The Fight Against Cyber Crime

Only available on StudyMode
  • Download(s) : 134
  • Published : November 29, 2012
Open Document
Text Preview
Running head: THE FIGHT AGAINST CYBER CRIME

The Fight Against Cyber Crime: What Can We Do?

Abstract
Cyber crime is on the rise and every organization must recognize the danger and take necessary steps to help mitigate the threat. While many institutions worry more about hackers than cyber criminals, it is cyber crime that can cause the most damage. A hacker is more easily detected while a cyber criminal may already be in your network undetected. While a hacker may try to breach a network for the thrill or to annoy, a cyber criminal will breach a network for monetary gain. This paper is intended to point out some of the risks of cyber crime and what a financial institute can do to help mitigate the threat of attack.

Keywords: cyber crime, cyber attack, Information Technology Information Sharing and Analysis Center, IT-ISAC, Financial Services Information Sharing and Analysis Center, FS-ISAC

The Fight Against Cyber Crime: What Can We Do?
While many institutions worry more about hackers than cyber criminals, it is cyber criminals that should make us more wary. A hacker is more easily detected while a cyber criminal may already be in your network undetected. While a hacker may try to breach a network for the thrill value or to annoy their victim, a cyber criminal will breach a network for monetary gain. This may include “data acquisition and storage, stealthy access to systems, identity collection and theft, misdirection of communications, keystroke identification, identity authentication, and botnets, among others” (Deloitte, 2010). According to a survey conducted in August 2011 by Ponemon Institute, for the 50 participating companies (see chart 1), the average time it takes an organization to resolve a cyber attack is 18 days with an average cost of $23,000 a day. An insider attack can average 45 days to contain. This does not include the value of any data lost, modified, or stolen in the process. This survey also showed the average annualized cost of cyber crime to financial institutions was $14,700,000 for 2011, up from $12,370,000 the previous year (see Chart 2). Chart 3 summarizes the types of attack methods experienced by the companies that participated in the survey (Ponemon, 2011). According to security firm Imperva, “The average large business sees 27 attacks per minute hitting its Website. Attackers can use automation technologies to generate up to seven attacks per second, or 25,000 attacks per hour” (Rashid, 2011). To build a sufficient IT security posture, it is important to assume that an unauthorized user can gain access to the network, and then structure the network to best protect the most valuable data. The valuable data can then “be tagged and monitored so that the organization knows where it is, where it is going, where it has gone, and on whose authority” (Deloitte, 2010). The organization also needs to understand that they need to not only monitor what is coming into their network but also what is leaving their network. This will help “detect activities enabled by techniques and technologies that mimic, exploit, or piggyback on the access of authorized users” (Deloitte, 2010). Using standard firewalls and anti-virus programs alone will not accomplish this. The organization must take a more proactive approach to protect its financial data.

Now that we know what we need to do, how do we accomplish this? Some very basic steps include employee screening, employee training to help mitigate against social engineering, disabling account access of terminated employees, ensuring software updates and patches are properly implemented, and ensuring firewalls are properly configured. More advanced steps include, but are not limited to, setting up a demilitarized zone to help block the network from outside access, installing a honeynet system to look like an authentic part of the network to entice and trap intrusion attempts for further analysis, installing hard drive encryption...
tracking img