Cybercrime: How organizations can protect themselves

By Suzanne Kattau

August 17, 2012 — (Page 1 of 6)
An effective governance framework for monitoring cyber activities and a process for gathering, analyzing and sharing cyber intelligence are two of the weapons in an organization’s arsenal to counter cybercrime, according to the not-for-profit Information Security Forum. SD Times asked Steve Durbin, ISF’s global executive vice president, about cybercrime, and how enterprises can counter its effects and prevent privacy breaches.

SD Times: What factors are driving cybercrime?
Steve Durbin: Cybercrime at its basic level is really being driven by the criminal fraternity. So we’ve seen organized crime come into that space. And they’ve determined that, by collaborating, they’re able to be much more effective and efficient than they have been in the past.

We also then have cyber-terrorism, which is slightly more worrisome than pure cybercrime. And then, on the other end of the spectrum, we have state-sponsored espionage, which has moved from the guys who were sort of walking the streets to those that are sitting at computers instead and stealing information—particularly when it comes to things like R&D or state secrets.

How are organizations being affected by cybercrime?
From an organization standpoint, what we have seen is a lot of these things moving out of the general environment to become much more pertinent and relevant to individual organizations. So, if we walk through each of those different areas, let’s start with state-sponsored espionage, for instance. If you imagine that you are one of the leading missile or defense manufacturers in the United States, of course, then the sort of information that you have and that you are holding are going to be particularly interesting to certain rogue states that are out there.

Certainly a number of individuals might have Steve Durbin

information that they’re holding—particularly if they’re CEOs or if they’re senior executives within organizations—that would be interesting for you (if you were a cyber criminal) to get a hold of at the individual, personal level. Because you might want to combine that information with their Facebook page and then build some social engineering profile that will enable you to access their bank accounts or their stock portfolios. You don’t need too many data points to be able to do this kind of thing. But this is actually a known problem. What is really more concerning, I think, is the unknown. It is that combination of these sorts of things that, when applied in a number of different ways, provide you with inputs or opportunities that you probably hadn’t imagined were out there.

Related Search Term(s): cybercrime, security

Pages 1 2 3 4 5 6

Share this link: http://sdt.bz/36876

Technorati

Digg

Slashdot

Facebook

Friendfeed

Twitter

del.icio.us

Cigital Develops Ready-to-Use Tools for Securing the Smart Grid Cigital Inc. announced the release of the Guide to Developing a Cyber Security and Risk Mitigation Plan.

Department of Homeland Security lays down security suggestions Common Weakness Enumeration version 2.0 highlights flaws in software development practices

Metadata Security for SharePoint Adds Security Permissions Titus Metadata Security for SharePoint allows permissions to be assigned based on the recipient's Active Directory properties

Cigital Develops Ready-to-Use Tools for Securing the Smart Grid
Cigital Inc. announced the release of the Guide to Developing a Cyber Security and Risk Mitigation Plan Read More...