Cyber criminals innovate like businesses, forming global industry: report

The latest advice from the Information Security Forum discusses the nature of existing and emerging cyber threats as well as the potential risks and rewards at stake for everyone.

Cyber criminals are more business-minded than you might expect, and their financial rewards and power are increasing rapidly, according to new research from the Information Security Forum, a global independent organization dedicated to investigating information security and risk management.

The report, Cyber Security Strategies: Achieving Cyber Resilience, addresses security issues that companies are facing today and a look at the key trends in security for 2012.

Among other security threat leftovers from 2011 (i.e. hacktivism, mobile malware, etc.), here's a rundown on some of the key issues that will need to be addressed in 2012 as stipulated in the report:

  • Malspace ("well-developed marketplaces for buying and selling tools and expertise to execute sophisticated attacks") is a global industry that has evolved to facilitate cyber crime
  • Organizations must embrace uncertainty and develop cyber risk resilience
  • Impacts from cyber threats can last a long time and the results can be unpredictable

A big problem that corporations (especially their leaders) don't comprehend entirely is that the complexity of cyberspace enables threats to combine more quickly in unpredictable and dangerous ways.

ISF CEO Michael de Crespigny explained in the report that cyber security is much more than just an IT issue but a business issue:

Business leaders recognize the huge opportunities and benefits cyberspace offers in terms of increasing innovation, collaboration, productivity, competitiveness and customer engagement and they will continue to work hard to exploit the opportunities it presents. Unfortunately, many are having difficulty determining the risk vs. reward aspect, preparing for adverse surprises, and understanding that with benefits come significant risks.

As for the risks and rewards, the ISF explains that while the "benefits of cyberspace" for businesses are immense, so are the risks. Basically, the more successful you are online, the greater the impact of the risk.

In retaliation to cyber threats, ISF researchers advised that it is essential to collaborate, share intelligence and influence best practices across companies in the face of these attacks.