Page 1 of 5
For decades, cybercrime has been the stuff of Hollywood thrillers and pulp fiction novels. But the days when cybercrime was tantamount to a gaggle of teen-age hackers creating viruses in their parents' basements have long since died. Now, the FBI reports that, for the first time ever, revenues from cybercrime have exceeded drug trafficking as the most lucrative illegal global business, estimated at reaping in more than $1 trillion annually in illegal profits.
Individuals or groups of hackers loosely tied together with common goals have coalesced into organized criminal hierarchies, and like multiheaded cyber Corleone families, they come complete with defined roles and systems of rewards. They're well-funded, well-managed businesses, and they are growing at breakneck speed, continuing to evolve by means of complex ecosystems and technologies that have become increasingly sophisticated and efficient. And like any growing enterprise, they're expanding their reach to smaller and more vulnerable targets, to the multitude of underequipped and cash-strapped SMBs and small midtier companies.
As more SMBs and midmarket companies struggle to protect sensitive data, solution providers are finding that many are beginning to re-evaluate their security environments and adopt what were once considered high-end solutions. VARs selling these solutions to largely enterprise and upper midmarket customers are finding that they are making rapid inroads downmarket. And while many SMBs still remain unaware of the threat, VARs are ready at arms to provide innovative and surprisingly affordable solutions to protect the SMB.
"Anybody that stores large amounts of data is most vulnerable. They're all vulnerable," said Kevin Newmeyer, worldwide principal for strategic security and counterterrorism for Unisys. "The ones that don't think they're vulnerable haven't been hit yet."
Cybercrime Inc. Keeps Growing
In August, 11 defendants were formally charged in last year's high-profile T.J. Maxx data breach in which more than 45 million accounts were compromised over a couple of years. The defendants included three U.S. citizens as well as citizens of the Ukraine, Estonia, Belarus and the People's Republic of China. What's become clear to investigators and security experts alike is that organizations perpetrating these kinds of attacks are not only increasingly global, they're becoming nimbler, smarter and more efficient at wreaking havoc on company networks and profiting from their illegal activities. They have names like the Russian Business Network, Gray Pigeons, and Honkers Union of China. And they're growing—in numbers, power and reach.
"What we've seen is really a deep stratification of electronic crime into a growing, prosperous and responsive economy, with a number of specialty organizations, syndication and deepening organization of peers, both within a vertical skillset and across the entire enterprise of electronic crime," said Peter Cassidy, secretary general of the Anti-Phishing Working Group, a nonprofit organization dedicated to counteracting cybercrime. "Increasingly, we see this is turning into big business."
Members originate from all over the world, Cassidy said, with large concentrations in Russia and Eastern Europe, as well as parts of Africa—typically areas with access to technology coupled with political upheaval and limited financial opportunities.
In recent years, China has also emerged on the world stage as a global security threat as its population soared and economy exploded with a young and highly skilled volunteer labor force. A recent McAfee report found that of 265 countries surveyed, Hong Kong was by far the biggest security risk, with almost 19 percent of Web sites with the .hk domain hosting malware. Hong Kong was seconded only by the .cn domain out of the People's Republic of China, followed by the Philippines, Romania and Russia.
Scott Henderson, a former U.S. military intelligence analyst with a specialty in the Chinese cyberthreat, said that there are about 280,000 to 300,000 individual hackers in China belonging to about 250 cybercrime organizations.
