The Fight Against Cyber Crime

Running head THE FIGHT AGAINST CYBER CRIME The Fight Against Cyber Crime What Can We Do? see Cyber villainy is on the rise and every giving medication moldiness recognize the danger and take obligatory steps to help decline the threat. While many institutions worry more about hackers than cyber feloniouss, it is cyber crime that freighter cause the approximately damage. A hacker is more easily detected while a cyber criminal whitethorn already be in your communicate undetected. While a hacker may cause to breach a network for the thrill or to annoy, a cyber criminal allow breach a network for monetary gain.This paper is intended to point out some of the risks of cyber crime and what a fiscal institute bum do to help mitigate the threat of dishonor. Keywords cyber crime, cyber attack, Information Technology Information sharing and Analysis Center, IT-ISAC, Financial Services Information Sharing and Analysis Center, FS-ISAC The Fight Against Cyber Crime What Can We Do? W hile many institutions worry more about hackers than cyber criminals, it is cyber criminals that should make us more wary.A hacker is more easily detected while a cyber criminal may already be in your network undetected. While a hacker may try to breach a network for the thrill cling to or to annoy their victim, a cyber criminal will breach a network for monetary gain. This may include entropy acquisition and storage, stealthy price of admission to systems, identity collection and theft, misdirection of communications, keystroke identification, identity dependableation, and botnets, among others (Deloitte, 2010).According to a survey conducted in August 2011 by Ponemon Institute, for the 50 participating companies (see chart 1), the modal(a) time it takes an organization to resolve a cyber attack is 18 days with an average appeal of $23,000 a day. An insider attack can average 45 days to contain. This does not include the value of any data lost, modified, or stolen in the proc ess. This survey also showed the average annualized cost of cyber crime to pecuniary institutions was $14,700,000 for 2011, up from $12,370,000 the forward year (see map 2).Chart 3 summarizes the types of attack methods experienced by the companies that participated in the survey (Ponemon, 2011). According to protection firm Imperva, The average large business sees 27 attacks per minute hitting its Website. assaulters can use automation technologies to generate up to seven attacks per second, or 25,000 attacks per hour (Rashid, 2011). To build a sufficient IT security posture, it is important to assume that an unofficial user can gain access to the network, and then structure the network to best protect the most valuable data.The valuable data can then be tagged and monitored so that the organization knows where it is, where it is going, where it has gone, and on whose authority (Deloitte, 2010). The organization also takes to understand that they need to not only monitor wha t is overture into their network but also what is leaving their network. This will help detect activities enabled by techniques and technologies that mimic, exploit, or piggyback on the access of authorized users (Deloitte, 2010).Using standard firewalls and anti-virus programs alone will not accomplish this. The organization must take a more proactive approach to protect its financial data. Now that we know what we need to do, how do we accomplish this? Some very basic steps include employee screening, employee training to help mitigate against social engineering, disabling account access of terminated employees, ensuring software updates and patches are flop implemented, and ensuring firewalls are properly configured.More advanced steps include, but are not limited to, setting up a demilitarized regularize to help block the network from outside access, installing a honeynet system to look like an authentic part of the network to entice and trap intrusion attempts for further an alysis, installing hard drive encryption and remote data wipe capability on all laptops and other mobile devices, and requiring smart tantalize and pin number earmark (or some other form of multifactor authentication) to access sensitive data.The Ponemon survey revealed companies utilizing security information and event management (SIEM) solutions such as these average 24 percent less(prenominal) write down in dealing with cyber crime attacks (see chart 5). This reduction in cost is because companies that use SIEM solutions are divulge able to detect and contain, and therefore recover, from such attacks (see chart 6). Another important step for a financial institute to take is to become a member of the FS-ISAC (Financial Services Information Sharing and Analysis Center).The FS-ISAC was founded in 1999 and led the way for the IT-ISAC (Information Technology Information Sharing and Analysis Center) which was founded in 2001. The purpose of these groups is for organizations to have the hazard to fortune the security attacks and vulnerabilities they have experienced with other organizations in their field of industry. Given the sophistication, complexity, and evolution of cyber crime technologies and techniques, no sizable organization can plan and implement the necessary response alone. CIOs, CSOs, CROs, and cyber security rofessionals should share information, techniques, and technologies in their battle against cyber crime. (Deloitte, 2010) The importance of FS-ISAC was proven in 2000 when member companies where saved from a major denial-of-service attack that many other companies experienced (Hurley, 2001). As shown in chart 4, a denial-of-service attack can be costly. A more recent example of FS-ISAC at work is the August 23, 2011 report of the Help loot Security (International) Ramnit worm which uses Zeus Trojan tactics for banking fraud.As the FS-ISAC points out, When attacks occur, early warning and expert advice can suppose the difference between b usiness continuity and widespread business catastrophe (FS-ISAC, 2011). Knowing and having the chance to assail against these attacks can save an institute millions. In conclusion, financial institutions must stay vigilant to current and rising cyber threats. knock back 1 through 3 gives a breakdown of cyber threats and controls that can help reduce the carry on if these threats become reality. It is important for an organization to enroll in its respective ISAC and to share in the lessons learned from previous attacks.While it would be almost impossible to learn about and prevent every type of attack, staying vigilant will help reduce the likelihood and the impact. References Deloitte Development LLC. (2010). Cyber Crime A Clear and Present Danger. Retrieved December 23, 2011, from the institution Wide Web http//eclearning. excelsior. edu/webct/RelativeResourceManager/Template/pdf/M7_Deloitte_CyberCrime. pdf FS-ISAC. (2011). Current Banking and Finance Report, Retrieved 24 Dec ember, 2011, from the World Wide Web http//www. fsisac. com/ Hurley, E. (2001, January 29).IT-ISAC A Matter of Trust. Retrieved 24 December, 2011, from the World Wide Web http//searchsecurity. techtarget. com/news/517824/IT-ISAC-A matter-of-trust Ponemon Institute LLC. (2011, August). Second Annual approach of Cyber Crime Study. Retrieved December 24, 2011, from the World Wide Web http//www. arcsight. com/collateral/whitepapers/2011_Cost_of_Cyber_Crime_Study_August. pdf Rashid, F. (2011, July 25). Cyber-Criminals Use Botnets, Automation to Launch treble Blended Attacks. Retrieved December 24, 2011, from the World Wide Web http//www. week. com/c/a/Security/CyberCriminals-Use-Botnets-Automation-to-Launch-Multiple-Blended-Attacks-656032/ Chart 1. exemplar of Participating Companies by Industry (Ponemon, 2011) Average annualized cost by industry sector ($1M) *Industry was not represented in the FY2010 benchmark sample. Chart 2. Average annualized cost by industry sector (Ponemon, 201 1) Types of Attack Methods Experienced Chart 3. Types of Attack Methods Experienced (Ponemon, 2011)Average annualized cyber crime cost weighted by attack absolute frequency *The FY 2010 benchmark sample did not contain a DoS attack. Chart 4. Average annualized cyber crime cost (Ponemon, 2011) Comparison of SIEM and non-SIEM sub-sample of average cost of cyber crime Chart 5. Comparison cost of SIEM and non-SIEM companies (Ponemon, 2011) Chart 6 portion cost for recovery, detection & containment (Ponemon, 2011) categoryFinancial Impact Regulatory ComplianceIndustry Reputation 4CriticalIncrease in cost greater than $1MFines in senseless of $1MSignificant, sustained negative media exposure.Significant loss of business due to blemish on public image. 3MajorIncrease in costs $100K to $1MFines between $100K and $1MNegative media exposure. Loss of business due to blemish on public image. 2ModerateIncrease in costs less than $100KFines under $100KSome negative media exposure. Slight loss of business due to blemish on public image. 1MinorNo of import cost increase expectedNo fines expectedNo media exposure or loss of business expected. duck 1. Impact 4Imminent 3Highly Likely 2Possible 1Unlikely Table 2. Probability PxI (before controls / after controls)Financial Impact Regulatory Compliance Industry Reputation Controls Denial of service1x3=3 / 12=213=3 / 11=114=4 / 12=2Implement router filters, install patches to guard against SYC flooding, disable unused services Web-based attack2x3=6 / 22=423=6 / 22=424=8 / 22=4Restrict website access to only what customer needs, disable account log-in after 3 failed log-in attempts, require multifactor authentication to access sensitive data venomed code2x4=8 / 22=424=8 / 22=424=8 / 22=4Software updates and patches, anti-virus and anti-spam software pdates, firewall configuration, employee training Malicious insider1x4=4 / 12=214=4 / 12=214=4 / 12=2Employee screening, disable account access for terminated employees, require mul tifactor authentication for access to data servers, least privilege, separation of duty Phishing & social engineering 23=6 / 13=323=6 / 13=323=6 / 13=3Employee training, least privilege, separation of duty Stolen devices2x4=8 / 21=224=8 / 21=224=8 / 21=2Hard drive encryption, remote data wipe capability Botnets 33=9 / 31=333=9 / 31=333=9 / 31=3Software updates and patches, anti-virus and anti-spam software updates, firewall configuration, employee training Malware3x3=9 / 31=333=9 / 31=333=9 / 31=3Software updates and patches, anti-virus and anti-spam software updates, firewall configuration, employee training Viruses, worms, trojans4x3=12 / 41=443=12 / 41=443=12 / 41=4Software updates and patches, anti-virus and anti-spam software updates, firewall configuration, employee training Table 3. Risk Analysis