Thursday, 19 March 2015

Cybercrime and cyber criminals

Really pleased to be listening to Charlie McMurdie, cyber security expert. Previously in the police, now an adviser for PWC.

Globally cybercrime costs $ 388bn a years in terms of financial losses and time lost. UK alone lost £408m from 250,000. Cybercrime is now classed as a Tier one threat.

93% of large businesses breached
Attacks by outsiders up 73%
Average cost of incidents was £65k to £115k
No of security incidents round the world rose 48% to 42.8m
70% of UK companies experiences downtime as a result of security incidents

Used to be mainly brute force, but now more subtle. Cyber criminals don't want you know about them. What to stay on your network longer. Much more sophisticated.

Cybercrime rising significantly in Europe. But Europe dominates other regions in detecting security incidents, a 41% jump in 2014.
Lot of intelligence sharing. Working better between agencies and pulling in intelligence from industry partners

Starting to be seen as a business enabler, not just province of IT department. Is now interest at board level.

Universities at particular risk. We have business reputations to maintain. Most of high end R and D is done in Universities. We are potentially more at risk than a traditional business. Students are the new generation, everything is technology enabled, lots of turnover.

Not just interested in stealing research data, but also a threat of contaminating date, either to discredit it, or don't agree with it.

Different sorts of cybercrime.
Nation state or commissioned attacks. hacktivism, cyber terrorism, organised crime.

Cyber criminals are becoming increasing sophisticated. 16 yr old lad, using old Dell PC, had 120 registered domains, 40 online identities designed to steal personal banking data. His computer had 16 virtual machines with 8m pieces of personal data on the hard drive.

Amount of mobile devices has increased. Are causing more problems than laptops and computers.

Hacktivism . Loosely organised gangs eg Anonymous.
Ryan Cleary, 19 was running a million node botnet. Used to knock over PayPal, Visa, MasterCard, CIA, FBI, NHS, together with other members of teams, especially Lulzsec.
Principals were in UK. Her team got them! Have to take all of them out at the same time, infrastructure disabled etc.

Some other great examples in her talk, amazing how these hugely well organised attacks are often no more than a bunch of very young people.
Lots to watch out for.

- Posted using BlogPress from my iPad

No comments: