The Fight Against Cyber Crime

THE FIGHT AGAINST CYBERCRIME
The Fight Against Cyber Crime: What Can We Do? Abstract Cybercrime is on the rise and every organization must recognize the danger and take necessary steps to help mitigate the threat. While many institutions worry more about hackers than cybercriminals, it is a cybercrime that can cause the most damage. A hacker is more easily detected while a cybercriminal may already be in your network undetected. While a hacker may try to breach a network for the thrill or to annoy, a cybercriminal will breach a network for monetary gain. This paper is intended to point out some of the risks of cybercrime and what a financial institution can do to help mitigate the threat of attack. Keywords: cybercrime, cyber attack, Information Technology Information Sharing, and Analysis Center, IT-ISAC, Financial Services Information Sharing, and Analysis Center, FS-ISAC The Fight Against Cyber Crime: What Can We Do? While many institutions worry more about hackers than cybercriminals, it is cyber criminals that should make us warier.
A hacker is more easily detected while a cybercriminal may already be in your network undetected. While a hacker may try to breach a network for the thrill value or to annoy their victim, a cybercriminal will breach a network for monetary gain. This may include “data acquisition and storage, stealthy access to systems, identity collection and theft, misdirection of communications, keystroke identification, identity authentication, and botnets, among others”. According to a survey conducted in August 2011 by Ponemon Institute, for the 50 participating companies (see chart 1), the average time it takes an organization to resolve a cyber attack is 18 days with an average cost of $23,000 a day. An insider attack can average 45 days to contain. This does not include the value of any data lost, modified, or stolen in the process. This survey also showed the average annualized cost of cybercrime to financial institutions was $14,700,000 for 2011, up from $12,370,000 the previous year (see Chart 2).

Chart 3 summarizes the types of attack methods experienced by the companies that participated in the survey. According to security firm Imperva, “The average large business sees 27 attacks per minute hitting its Website. Attackers can use automation technologies to generate up to seven attacks per second or 25,000 attacks per hour”. To build a sufficient IT security posture, it is important to assume that an unauthorized user can gain access to the network and then structure the network to best protect the most valuable data. The valuable data can then “be tagged and monitored so that the organization knows where it is, where it is going, where it has gone, and on whose authority”. The organization also needs to understand that they need to not only monitor what is coming into their network but also what is leaving their network. This will help “detect activities enabled by techniques and technologies that mimic, exploit, or piggyback on the access of authorized users”.
Using standard firewalls and anti-virus programs alone will not accomplish this. The organization must take a more proactive approach to protect its financial data. Now that we know what we need to do, how do we accomplish this? Some very basic steps include employee screening, employee training to help mitigate against social engineering, disabling account access of terminated employees, ensuring software updates and patches are properly implemented and ensuring firewalls are properly configured. More advanced steps include, but are not limited to, setting up a demilitarized zone to help block the network from outside access, installing a honeynet system to look like an authentic part of the network to entice and trap intrusion attempts for further analysis, installing hard drive encryption and remote data wipe capability on all laptops and other mobile devices, and requiring smart card and pin number authentication (or some other form of multifactor authentication) to access sensitive data.
The Ponemon survey revealed companies utilizing security information and event management (SIEM) solutions such as these average 24 percent less expense in dealing with cybercrime attacks (see chart 5). This reduction in cost is because companies that use SIEM solutions are better able to detect and contain, and therefore recover, from such attacks. Another important step for a financial institute to take is to become a member of the FS-ISAC (Financial Services Information Sharing and Analysis Center). The FS-ISAC was founded in 1999 and led the way for the IT-ISAC (Information Technology Information Sharing and Analysis Center) which was founded in 2001. The purpose of these groups is for organizations to have the opportunity to share the security attacks and vulnerabilities they have experienced with other organizations in their field of industry. Given the sophistication, complexity, and evolution of cybercrime technologies and techniques, no sizable organization can plan and implement the necessary response alone. CIOs, CSOs, CROs, and cybersecurity professionals should share information, techniques, and technologies in their battle against cybercrime. The importance of FS-ISAC was proven in 2000 when member companies where saved from a major denial-of-service attack that many other companies experienced. As shown in chart 4, a denial-of-service attack can be costly. A more recent example of FS-ISAC at work is the August 23, 2011 report of the Help Net Security (International) Ramnit worm which uses Zeus Trojan tactics for banking fraud.
As the FS-ISAC points out, “When attacks occur, early warning and expert advice can mean the difference between business continuity and widespread business catastrophe”. Knowing and having the chance to combat against these attacks can save institute millions. In conclusion, financial institutions must stay vigilant to current and new cyber threats. 3 gives a breakdown of cyber threats and controls that can help reduce the impact of these threats become reality. It is important for an organization to enroll in its respective ISAC and to share in the lessons learned from previous attacks. While it would be almost impossible to learn about and prevent every type of attack, staying vigilant will help reduce the likelihood and impact.
References

Don't use plagiarized sources. Get Your Custom Essay on
The Fight Against Cyber Crime
Just from $13/Page
Order Essay

Deloitte Development LLC. (2010).
Cyber Crime: A Clear and Present Danger. Retrieved December 23, 2011, from the World Wide Web: http://eclearning.excelsior.edu/webct/RelativeResourceManager/Template/pdf/M7_Deloitte_CyberCrime. pdf FS-ISAC. (2011).
Current Banking and Finance Report, Retrieved 24 December 2011, from the World Wide Web: http://www. fsisac.com/ Hurley, E. (2001, January 29).
IT-ISAC: A Matter of Trust. Retrieved 24 December 2011, from the World Wide Web: http://searchsecurity. techtarget.com/news/517824/IT-ISAC-A matter-of-trust Ponemon Institute LLC. (2011, August).
Second Annual Cost of Cyber Crime Study. Retrieved December 24, 2011, from the World Wide Web: http://www.arcsight.com/collateral/whitepapers/2011_Cost_of_Cyber_Crime_Study_August. pdf Rashid, F. (2011, July 25).
Cyber-Criminals Use Botnets, Automation to Launch Multiple Blended Attacks. Retrieved December 24, 2011, from the World Wide Web: http://www. week. com/c/a/Security/CyberCriminals-Use-Botnets-Automation-to-Launch-Multiple-Blended-Attacks-656032/Chart 1.Sample of Participating Companies by Industry (Ponemon, 2011).
Average annualized cost by industry sector ($1M). The industry was not represented in the FY2010 benchmark sample. Chart 2. Average annualized cost by industry sector. Types of Attack Methods Experienced Chart 3. Types of Attack Methods Experienced.
Average annualized cybercrime cost weighted by attack frequency. The FY 2010 benchmark sample did not contain a DoS attack.
Average annualized cybercrime cost. Comparison of SIEM and non-SIEM sub-sample of the average cost of cybercrime.
Comparison cost of SIEM and non-SIEM companies (Ponemon, 2011).
Percentage cost for recovery, detection & containment (Ponemon, 2011).
Financial Impact Regulatory ComplianceIndustry Reputation 4CriticalIncrease in costs greater than $1MFines in excess of $1MSignificant sustained negative media exposure.
Significant loss of business due to blemishes on public image. 3MajorIncrease in costs $100K to $1MFines between $100K and $1MNegative media exposure. Loss of business due to blemishes on public image. 2ModerateIncrease in costs less than $100KFines under $100KSome negative media exposure. Slight loss of business due to blemishes on public image.

Place your order
(550 words)

Approximate price: $22

Calculate the price of your order

550 words
We'll send you the first draft for approval by September 11, 2018 at 10:52 AM
Total price:
$26
The price is based on these factors:
Academic level
Number of pages
Urgency
Basic features
  • Free title page and bibliography
  • Unlimited revisions
  • Plagiarism-free guarantee
  • Money-back guarantee
  • 24/7 support
On-demand options
  • Writer’s samples
  • Part-by-part delivery
  • Overnight delivery
  • Copies of used sources
  • Expert Proofreading
Paper format
  • 275 words per page
  • 12 pt Arial/Times New Roman
  • Double line spacing
  • Any citation style (APA, MLA, Chicago/Turabian, Harvard)

Our guarantees

Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.

Money-back guarantee

You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.

Read more

Zero-plagiarism guarantee

Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.

Read more

Free-revision policy

Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.

Read more

Privacy policy

Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.

Read more

Fair-cooperation guarantee

By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.

Read more
Use the discount code "OFFNOW" today and get a 20% offOrder Now
Live Chat+1(978) 822-0999EmailWhatsApp