In March, a chart came out comparing the stereotypical computer hacker of 1995 to that of 2015. According to the chart's characterization, the hacker of 20 years ago was in every sense an amateur: often a kid in a basement seeing how much he or she could get away with. By today's standards, the 1995 hackers come off as almost benign. Sure, they would play around with the data on your computer and cause you a hassle here and there, but at the end of the day they were not stealing your identity, making off with your credit cards or trying to take control of the car you're driving.
Flash forward 20 years and you have an image of the hacker that is entirely different from its predecessor. A cybercriminal is no longer a tech geek being criminally mischievous to explore what they can do on the Internet. By today's standards, that kind of criminal looks positively tame. By contrast, the hacker of 2015 represents the ultimate threat: a calculating, well-connected, organized career criminal out for huge profits — or worse.
As the 1995 vs. 2015 comparison chart tells us, the hacker of today is someone who will "kidnap your data for ransom", "like[s] selling your information to the highest bidder", and is located just about anywhere in the world. Shadowy, elusive and criminally connected, the 2015 cybercriminal is only one cog in a well-oiled machine that seemingly cannot be stopped. But perhaps by working toward understanding who these criminals are, we can be better equipped to defend against them.
The first thing to understand about hacking these days is that it is a lot closer to the drug trade than it is to computer geekdom. The image of the hacker as a lone tech wiz kid pounding out malicious code is an outmoded one. Today's hacker is an organized criminal.
Back in March, The Telegraph ran a story reporting a migratory shift of international criminals away from drugs and into cybercrime. The shift makes sense. After all, drug dealing is an illicit practice that is about as risky and unreliable as it gets. From customs agents intercepting drug shipments to the constant threat of police, the drug trade is one where the threat of capture is always present. This is unfortunately not often the case with cybercrime. Because cybercrime takes place in the virtual realm, it is a lot harder to trace than any other illicit practice. For this reason, it is becoming an increasingly lucrative option for criminals.
A successful criminal is an opportunist. And when it comes to cybercrime, there is nothing but opportunity for lawbreakers looking to make money with a significantly reduced risk of capture. As a result, cybercrime is increasingly becoming a gold mine for organized crime.
According to the Telegraph article, "Up to a quarter of all organized criminals in Britain are now thought to be involved in some form of financial crime, netting them tens of billions ... in profit every year."
But even that 25 percent figure may be something of an understatement, since, as the article pointed out, the difficulty of tracing cybercrime makes it hard to realistically represent its pervasiveness. Yet if there's uncertainty surrounding the exact percentage of organized crime that happens virtually, there is no question about the extent of its impact.
"If you ask a room full of people who has been a victim of some sort of fraud or financial crime, half of them will put their hand up," said Adrian Leppard, Commissioner of the City of London Police. "You would have difficulty finding any other area of crime with similar statistics."
The reality is that the vast majority of cybercrime goes unreported. For every high-profile hacker who is nabbed by police — the recent arrest of the so-called 'Bitcoin Baron' is one recent example — there are innumerable others actively evading capture. Back in 1995, the prototypical cybercriminal was not someone with a criminal record. Today, that has completely changed. According to a separate Telegraph article, six out of 10 Internet criminals have a criminal record that extends beyond the virtual realm.
What this statistic points to is the fact that hackers aren't thinking like tech geeks anymore — they are thinking like hardened criminals. As a result, it's not only credit card theft and identity swiping we have to worry about, but also the realistic threat of hacker-spawned violence. Those who follow cybercrime headlines have already gotten a sense of how the virtual can bleed — quite literally — into the real world. During the trial of alleged Silk Road founder Ross Ulbricht, for instance, prosecutors revealed a plot by Ulbricht to have five people assassinated. And even as you read this article, there are active forums in the dark web where hitmen mingle with hackers.
But perhaps the scariest thing about cybercrime is that it all happens in the dark. For the most part, the enemy is unseen, leading victims to confusion and a lack of preparation. After all, how can you prepare for something you don't know about? This is something that a lot of businesses are asking themselves. But there is a solution.
The answer to defending against an unseen enemy is to be prepared for the worst possible scenario 100 percent of the time. Don't just assume that your business is the next target of a huge hack — assume that hack is happening tomorrow. So what will you do about it?
Unfortunately, for most enterprises, the answer is, "Not much." Within the enterprise sphere, there's an overwhelming lack of preparation for virtual threats, which is why the exact same breach scenario plays out again and again: Company is attacked, doesn't realize it, has privileged data comprised, throws up its hands and loses the trust of its patrons. But this doesn't have to be your business' story. Here's how your enterprise can prevent being the next up-in-arms hacked business:
By following these steps, your organization can prepare itself for the worst possible scenario — which, in a world of rampant and ever-growing cybercrime, is a very likely scenario. Don't let that become a reality for your organization.