Poor digital hygiene is a fundamental problem thwarting organizations across the globe. It’s an issue cyber criminals will continue to exploit until the
world builds more cyber resilience.
However, it’s hard for businesses to establish a resilient culture when understanding of cyber threat is still so limited, according to Europol’s executive director, Rob Wainwright.
In 2017, Europol worked in collaboration with the Federal Bureau of Investigation (FBI) to exterminate two of the biggest dark web marketplaces: AlphaBay and Hansa. Criminals were using these Tor-based marketplaces to sell around 350,000 different illicit commodities from firearms to illegal drugs.
The dark web is “much bigger than most people understand” and is a prime feeding ground for cybercriminals looking to purchase malware, or deal in data collected from unlawful breach activity, explained Wainwright.
There are Amazon-style shopping platforms with fully-serviced helplines and 24hr-delivery options for the ransomware bug that might have hit your business 30-seconds-ago without your knowledge.
“Ransomware is now the number one form of malware,” commented Wainwright. This year has seen a number of high-profile ransomware attacks, including
WannaCry and NotPetya. In November, ride-hailing company Uber revealed it decided to pay a ransom of US$100,000 after hackers stole information about 57 million users and drivers worldwide.
But Wainwright announced he would not advise companies to pay a ransom to cyber criminals after a breach because “we never know if it will encourage them to come back for more” – but he acknowledged that every situation is different, and companies must act to reduce business disruption caused by an attack.
Speaking at the 2017 CFC London Market Cyber Symposium, Wainwright also said the
issue of cyber crime is only going to get more prevalent as the world tunes into the Internet of Things (IoT).
“If the future really relies on IoT, then [the companies producing these connected devices need to improve their] release now and patch later mentality,” he said. “At present, the security of these devices is low at best. IoT regulatory standards are certainly something we need to get to in the near future.”
Related stories:
The power of partnerships in cyber insurance
This area of cyber coverage could be the next frontier