MOST CYBER CRIME IS NOT AN ‘INSIDE JOB’
Eighty percent of the time, the perpetrators of cyber crime are external to the organisation that is hit, as opposed to being insiders or people colluding with insiders or suppliers. This is according to data from Verizon, an international company specialising in information security.
Chris Novak, the director of the investigative response unit at Verizon, says that most cyber criminals are looking for easy-to-exploit vulnerabilities.
While there may be certain industries or parts of the globe that are harder hit by insider or collusion-type activities, research by Verizon over the past 20 years shows that the perpetrators of cyber crime are not usually insiders or people colluding with insiders, he says.
“We work with 67 organisations, from law enforcement agencies to the private sector, in 82 countries, and we’ve investigated more than 100 000 incidents, so ours is a big data set,” he says.
He concedes that the financial sector is more prone to attack by insiders than other sectors, but he says this sector tends to do a better job than most of identifying and stopping cyber crime. “For example, most retailers don’t have an insider threat programme, meaning people deployed to watch for insider and collusion activity. Their biggest concern is a cashier stealing money out of the till. But when you look at banking, you find regulations compelling people to take time off, so that people can check what they’ve been doing to see if they’ve been setting up other apparatus internally.
“Most financial service providers have departments dedicated to watching what employees are doing. That is something we don’t see in a lot of other industries,” Novak says.
Individuals who have been the victims of online banking fraud usually personalise the attack, believing it was an inside job and that they were targeted specifically.
But Novak says very few attacks happen in isolation, with one perpetrator attacking one victim. “It’s usually one perpetrator attacking dozens or hundreds of victims, and using the same techniques,” he says.
“It’s much like when your home or car is broken into. It’s very infrequent that it is just you. Usually you find the whole street was hit. It’s the same with cyber attacks: when criminals find something that works, they want to do as much damage as possible, because, at some point, law enforcement or the community will increase their defences or increase their ability to detect you.
“That’s why when one street gets hit, it doesn’t usually happen again the following day again, because everyone’s on guard.”