KnowBe4 Expands Cybercrime Education Resources With New Publication: Five Generations of Cybercrime
Internet Security Awareness Training (ISAT) Firm KnowBe4 Strives to Educate Users About Cybercrime Tactics Through Case Studies, Articles, White Papers and More
CLEARWATER, Fla., July 18, 2011 – Informed users can be a powerful defense against cybercrime, which is why Internet Security Awareness Training (ISAT) firm KnowBe4 created and maintains an online library of cybercrime education resources. Internet security expert Stu Sjouwerman, KnowBe4’s founder and CEO, is committed to educating companies and individuals on the methods and tactics of cybercriminals. He recently published “Five Generations of Cybercrime” to help users understand the emerging and insidious threats businesses face today.
“Cybercrime has become more sophisticated and pervasive over the past 20 years, and the consequences of security breaches have rapidly escalated,” said Sjouwerman. “Hackers were once regarded as little more than a nuisance; it was easy to track network break-ins to their source and put a stop to them. Today’s cybercriminals have the ability to sneak into networks unnoticed, bypassing security measures and anti-virus software. Once they’re inside, they have the potential to devastate a company’s systems and finances.”
According to Sjouwerman, the five generations of cybercriminals can be defined as follows:
- Generation One: This consisted primarily of teens who wrote viruses to gain notoriety and show off their skills. Their efforts were sometimes referred to as “sneaker-net” viruses, as they had to be physically transferred from one system to another via a floppy disk or other removable media.
- Generation Two: In this generation, sneaker-net viruses gave way to malicious worms that were able to spread quickly and create significant financial losses for companies. But the perpetrators were still generally teens and 20-somethings attempting to demonstrate their advanced skills.
- Generation Three: At this stage, cybercriminals began using viruses and hacks for financial gain rather than notoriety. By way of botnets, they were able to control thousands of infected computers to send spam, steal account passwords and attack websites. However, IT specialists were usually able to find and eliminate the malware fairly easily.
- Generation Four: This is when cybercrime went professional, with organized crime syndicates in Eastern Europe supporting the development of advanced malware and “rootkits” that are able to hide their presence and avoid detection. To achieve bigger payouts, cybercriminals started going after larger targets; and established mafia began muscling in on the game.
- Generation Five: In this current generation, cybercrime has become an enterprise with a thriving underground economy. Aspiring cybercriminals don’t even have to develop their own code; they can rent botnets by the hour and purchase licensed malware that comes with its own tech support. As a result, cybercrime is developing and spreading faster than ever.
“In the early generations of cybercrime, anti-virus software and vigilant IT departments were able to thwart many cybercriminals. But today, those methods often prove to be ineffective,” explained Sjouwerman. “The bad guys are capitalizing on the human element, using social engineering and spear phishing to trick users into clicking a link or downloading software that gives cybercriminals open access to individual systems and entire networks. The malware is more sophisticated than anything we’ve seen in the past; it can hide itself in a root directory and carry out its activities completely undetected. Because today’s malware is so difficult to detect and remove, the best defense is to provide cybercrime education to users to prevent unauthorized access to systems in the first place.”
Sjouwerman notes that many companies – particularly small and medium enterprises (SMEs) – remain in denial about their susceptibility to cybercrime, believing that anti-virus software and IT security teams provide sufficient protection. But he points to a recent KnowBe4 case study that shows even well-protected financial institutions can fall victim to cyber-theft. Utah’s Treasury Credit Union – which serves employees of the U.S. Treasury Department – experienced six-figure losses when cybercriminals circumvented its anti-virus software and other protections, conducting a cyberheist that involved 70 wire transfers from one of the bank’s own accounts. The cybercriminals stole a bank employee’s username and password, most likely via phishing, and then installed a Trojan horse on the computer. The malware was not detected until after the funds had been distributed to money mules.
KnowBe4’s online library of cybercrime education resources and case studies can help arm companies and individuals in the war against cybercriminals. However, Sjouwerman recommends Internet Security Awareness Training (ISAT) as the most effective way to educate all employees on how to recognize and avoid cybercrime tactics. KnowBe4 offers a free phishing security test to help business owners determine how many of their employees are Phish-prone™, or susceptible to phishing attempts.
The company’s own research revealed some alarming phishing statistics – and some very promising results. Within the three companies surveyed in KnowBe4’s study, 26% to 45% of untrained employees responded to a simulated phishing email. After the companies implemented ISAT, phishing susceptibility was immediately reduced by 75%. By the end of the multi-email test campaign and subsequent retraining, all three companies had achieved a Phish-prone percentage of zero.
Any business may request a free phishing security test from KnowBe4, and the company’s free cybercrime education resources and case studies are available to all. Additional information and cybercrime prevention advice can be found in Sjouwerman’s latest book, Cyberheist: The Biggest Financial Threat Facing American Businesses Since the Meltdown of 2008. In Cyberheist, Sjouwerman explains the business of cybercrime, reveals common cyberheist tactics through a series of case studies and offers proven tips to preventing cybercriminals from accessing corporate systems and networks.
About Stu Sjouwerman and KnowBe4
Stu Sjouwerman is the founder and CEO of KnowBe4, LLC, which provides web-based Internet Security Awareness Training (ISAT) to small and medium enterprises. A data security expert with more than 30 years in the IT industry, Sjouwerman was the co-founder of Sunbelt Software, an award-winning anti-malware software company that he and his partner sold to GFI Software in 2010. Realizing that the human element of security was being seriously neglected, Sjouwerman decided to help entrepreneurs tackle cybercrime tactics through advanced Internet security awareness training. He is the author of four books, including Cyberheist: The Biggest Financial Threat Facing American Businesses Since the Meltdown of 2008.