Hewlett Packard Enterprise (HPE) published “The Business of Hacking,” an extensive report assessing the underlying economy driving cybercrime. The research delivers an in-depth analysis of the motivations behind the attacks adversaries choose to pursue, and the ‘value chain’ illegal organizations have established to expand their reach and maximize profits. Based on this insight, the report also provides actionable recommendations for enterprises to mitigate risk through disruption of these adversary groups.
The profile of typical cyber attackers—and the interconnected nature of their underground economy—have evolved dramatically in the last several years. Adversaries are increasingly leveraging sophisticated management principles in the creation and expansion of their operations to ultimately increase their impact and financial profits, which are both core motivations for nearly all attack groups today. Enterprises can use this inside knowledge against the attackers to disrupt the organizational structure and mitigate their risks.
“Organizations that think of cybersecurity as purely another checkbox to mark, often do not leverage the value in high fidelity cybersecurity intelligence,”said Jyoti Prakash, Country Director, India and SAARC countries, Enterprise Security Products, Hewlett Packard Enterprise. “This report gives us a unique perspective on how our adversaries operate and how we can disrupt them at each step of their criminal value chain.”
Today’s adversaries often create a formalized operating model and ‘value chain’ that is very similar to legitimate businesses in structure, and delivers greater ROI for the cybercriminal organization throughout the attack lifecycle. If enterprise-level security leaders, regulators and law enforcement are to disrupt the attackers’ organization, they must first understand every step in the value chain of this underground economy.