Intel has used the fifth anniversary of their purchase of security company McAfee to release a review of how the cybersecurity landscape has changed in that time.
There are a number of surprising observations from the report and a few that were expected. Of little surprise has been the continued lack of importance a large number of companies, and individuals, have placed on implementing basic security practices like applying updates to software and implementing policies around passwords. The reasons for this may be that people are “playing the odds” by believing that the risks are relatively small of cybercrime happening to them. It may also be that they simply don’t want to put in the effort or pay for the computer support or advice.
Cybercrime as an Industry
More surprising, to McAfee at least, has been the rapid development of cybercrime into a fully fledged industry with “suppliers, markets, service providers (”cybercrime as a service“), financing, trading systems, and a proliferation of business models.” The growth of this industry has been fueled by the use of cryptocurrencies like bitcoin and the protective cloak for criminals provided by technologies like Tor).
The sophistication of the cybercrime industry has led to changes in the focus of criminals away from simply stealing credit cards to the perhaps more lucrative, large-scale implementation of “ransomware.” This has ranged from encrypting the contents of a user’s computer and then demanding payment to unlock it, to the recent exploit of users caught up in the publishing of personal sexual information from the Ashley Madison dating site.
Mobile Phones Have Remained ‘Relatively’ Cybercrime Free
What hasn’t come to pass (yet) is the pervasive hacking of mobile phones. Part of the reason for this has been Apple’s, and increasingly Google’s, approach of controlling the software that is allowed to be installed on the devices. The other reason is perhaps the fact that these devices are backed up more frequently and automatically, making recovery a much easier option. There is also potentially less of interest to cybercriminals on a mobile phone device as most of the actual important, and valuable, personal content is stored in the Cloud.
