Cybercrime is evolving—are your defenses keeping pace?

The notion that almost everything a business might need can be outsourced has led to the rise of businesses such as Uber and DoorDash, and created new cloud-based models for functions ranging from accounting to data storage. But cybercriminals are also playing that game, with the development of new crime-as-a-service platforms that specialize in anything from malware development to providing access to organizations whose cyber defenses have been compromised.

“They’re bringing in highly skilled individuals who provide advisory services or specialized services to criminals, and breaking down barriers of entry into crime,” says Adam Evans, Chief Security Officer at RBC. “The result is that a would-be criminal doesn’t necessarily need the skills. They just need to be able to locate somebody that will sell you a platform that will provide you with 24/7 support and development resources if you need them.”

Cybercriminals are breaking down the barriers of entry into crime

That capability is driving the creation of a sophisticated underground criminal infrastructure. Stolen data is being enriched and repackaged and then sold to other specialized cybercriminals who may use it to compromise individuals and gain greater access to other people, perpetuating revenue streams and driving activity at scale.

“They are leveraging the same tools that we are leveraging in the legitimate world, including machine learning, artificial intelligence and automation,” says Evans. “In that way, they can scale up their attacks, their cybercrime activity and their attacks across the globe.”

Cybercrime targets aren’t limited to large organizations

Cybercrime targets aren’t limited to large organizations. That’s why Evans’ department at RBC is paying particular attention to advising small- and medium-sized businesses, retail banking clients and high-net-worth clients.

“They’re not necessarily equipped to deal with emergence of the new digital business landscape,” he says. “We can play a role in trying to educate and provide services to clients that allow them not only to start their cybersecurity journey, but also to leverage the intellectual property and the expertise that we’ve built at RBC.”

Identify what you’re trying to protect

While attacks can be complex, Evans advises small- and medium-sized businesses or individuals who are looking to build cyber-resilience to begin with the basics. Identify what you’re trying to protect—your most sensitive information assets. These might include online banking accounts and a Gmail account. If somebody gained access to those information assets, what would they learn about you as an individual? And how could they take that information and use it against you and the community that you are part of? Who has legitimate access to these accounts now?

“Make sure you have awareness of how that access is being used,” he says. “If someone is logging into online banking, and if they start to see transactions that don’t really fit with their profile, then maybe their credit card or one of their credentials has been compromised.”

Free tools offering multifactor authentication can help. Google Authenticator or Microsoft Authenticator apps can provide stronger authentication for entry into sensitive information assets.

It’s not about “if” you get compromised but “when”

“You also need to prepare for the ‘when’ event,” Evans says. “It’s not about if you get compromised, it’s about when. These guys are really, really good at targeting individuals. The more data that we create around ourselves in social media and browsing the internet—they are collecting that information at scale and tailoring campaigns to increase the likelihood of you clicking on something.”

Individuals can prepare for the “when” event by setting up a password manager, for example, that allows them to reset credentials across all information assets at once.

But even as cybercriminals become more sophisticated and leverage AI to target their victims, so are the defenses mounted by RBC.

Synthetic security is where we’re headed

“As more data gets put out there for these bots to consume, automated entities are becoming smarter and more accurate,” Evans says. “We at RBC have to do the same thing. Synthetic security is where we’re headed. So this now becomes an arms race. We have to make sure that the tools and solutions that we are deploying are just as scalable and can look for changes in the behaviour of an individual and spot these synthetic interactions or transactions before they can defraud our customers.”

Listen to the full interview with Adam Evans here

For more information on cybercrime, click here

You may also like