Executive summary
Cyber criminals understand that data is immensely valuable. And the more critical, sensitive or secret it is, the better. Good money can be made in selling confidential information and trade secrets, or in disrupting essential services and infrastructure. Not only does everyday data have real monetary value in the black economy – just look at the way organised criminals sell credit card details and personal data online, for example – but more sensitive data can also be used by organised groups, including criminal gangs, unscrupulous companies and foreign nation states, to gain much wider economic, commercial or political benefit.
In partnership with the UK Government’s Cabinet Office, we recently estimated that, of the £27bn total cost of cyber crime in the UK, businesses alone are haemorrhaging information worth approximately £17bn every year. And worldwide estimates put the annual cost of cyber crime at a staggering $1 trillion . In the so-called ‘Night Dragon’ and ‘Operation Aurora’ attacks last year, highly sensitive data and valuable intellectual property was taken from a wide range of companies.
Cyber criminals must be rubbing their hands together. Because it seems that while society has undoubtedly benefited from rapid advances in technology, its widespread and ever-growing use – laptops and other ‘smart’ mobile devices, in particular – is making every organisation more vulnerable to sophisticated and targeted cyber attacks.
Typical targeted cyber attacks require, in some measure, a combination of technical tools and expertise, social engineering and operational coordination. They are fluid and sophisticated, and often well-funded and cleverly organised. That’s why attackers tend to have very specific goals in mind, and are persistent in their attempts to achieve them – even if it takes months or years.
For instance, they may be after sensitive commercial information or intellectual property. And in order to get it, they will target a specific individual or group of employees in an attempt to subvert or fool them into opening a ‘back door’ onto the computer network. Then the criminals will apply their tradecraft carefully and systematically, often over an extended period of time. They will use such measures as spearphishing emails, with trojans embedded inattachments or links to fake websites; or custombuilt malware, designed to work alongside unpatched vulnerabilities in commonly used software applications. And once the floodgates have been opened, the criminals are free to copy the files they want and exfiltrate gigabytes upon gigabytes of data.
