As technology advances, cybercrime is not only becoming a well-organized business but also generating interest at a retail level. Our digital transformation is rapid without proper IT structure and support that it needs. Of course, without a doubt, we see how COVID-19 has fast forwarded these crimes from the future to our current new normal. Something as simple as ‘VPN’ connection to perform remote work is not on our leaders’ top of the list as we all adjust to work from home, whether we are big enterprises OR small-Medium size companies. Isn’t it ironic how this invisible virus is keeping us from knowing or understanding the true repercussions if we are not directly impacted by the virus … just like the DARK web!!! Out of sight IS out of MIND…until it’s too late!
Dark Web has become a full-blown business where wholesalers of offering cybercriminals products and services are connecting with the up and coming group of people interested in cybercrime as a business. You may have heard of RaaS – Ransom as a software, where off the shelf products can just be bought to implement a ransomware. To make it even easier for the newbies, tech & support services are provided with the purchase. Forbes shared that there are off the shelf malware packages as cheap as $50 available with updates and tech support! As these amateurs gain experience, they may even get invitations to buy high-end products as they earn the title of professional criminals within their industry. Cyber weapons are here to stay as it doesn’t cost much to become a cybercriminal. They too have a ROI model where success is measured not only in the event of attack and ransomware but also the valuable data that can be utilized in the future to generate residual income.
Cybercriminal industry is booming due to the fact that we don’t necessarily practice the saying ‘an ounce of prevention is worth a pound of cake’ in our business. We gotta learn from what's happening in the cybercriminal industry and button up our security posture and mitigate our financial risks. Yes, it may cost money and time in training to bring up our security posture up to par and mitigate our risks for the incidents we can’t control. This is rather an investment for the future so we don’t end up with debt from piles and piles of cyber incident related bills or shut down the business as we surpass the amount of the bills business lacks and needs to rectify from the attack!