'Crime as a Service' a Top Cyber Threat for 2017Steve Durbin of Information Security Forum on the Latest Threats Posed by Crime Rings
One of the most significant cyber threats for the year ahead will be the ramping up of attacks fueled by "crime-as-a-service" offerings, says Steve Durbin, managing director of the Information Security Forum, an independent, not-for-profit organization focused on risk management.
Other trends for 2017, he says in an interview with Information Security Media Group, are a surge in government-sponsored cyber-terrorism attacks waged against critical infrastructure and an increase in risks posed by the internet of things.
"Crime as a service" refers to organized crime rings offering services such as on-demand distributed denial-of-service attacks and bulletproof hosting to support malware attacks (see Cybercrime-as-a-Service Economy: Stronger Than Ever).
"What we're starting to see is crime as a service becoming more commoditized," Durbin says. "That to me says that the industry is reaching a degree of maturation that we haven't seen before."
In recent months, crime syndicates have enhanced their ability to share information and collaborate, Durbin says.
"Crime rings are gaining a better understanding of product positioning, of strengths and weaknesses, and with whom they need to collaborate more effectively," he says. "And we're seeing, as well, a decrease in the price points for crime as a service, because the market is becoming a little bit more saturated and the consumers or buyers of this service have a little bit more choice."
In this interview (see audio link below image), Durbin also discusses:
- How IoT devices have dramatically increased the amount of information that is being collected and shared, creating more risk;
- Why organizations will be increasingly more willing to attribute cyberattacks to government actors;
- How new global requirements for breach notification will impact the perception that more breaches are occurring.
At the Information Security Forum, Durbin's main areas of focus include the emerging security threat landscape, cybersecurity, mobile security, the cloud and social media across both the corporate and personal environments. Previously, he was a senior vice president at the consultancy Gartner.