Simply put, cyber crime is a crime committed using the means of technology and the internet.
Although we talk about cybercrime as a separate entity to traditional crime, it is carried out by the same types of criminals for the same type of reasons.
These hackers are professional thieves, criminal gangs, disgruntled employees, professional competition, activists, disillusioned youth and state adversaries. They have the same motivations as traditional criminals such as boredom and vandalism, ideological or political support, malice or revenge, monetary gain through extortion or sale of illegally obtained data, terrorism or notoriety and sensationalism.
The methods that cyber criminals use to gather data and perform an attack is comparable to physical ‘traditional’ crimes. For example, let’s compare how a criminal gang might go about breaking into a bank to steal money against how a cyber criminal gang might go about breaking into a computer network to steal data.
So apart from the use of technology what is the difference between cybercrime and traditional crime?
Attacks can be conducted on a scale not possible in the physical world. A traditional bank robber may only be able to hit one or two banks a week, a cyber-attack can target 100’s if not 1000’s of sites at once.
Attacks can be performed from anywhere in the world; they can be performed anonymously and within jurisdictions where the consequences of those actions may not, or cannot, be addressed by the criminal justice system. Attackers are also able to extract far more data digitally than would ever be possible in the physical world. For example 1 gigabyte of data is approximately 4,500 paperback books. Think of how many gigabytes of data is held on a system, hackers can extract this within a matter of minutes.
Attacks are conducted at machine speed; a criminal can write a piece of code that can target multiple sites in minutes.
Perception and Media Effect
There is another part of the cyber threat to be considered, the public and media perception of cyber crime. When large financial institutions have been hacked the media has often wholly apportioned blame to the organisations rather than the criminals, this would not be the case in a physical bank robbery.
What can you do?
In order to combat the threat of a cyber-attack, organisations need to have in place the appropriate security frameworks, education and training plans and technical controls appropriate to their business.
Security management frameworks can range from large all-encompassing standards like ISO 27001 to control based entry level standards like HM Government Cyber Essentials Scheme or industry-specific requirements like the Payment Card Industry Data Security Standard (PCI:DSS). All security management frameworks are concerned with ensuring that businesses identify critical information assets and assess the threat and vulnerabilities to them and ensuring appropriate risk management procedures are in place.
These standards are tested and evaluated through a variety of methods that may include Vulnerability Assessments, Penetration Tests, Red Team Tests and Open Source Profiling alongside annual reassessment and certification.
A variety of proactive technological controls and tools can be put in place to help an organisation proactively defend against cyber-attacks and react quickly and effective in the event of an incident. Network security monitoring service like protective monitoring can help organisations detect, recovery and prevent security breaches. The breadth and depth of these solutions will depend on an organisation’s size and risk appetite. A professional Information Security Consultant can assist and organisation in determining this.
Finally, and perhaps most importantly, organisations must ensure that appropriate education and training is provided to employees to ensure that they have the appropriate knowledge and skills to operate the tools, procedures and security frameworks.
PGI believes that cyber security doesn’t need to be overly complicated, incomprehensible or vastly expensive. We specialise in delivering cyber security services and protection, and offer a range of training courses to upskill your staff to tackle cyber threats in-house.
Want to know more about our PCI Compliance Advice, PCI Gap Analysis, or Audit and Compliance Reporting? Please get in contact via our online form, directly through our email at email@example.com or call us on 0207 887 2699.
Your free global geopolitical
PGI’s Risk Portal tool provides daily intelligence feeds, country threat assessments and analytical insights, enabling clients to track, understand and navigate geopolitical threats.
The Risk Portal gives users up-to-date information and analysis on global affairs.
The Risk Portal allows users to visualise information in a unique and instantly understandable way. Mapping filters enable the visualisation of incidents by threat category, time period, perpetrator and target type.
Risk Portal users can upgrade their accounts to include the Report Builder and Country Profile Generator features. The Report Builder allows users to select information, data and images from the Risk Portal and create bespoke reports and emails.
Subscribers to PGI’s Bespoke services receive tailored analysis on specific sectors and geographies of interest, delivered at a frequency they determine.
Making ongoing compliance easier for you and your business
GDPR is now in force. Make sure your business meets the necessary requirements, providing assurance for all of your customers and employees.
A full audit of your business to assess the level of your compliance against GDPR requirements.
Become GDPR compliant with minimal work. We will conduct an analysis, review, report and implement any necessary changes to your business.
We will conduct simple security assessments to help you understand and mitigate the potential risks to your business.
Get your business ready to face the cyber challenge.
We provide a full range of accredited, certified and bespoke services that assess the resilience of your cyber security posture.
PGI’s Qualified Security Assessors (QSA) will help you meet Payment Card Industry Data Security Standards (PCI DSS).
Find out more on PCI DSS
Demonstrate your commitment to cyber security by achieving and maintaining accreditation for the globally-recognised information security standard.
Find out more on ISO 27001
Understand the threats of phishing and malware to avoid being targeted.
Undertake our phishing vulnerability assessment to reduce your organisation’s risk of attack, by measuring the cyber awareness of your workforce.
PGI will conduct a tailored phishing campaign, using multiple methods, to identify realism and train employees where necessary to mitigate future attacks.
PGI monitor multiple metrics to identify the types of phishing, generate in-depth analytical reports and provide an informed decision to help improve your organisation’s level of security and awareness.
Prevent attacks, respond to breaches and protect your business.
Our bespoke range of cyber security services not only protect your critical assets but provide the education you need to keep your operations and data safe.
Implement this cost-effective cyber security measure launched by the government to prevent cyber-attacks, demonstrate information security commitment to your clients, and attract new business by being recognised as a secure organisation.
Find out more on Cyber Essentials Accreditation
The most effective way to identify how attackers target your organisation’s weaknesses is by evaluating your system, your network security, and reporting on any vulnerabilities that could have an impact on your business.
Find out more on Penetration Testing
If your business has experienced breaches, network compromises or operational disruption, our team of cyber security specialists can deploy quickly, and will begin the process of detecting and eliminating the threat efficiently.
Find out more on Data Breach Response & Recovery
Data Breach Response & Recovery
We prevent attacks, respond to security breaches, and protect your business
Our team of specialists can deploy quickly and efficiently to begin the process of detecting, eliminating and preventing future threats of a breach.
A vital part of the response process is making a copy of your data for safe forensic analysis. We will work with you to preserve and use this evidence to discover the extent of an intrusion.
Find out more on Digital Forensics
We will identify and minimise the risks, as well as the possibility of future risks to your business.
Consistent interaction with your management team and recommendations on how to approach all outcomes that need attention.
Subscribe to our Cyber Bytes Newsletter
Keep yourself in the loop with PGI by signing up to our Monthly Cyber Bytes email. You will receive updates, tips and narrative around what has been happening in the world of information security.