aware-
ness and corporate security policies and pro-
tocols is a key step in defending your organ-
isation against the threat of cyber attack.
In our increasingly digitally-dependent
world, cyber security is a war in which the
enemy is well-resourced and highly motivated.
As corporations and consumers, we need to
act accordingly by taking cybercrime more
seriously. It's no longer a question of if, but
when an attack will occur and how well pre-
pared we are to deal with it when it happens.
Defending against rise of the global cyber-criminal
The Cybercriminal Syndicate:
Masters of Global Outsourcing
The modern cybercriminal is a master of
global outsourcing. They go to one group to
write malicious software code; then use an-
other group to take the code and deploy it
across the Internet to build a huge network;
then to a third group to find and exploit vul-
nerabilities in e-commerce sites, online data-
bases and other valuable data stores; then
engage a fourth group to attack the sites
and do tens or even hundreds of thousands
of transactions in a few minutes, using their
malicious code and their network of compro-
mised computer systems. Chi-ching! Multi-
million dollar theft in the time it takes to
Here are the main players typical in a cy-
These are the folks who hire all the other
specialists to carry out their criminal master
The kingpins usually have their team of
lackeys to help mobilize the work force, pay
contractors and do the dirty work involved in
turning stolen identities into tangible dollars.
These coders create plug-and-play mal-
ware kits that allow non-techies to start in-
fecting computers for profit without ever
learning geek speak.
These specialists either use malware kits
or write their own code to infect machines in
order to build up a bot network of "zombie"
machines to do their bidding.
These hackers troll the internet looking for
banking and commerce sites with ex-
ploitable vulnerabilities that could be used to
break in to steal information, products or
These are the experts tasked with turning
stolen credit card information into fake
credit cards that can be used at ATMs or
card terminals to actually steal the money.
These foot soldiers are used to take stolen
cards to ATMs and make withdrawals.
Mules are hired out to open up bank ac-
counts and move stolen money from the US
to foreign accounts owned by the kingpins.
Bevil Wooding is the chief knowledge officer of
Congress WBN (www.congresswbn.org), a values-
based, international charity and the executive director
of BrightPath Foundation, a technology education
non-profit organisation. Reach him on Twitter @bevil-
wooding or on facebook.com/bevilwooding or contact
via email at technologymatters@brightpathfounda-
Links Archive January 22nd 2014 January 24th 2014 Navigation Previous Page Next Page