Historically romanticised as “geeks and savants” who were a force for good, back in the 1970s hackers began life as technology enthusiasts who explored or tested the limits of programmes and communication networks.
But by the 1990s, a new generation of malicious hackers were emerging and within ten years the hacking community had become much more complex and fragmented.
Today, it spans a whole spectrum of actors – including security researchers and bug bounty hunters, hacktivist groups like Anonymous, as well as sophisticated and highly organised criminal groups.
Unsurprisingly, the Mafia has also proved adept at rapidly transferring its operations online and adopting digital business models and processes to undertake money laundering, fraud, trafficking and extortion activities.
Indeed, digitisation offers multiple advantages for organised crime syndicates; enabling operational efficiencies, extended geographic reach and anonymity.
Driven by profit, these cyber crime bosses are recruiting armies of well-trained IT specialists – who often operate out of in low-wage countries and emerging markets – to execute Internet powered operations and campaigns.
An ever-evolving threat
In recent years we’ve witnessed the growing “commoditisation” of cyber crime tools. Today, it’s easy to buy pre-configured hacking tools on the Dark Web, where advanced threat packs, zero day threats and cracking packages for IT infrastructures are all readily available.
Customers for these user-friendly tools include criminal organisations, terrorists and state-sponsored entities.
Indeed, intelligence agencies confirm that terrorists, mafia cartels and criminal hackers are increasingly collaborating to share information, resources, procedures and practices in order to pursue their varied goals more effectively.
It’s a worrying trend that highlights just how adept criminal groups are becoming at creating global teams – building out digital supply chains that enable them to pursue highly adaptive strategies and capitalise quickly on identified opportunities.
It’s a transformative move that is set to see criminal organisations, many of which are state-sponsored, using DDoS attacks of unimagined proportions to paralyse critical infrastructure.
But while major institutions and global corporations represent tempting targets, hackers also know that small businesses can be a similarly lucrative opportunity.
Ransomware attacks are cheap to operate and many smaller organisations aren’t appropriately prepared to defend against such a threat.
Over the coming year we can expect to see hacker behaviours and targets evolving. For example, cyber criminals can now take advantage of the ubiquity of the smartphone to undertake micro hits on individuals around the globe, confident that investigating authorities will be unable to pursue such mass extortion tactics.
Taking steps to protect digital assets
Criminals are already ahead of the game when it comes to seizing the potential of digital transformation. In comparison, large and small companies and entities often struggle to achieve digital transformation or struggle to secure their digital enterprise once they have embraced a more digital way of doing things.
Taking a “Security by Design” approach is becoming a critical requirement. This means ensuring the necessary security systems and approaches are evaluated at the planning and design stage.
Whether that’s for mobile devices and wearables, back end devices – including cloud – and networked IoT devices, from the printer, to CCTV, to every last connected sensor.
This approach will significantly reduce the attack vectors that cyber criminals can utilise to infiltrate the digital enterprise.
It also makes it a resource-intensive and therefore expensive task, with potentially limited opportunity.
Security no longer has to be a limiting factor in the digital journey, but it is an essential one if companies expect to thrive and survive in the era of digital transformation.