Light Dark
September 21, 2016 By Rick M Robinson 2 min read
Risk Management
CISO

In the shadowy world of security threats and bad actors, cyber extortion is a growing trend. Cybercriminals are taking advantage of the vulnerability of intellectual property, threatening to release potentially embarrassing information and encrypting data to render it useless to the rightful owners, among other sinister practices.

Unlike the risks associated with more traditional cybertheft, such as the loss of customer account data, the risks and costs related to extortion can be indirect and difficult to assess. The conventional thief looks for information, such as credit card numbers, that can be easily converted to money. This data has a direct market value — at least on the black market.

The cyber extortionist, however, takes advantage of information that is valuable to its rightful owner by rendering the data unusable and holding it for ransom or threatening to release it publicly.

Risk Assessment Is Crucial

According to TechTarget, risk assessment is crucial, especially considering the range of possible targets for cyber extortion and the varied forms it can take. Some data may pose multiple vulnerabilities. It’s important to know the protective measures and prospective costs associated with each one.

An email exchange between key employees, for example, might contain ideas and strategies that, if released publicly, would benefit business rivals. The exchange may also contain candid remarks that would be embarrassing if made public. This could persuade an enterprise to pay an extortionist not to release them.

On the other hand, covert encryption of an email thread could deny employees the ability to review and build upon their own work. Encryption could also potentially trigger a compliance violation if the organization loses its access to data it is responsible for preserving and providing on demand.

Protecting Against Cyber Extortion

In short, cyber extortion can put a single data repository at risk in multiple ways, each involving distinct technologies — both on the threat vector side and the protection side. The protective measures against cyber extortion threats can be as varied as the threats themselves.

Protective encryption of data can safeguard against it being exposed by cybercriminals. However, this does not protect against further unauthorized encryption that could render the data inaccessible. Prompt backup of generated data can protect the data from tampering, such as covert encryption, but does not keep attackers from releasing data taken from stolen originals.

As the TechTarget article put it, “risk is the ballast that ensures proper protection levels and mechanisms are in place” to protect enterprises against the full range of possible cyber extortion threats.

The CISO’s Responsibility

The CISO is at the center of the risk assessment and weighting process that determines what data repositories are at risk of what types of attacks, the magnitude of these risks and the optimum protective measures against each.

All enterprise leaders, however, must understand the challenges posed by cyber extortion and the need for a risk-based response.

 |  |  | 
Rick M Robinson

More from Risk Management
November 2, 2023

Defense in depth: Layering your security coverage

2 min read - The more valuable a possession, the more steps you take to protect it. A home, for example, is protected by the lock systems on doors and windows, but the valuable or sensitive items that a criminal might steal are stored with even more security — in a locked filing cabinet or a safe. This provides layers of protection for the things you really don’t want a thief to get their hands on. You tailor each item’s protection accordingly, depending on…

October 27, 2023

The evolution of 20 years of cybersecurity awareness

3 min read - Since 2004, the White House and Congress have designated October National Cybersecurity Awareness Month. This year marks the 20th anniversary of this effort to raise awareness about the importance of cybersecurity and online safety. How have cybersecurity and malware evolved over the last two decades? What types of threat management tools surfaced and when? The Cybersecurity Awareness Month themes over the years give us a clue. 2004 - 2009: Inaugural year and beyond This early period emphasized general cybersecurity hygiene,…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature