Where there’s money, there’s crime. No question about that.
The just-released RAND Corporation report, “Markets for Cybercrime Tools and Stolen Data: Hackers’ Bazaar” explores the many dynamics of the mature cybercrime market. It cites certain indications of maturity, including sophistication, specialization, reliability, accessibility, and resilience.
Obviously, the main reason that this hacker market has developed so quickly is because there’s a lot of money to be made. Cyber crime is just too darned profitable. The report says, “Profit drives people to innovate and keep pace with rapidly changing technology,” and thus encourages criminals to stay one step ahead of everyone else. It also asserts the that “the ability to attack will likely outpace the ability to defend."
But I would assert that we, the collective we, created and continue to enable this dynamic where criminals can grab records and sell them for whatever price the market will bear—which, it turns out, fluctuates with supply and demand, as do all markets.
We (the business world) have been too slow to associate a monitory value on digital assets in such a way that warrants protecting them. Think about it: Digital assets, or information of any sort, are not explicitly treated as assets on a balance sheet. They have no real value in the eyes of the owner. If we don’t treat information with the same care that we treat other corporate assets (buildings, equipment, cash and investments), and we can’t even articulate the value of a customer record, then naturally the cost of protecting that record will not become a point for discussion. Much less worthy of budgetary consideration.
In the eyes of the thief, however, those records have a very discernible and predictable value on the black market.
The sad truth is that we don’t know the value of our own digital assets until they are stolen.
That’s why it’s so easy for the bad guys. If you’re a cyber thief, it pays (and is easy) to steal things when you know the value and the rightful owner doesn’t—and, therefore, hasn’t put the right protections in place.
There is good news though. When you realize your data is valuable, there are many ways to protect it, and Juniper can help. Our enterprise firewall and IPS solutions can protect virtually every environment in your enterprise, including the data center, branch offices, network edge, and virtualized cloud environments. Our innovative intrusion deception technology is designed to break the economic cycle of hackers. And our secure access technologies ensure that you have very granular access control for your employees and partners.
It’s time to make it harder to be bad.