Greater threat sharing is needed to thwart the new threats presented by ruthless cybercrime entrepreneurs who are using methods that extend beyond distributing malware, such as blackmail and deliberately placing people on the inside, according to a recent report.
The “Taking the Offensive – Working together to disrupt digital crime” report, conducted by the British telecommunications firm BT and Swiss professional services provider KPMG, queried 100 C-suite personnel and directors and found that 89 percent of respondents expressed concern about an assault by organized crime consortia.
While 97 percent of those companies have been the victim of a digital attack, only 22 percent said they were fully prepared to combat security breaches perpetrated by organized crime.
The report also found that 95 percent of respondents said their staff could be vulnerable to blackmail by cybercriminals and 96 percent of businesses said that criminal entrepreneurs could be bribing employees.
Despite this knowledge, 47 percent of businesses do not have plans to counter the planting of people within their organizations, even though 94 percent of the businesses saw it is a potential problem.
Researchers said that businesses need more threat sharing collaboration within and outside of their own industries as well as with law enforcement to help counter these threats.
“They need to work with telecoms companies, ISPs, banks, credit card providers, insurers and the security industry in a concerted effort to make it harder and more costly for criminals to pursue their objectives,” the report said.
Researchers said organizations can match the agility of the bad guys by collaborating to share intelligence, resources and best practices to monitor threats and as attacks are indentified, law enforcement can step in to prevent criminal activity.
In addition, they said businesses should foster collaboration internally between departments and functions to thwart criminal activity at every step from system breaches to identifying points where attackers seek to monetize their activities by using or selling stolen data.
Organizations need to “think like an attacker, be flexible in how you respond, and prepare and exercise that response,” KPMG UK Technical Director for Cybersecurity David Ferbrache told SCMagazine.com. “Cybersecurity is a team sport and you need to collaborate and share info so you can defend yourself.”
Ferbrache went on to say that organizations need to allow their security teams the flexibility to be innovative in their approach to protecting data so they can better detect risks and opportunities to steal information.