CaaS and Consequences
The term Cyber-crime as a Service (CaaS) describes a rapidly developing technology and ecosystem, including a marketplace where cyber criminals can rent malware kits. And it is this industrialization of hacking that should worry all IT professionals.
Cyber-criminals face a very bipolar situation. Companies have either installed multiple protection layers that leave little room for cyber criminals to push past them. Or they have a bare bones IT security system in place, that provides plenty of openings for cyber criminals to compromise systems. But whatever the case may be, the effort to launch a cyber-attack remains the same and it can literally be hit or miss.
A new development in cyber space, that should be a major concern for IT administrators, is the aggregation and sharing of information among cyber criminals. Things like exploit kits and ransom-ware can be purchased and put into circulation with the click of a mouse. Basically, cyber-criminals are opening websites and selling exploitative software to other cyber-criminals. The reason this practice has come to be called “Cyber-crime as a Service” is because it has become so expansive that it mirrors other cloud-sourced solutions like IaaS, SaaS, or DaaS. Certainly, the cyber-crime angle is a bit tongue-in-cheek, but its effect on international economies is not. It isn’t just big businesses that are a targeted, either.
In 2016, 43% of attacks designed to “phish” and exploit information were aimed at small business. Currently, cyber-crime is a $2.5 billion-dollar industry on an annual basis. In the following eight years, that is expected to expand to $20 billion yearly.
Contrast that with the economic growth experienced by traditional cloud applications, which in 2015 constituted a $70 billion-dollar a year industry. That means that the size of the cyber-crime industry is approximately 3.5% of the size of the cloud industry, which is substantial.
With numbers like that, it’s no surprise cybercriminals are able to make a very decent living just by ripping off businesses, large and small. Now here’s the thing: businesses spend tens of thousands on protections against all possible avenues of cyber threat, and they may totally protect themselves, but they could be spending money unnecessarily. Here’s what makes more sense for IT security providers: identify the areas of greatest vulnerability, and offer protection services for these areas.
Ransomware is the most pervasive cybercrime threat today. Many businesses are not aware of the fact that, ransomware uses military-level encryption programs to hold files hostage. And if businesses don’t pay the fee in the time allotted— and many of these ransomware programs have a 24-hour countdown or less— then they lose all their files. They’re totally wiped from the hard drive, and barring backup/disaster recovery solutions, they can’t be recovered. Naturally, many small and large businesses that don’t have protections are forced into paying the fee. But a cybercriminal operates in a remote capacity, which means they have no problem double-dipping. Even if you pay them, that malware remains on the computer. They can tap into it and hold the company up for cash again! And oftentimes they will, because many cybercriminals operate from an international base of operations located outside the country of their targets. They’re operating illegally, but nobody can touch them.
Oftentimes, this malware is “spammed” out through e-mail, social media, websites that stream videos, or anywhere there’s a weak link in an IT security array that can allow for penetration.
The best way to get past Cyber-crime as a Service is through IT support solutions that include multiple protection layers. Granted, there are other areas where cyber-criminals are likely to compromise a company’s operations, but ransom-ware is a very wide area of exploitation. And it makes sense for IT security providers to start with areas of greatest vulnerability, and gradually following through until all vulnerable areas have been covered.
CaaS is expanding, and as the cloud becomes a more integral component of modern operations, it’s very likely that this trend of digital criminals compromising legitimate business is likely to increase as well. Essentially, it will be impossible to entirely curtail such criminal enterprises, but that doesn’t mean they can’t be defended against effectively. Contact your clients and discuss the IT security solutions that are available. Help them identify security vulnerabilities and discuss the best strategies to combat these latest cyber threats. They say an ounce of prevention is worth a pound of cure, and that maxim is doubly true today.