While there is no specific definition for cybercrime, the general understanding is that it is any crime committed or facilitated via the Internet. The Internet has revolutionized the way people, companies and financial institutions perform their day-to-day business, while criminals have found ways to exploit this anonymous, borderless and virtual environment.
The so-called "dark web" has been instrumental in the growth of the cybercrime sector. Its anonymity makes it easier for criminals to share, learn, sell and even trade techniques, attack vectors and vulnerability. There is even evidence of a malware marketplace where cybercrime-as-a-service is offered, with competition among malware vendors driving innovation. Cybercrime has evolved to such an extent that according to an Intel Security commissioned study, it costs the global economy an estimated $400 billion, with approximately 400 million victims and a $113 billion cost to consumers per year.
As cybercrime has grown, so too has the cybersecurity industry. Just like an arms race, criminals develop new attacks while the security industry responds by developing new forms of defenses, leaving consumers – including the public, private sectors and the government – in a constant state of playing catch-up. Consumers were caught flat-footed as nobody foresaw cybercrime's transformation into a full-fledged industry with business models generating attractive total costs of ownership – ROIs for their investors.
Recommended For You
Cybercrime has had a major impact on the financial services industry, be it the $45 million stolen from two Middle Eastern banks or an estimated $1 billion stolen over two years from various financial institutions worldwide. In fact, the average annual cost of cybercrime to the financial services industry is substantially higher than in most other industries, excluding energy and utilities. This fact was highlighted by Ben Lawsky, head of New York's Department of Financial Services, who is considering new rules requiring banks and insurance companies regulated by the DFS to better protect themselves from cybercrime. Meanwhile, the Europeans will be using the Single Euro Payments Area Payment Services Directive to improve security and protect against cyberattacks.
Organizations in various industries are facing enormous challenges due to the cybercrime threat. Whereas traditional physical attacks can be combated through the introduction of particular security measures and solutions (e.g. monitoring, sensors, additional perimeters protection, etc.), cybercrime must be fought on many fronts. Through constant innovation, cybercriminals are developing increasingly sophisticated malware, rogue mobile apps and attack vectors. Resilient botnets are also becoming widely available through the cybercrime-as-a-service marketplace and are exploitable by criminals with little or no technical knowledge.
But how do we protect ourselves?
While traditional security approaches may offer protection and relief against cybercrime, they will always be limited and unfortunately reactive. One example is the typical anti-virus software installed on traditional devices and systems. These solutions attempt to protect against malware by relying on knowing their so-called "digital signatures." However, when new malware is released into the public domain, its digital signature is unknown and a security gap develops. Only when the malware is identified and new digital signatures are distributed will the anti-virus software deliver the necessary protection. This approach is totally insufficient in combating cybercrime.
Cybercrime can be combated with a variety of approaches, but the security industry has introduced one approach favored by organizations and law enforcement agencies alike: Intelligence-driven security with fraud-prevention approaches using behavioral analytics. Intelligence-driven security provides a layered security or holistic model to protect corporations, brands, systems, people and data. Meanwhile, behavioral analytics deliver security based on anomaly detection, which is the capability to sift through large amounts of information (communication, interactions, transactions, etc.) and identify patterns that do not conform to those statistically expected. Typical examples of such behavior anomalies would be network perimeter breaches, unwarranted escalation of privileges, replacement or installation of malware, harvesting of sensitive corporate information and transmission of harvested data across irregular channels.
Behavioral analytics-driven security is where the behavior of devices, people, systems and applications is used to identify anomalies, protecting IT eco systems, users and data alike. Even if attacks can't be blocked completely, having access to the right intelligence accelerates detection, significantly reducing the attacker's window of opportunity and minimizing the potential for loss or damage.
From a financial industry perspective, particularly retail banking, this intelligence-driven behavioral analytics approach has been in place for some time. Retail banks have been analyzing their customer payment behavior in relation to various points of interaction (e.g. branches, self-service, the web, mobile, tellers, point-of-sale, etc.) for years. Through this analysis, they have been able to identify anomalies in real-time by tracking customer card behavior and blocking potential fraudulent transactions. Point-of-sale and ATMs are using similar methods of protection.
In the Home Depot and reported Ukrainian-Russian ATM attacks, cybercriminals managed to infiltrate and install their malware on devices (point-of-sale terminals and ATMs). They circumvented the installed security solutions (standard anti-virus) and performed the tasks the machines were designed to do (harvest card information and perform authorized cash dispensing). While an intelligence-driven behavioral analytics approach may not have stopped the criminals from penetrating and installing their respective software, it would have identified an anomaly in the device's behavior, raising an alert, informing the respective security teams and blocking the malware from performing the attack.
The intelligence-driven behavioral analytics approach delivers predictably high standards of security for today's environment of rapidly escalating and unpredictable cybercrime. It can dramatically improve efficiencies in threat detection and response, supporting security personnel, processes and technologies to perform more effectively.
Terence Devereux is a senior trusted advisor in Wincor Nixdorf's CTO office. He can be reached at 31-088-102-8812 or [email protected].
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
