Jeremy Wittkop - The Cybersecurity Playbook for Modern Enterprises: An end-to-end guide to preventing data breaches and cyber attacks

Copyright 2022 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Early Access Publication: The Cybersecurity Playbook for Modern Enterprises

Early Access Production Reference: B18040

Published by Packt Publishing Ltd.

Livery Place

35 Livery Street

Birmingham

B3 2PB, UK

ISBN: 978-1-80324-863-9

Welcome to Packt Early Access. Were giving you an exclusive preview of this book before it goes on sale. It can take many months to write a book, but our authors have cutting-edge information to share with you today. Early Access gives you an insight into the latest developments by making chapter drafts available. The chapters may be a little rough around the edges right now, but our authors will update them over time. Youll be notified when a new version is ready.

This title is in development, with more chapters still to be written, which means you have the opportunity to have your say about the content. We want to publish books that provide useful information to you and other customers, so well send questionnaires out to you regularly. All feedback is helpful, so please be open about your thoughts and opinions. Our editors will work their magic on the text of the book, so wed like your input on the technical elements and your experience as a reader. Well also provide frequent updates on how our authors have changed their chapters based on your feedback.

You can dip in and out of this book or follow along from start to finish; Early Access is designed to be flexible. We hope you enjoy getting to know more about the process of writing a Packt book. Join the exploration of new topics by contributing your ideas and see them come to life in print.

1. Protecting People, Information, and Systems a Growing Problem
2. The Human Side of Cybersecurity
3. Anatomy of an Attack
4. Protecting People, Information, and Systems with Timeless Best Practices
5. Protecting against Common Attacks by Partnering with End Users
6. Information Security for a Changing World
7. Difficulty Securing the Modern Enterprise (with Solutions!)
8. Harnessing Automation Opportunities
9. Cybersecurity at Home

Few people understand the sophistication of the global cybercrime community and the actors who play a role, understanding how attacks happen and why it is critical to build the proper defenses to secure the modern enterprise. The world is changing at an ever-increasing pace. The flywheel of technology innovation is spinning at such a rate that traditional change management is obsolete, and change leadership has become the norm. Each new technology that enhances the modern workplace presents new challenges for the teams chartered with securing the most important systems and information. It is impossible to predict the future, but by understanding timeless best practices, threats, and modern architectural techniques, it is possible to build a security posture that is flexible and resilient enough to meet current and future threats. Doing so is difficult and requires a deep strategic understanding of what you are trying to accomplish.

In this chapter, we will explore why cybercrime is appealing to criminals and the impact of cybercrime on the global community, introduce the core tenants of information security, and discuss the cybersecurity talent shortage. Throughout this chapter and the remainder of the book, we will explore example cases that provide real-world illustrations of the topics we will cover. At the end of each chapter, there are a few open-ended questions you should be able to answer in your own words after reading the chapter. After reading this chapter, you should be able to communicate these concepts to others and illustrate the main ideas with real-world examples.

In this chapter, we will cover the following topics:

• Why cybercrime is here to stay a profitable business model
• The macro-economic cost of cybercrime
• The role of governments and regulation
• The foundational elements of security
• The cybersecurity talent shortage

In the year 2017, if cybercrime was a country, it would have the 13th highest GDP in the world, between South Korea and Australia. In 2021, according to a recent Cybercrime Magazine article, If it were measured as a country, then cybercrime which is predicted to inflict damages totaling $6 trillion USD globally in 2021 would be the worlds third-largest economy after the U.S. and China. (Morgan, Cybercrime to Cost the World $10.5 Trillion Annually by 2025, 2020) The same article predicts that the number will grow to $10.5 trillion by 2025. Part of the reason for this growth is that cybercrime is an attractive proposition for attackers.

Cybercrime is a very profitable business with few risks. Think of a bank robber. Prior to the invention of the internet, if someone wanted to rob a bank, they would need to be in the same physical location as the bank and plan to physically enter the bank and demand money and get away from the bank with the money without being apprehended by authorities. If someone were to undertake such a robbery and were not successful, there is a significant likelihood that they would be arrested, wounded, or killed. Cybercriminals can attempt to rob thousands of banks around the globe with little fear of repercussions. If their attack is unsuccessful, they can simply move on and target another bank. Compare the risks and effort involved with the example case given as follows:

Example Case: The GozNym Gang and the $100 Million Heist

In 2016, the GozNym gang, using a piece of malicious software known as a banking trojan by the same name, stole $100 million from individual bank accounts, mostly in the United States and Europe. The GozNym banking trojan was a piece of malicious software the gang could install that would wait for a user to log onto a bank account, and then transmit their credentials to a GozNym server. Once they had the credentials, certain members of the GozNym crew then used the stolen credentials to access the victim's bank account, to steal money from it, and launder the funds via US and foreign bank accounts controlled by the gang. (Vijayan, 2019)

This case was one of the few where the criminals were pursued across borders, and most were brought to justice. The numbers in this case are staggering. As a criminal endeavor, what other means outside of cybercrime could a criminal gang use to steal $100 million per year? Cybercrime is profitable and has a relatively low risk because a clever piece of software can victimize thousands of people with little effort on the part of the attacker. Adding to the allure for cybercriminals, in all but the largest cases, is that it is difficult to get the international cooperation necessary to identify the members of a criminal enterprise, find those people, and extradite them to another country for prosecution. In many cases, it is an open secret that criminal gangs are operating, and there is little political will to stop them. It is worth noting that this criminal gang chose to use traditional currency and bank accounts, which made them much easier to track. Criminal gangs using ransomware and cryptocurrency for payment are far less traceable. While their exploits are generally less lucrative, their risk of being caught is also far lower.