Wednesday, March 26, 2014

Today's Cybercrime - The Market is "Growing Up"

I've been a student of cybercrime since my full-time entry into cybersecurity in 2001.  When I had some time on my hands recovering from an accident I actually spent a month reading every document I could find on the Internet covering the subject.

Well, I wouldn't recommend that you spend a month recuperating in front of the Internet but you will find a report from RAND Corporation on today's cybercrime market fascinating and disturbing and will give you a sense of the maturity of the cybercrime market and its "workers and leaders."

The Rand report (picture above) is 83 pages of discussion about today's black market for such things as credit cards, passwords, identities, etc.  To quote the preface of the report...

This report describes the fundamental characteristics of these markets and how they have
grown into their current state in order to give insight into how their existence can harm the
information security environment. Understanding the current and predicted landscape for
these markets lays the groundwork for follow-on exploration of options that could minimize
the potentially harmful influence these markets impart. This report assumes the reader has a
basic understanding of the cyber, criminal, and economic domains, but includes a glossary to
supplement any gaps.

The final take-away to offer is another quotable quote from the report:

In certain respects, the black market can be more profitable than the
illegal drug trade; the links to end-users are more direct, and because worldwide distribution
is accomplished electronically, the requirements are negligible.

Action:  To my fellow security professionals, take a moment to give this to your boss and maybe the CEO and Board of Directors.  They need to see that the threat is real and the opportunities for the miscreants are increasing.  Hence, you need more resources - money, qualified staff, tools, techniques -- to do your job.