Seeking a competitive advantage. Being fast to market. Being a disrupter in your field. Generating revenues and winning market share. These are undoubtedly all goals for your organisation.
Except these are also the objectives of the modern cybercriminal.
Today, cybercrime is a business in its own right – and for a new generation of cybercriminals, their whole function is to make money and win market share.
“There’s this interesting parallel between organisations’ desire to achieve customer satisfaction and make money to how cybercriminals work. We’re just using technology in a very different way to accomplish those things,” said Martyn Ditchburn, chief technology officer in-residence at Zscaler.
You can see how cybercriminals have leaned into the way businesses think
“Cybercriminals have exactly the same aspirations around generating revenue and margin growth as any other business.”
They are also embracing cloud for scale and automation, mirroring most companies’ own digital transformations. When combined with AI, the efficacy of threat initiation also makes a quantum leap.
This way they can launch cyber campaigns quickly, leverage the compute power of the cloud to reach as many potential points of vulnerability as possible and even diversify into new markets.
Indeed, there’s research suggesting that if it were measured as a country, the cybercrime industry would be the world’s third-largest economy after the US and China.
It’s useful to break down how this has happened, and the changing nature of the threat, by applying the investigative template of ‘means, motive and opportunity.’
The means
The players in this economy have been enabled by access to a range of ready-made cyber attack services on the dark web - packaged up and advertised in the same way as any solution on the legitimate web – and the use of cryptocurrency, which they can easily leverage for unregulated payments.
“In the past, you had to be a tech specialist to take advantage of vulnerabilities,” says Ditchburn. “But now those tools are readily available. There are entire toolkits that you can just buy off the shelf on the dark web that allow you to take advantage of known vulnerabilities. Cybercriminals have commoditized hacking and ransomware - incident initiation has become a service.”
The motive
Early hackers were motivated by ideological reasons, or a sense of ‘I can, so I will’. However, today their overwhelming incentive is financial gain. There has been a huge surge in ransomware attacks in particular, where there are potentially large quantities of low financial payouts.
“If your biggest risk of financial loss is a few hundred pounds through ransomware every quarter, organisations may factor that in as the cost of doing business,” says Ditchburn.
“You can see how cybercriminals have leaned into the way businesses think and whether it’s worth spending that money to plug those gaps.” From certain viewpoints, cybercrime can be considered an inflationary factor, with the cost of exploitation a marginal contributor to economic changes.
The opportunity
The number of IT systems that organisations have today is far greater than ever before, which often includes a high percentage of legacy tech. Many organisations don’t have the money to reinvest in modernising those systems.
As a result, there may be legacy IT systems sitting idle that are unmanaged, unpatched and unloved. But of course, these systems invariably still hold critical data for the organisation. And even if they don’t have that critical data, they are often the entry point for hackers to access that data.
Even those that choose to modernise open themselves up to increased risk. Data centre migration is a strong example, where companies can take 18-24 months to move to the cloud, lowering their defences for extended periods of time, even if unintentionally.
For a new generation of cybercriminals, their whole function is to make money and win market share
The consequence is that during project implementation phases, usual operational duties are deprioritised creating moments of weakness that could be exploited, as few organisations have an army of IT teams who can run projects effectively and maintain security too.
One of the largest legacy technologies is the network. Lateral movement – where hackers move across the networks from an initial entry point – is now a huge problem.
“Criminals are relying on a daisy chain of vulnerable systems to take advantage of those easy opportunities,” says Ditchburn. “Often organisations don’t have the sufficient level of monitoring in a corporate environment, allowing cybercriminals to operate almost with impunity. Even if organisations do have the tools, they are operated by dispersed teams, making incident correlation nearly impossible in real-time.”
A paradigm shift to zero trust
With cybercrime forming a new and powerful industry, organisations need an updated security paradigm to combat the increasing threat.
Zero trust isn’t a single solution – it’s a security strategy that maintains that no entity, whether user, app, service, or device, should be trusted by default. Before any connection is allowed, trust is established based on the entity’s context and security posture, then continually reassessed for every new connection, even if the entity was authenticated before.
Zero trust helps to keep organisations secure through the meaningful segmentation of assets and data.
As such, an increasing number of organisations are adopting a zero trust strategy. According to The State of Zero Trust Transformation 2023 report from Zscaler, more than 90% of IT leaders who have started their migration to the cloud have implemented, or are in the process of implementing, a zero trust security strategy.
“Zero trust starts to remove those attack vectors,” says Ditchburn. “It reduces lateral movement. One of its core values is one of visibility and being able to log every transaction, using the power of the cloud to deal with emerging threats.”
The strategy is, in many ways, matched to a business’ aspirations. For example, most organisations don’t have an army of tech specialists. However, with zero trust there’s no high price of entry as with physical hardware, and there are no localised skills required in terms of configuration and deployment.
Zscaler’s cloud native platform also leverages the same advantages offered by the cloud. For example, it follows you wherever you are – it’s not restricted to one network location. And it can scale at a pace that suits your business. So if you need to elevate your maturity level to inspect traffic, you can simply turn on that service. Or if you want to leverage zero trust as a way of monitoring your workforce, the same architecture and technology that enables cyber defence can also provide you with access to those data points around user performance.
“The ability to create islands of connectivity helps remove lateral movements,” says Ditchburn. You’ve got this paradigm shift where the means, motives and opportunities for defence are, for the first time, available in a way to help combat cyber offence in a meaningful way.”
For more information please visit www.zscaler.com
