State actors or cyber criminals: the lines are blurring. According to the ESET security experts, the campaigns by state actors have increased. ESET reports on the current situation and gives a forecast for the future.
Whether hackers who are supported by governments or financially motivated cyber criminals: It is no longer possible to differentiate between these actors. The boundaries between this and "classic" cyber crime are becoming increasingly blurred. Hacker groups who have drawn attention to themselves through Advanced Persistent Threat (APT) attacks also try to generate financial profits from their activities. Conversely, cyber criminals sell their tools to state actors on the dark web, for example. Companies must therefore protect themselves effectively against the changing dangers.
BSI: 20 percent of the IT budget for security
“The Federal Office for Information Security (BSI) recommends that companies spend 20 percent of their IT budget on security. However, the reality is different. According to official estimates, companies invest less than ten percent of their total IT budget in IT security measures. In the race against state actors and professional cyber criminals, this is not enough in our opinion, ”says Thomas Uhlemann, Security Specialist at ESET.
Boundaries blur
Cybercrime generates billions of euros a year - an exact, reliable estimate is hardly possible. The fully functional shadow economy generates more income than the gross domestic product of many countries. Just as legitimate defense companies and suppliers are hired by private governments, cybercriminals and their resources are increasingly the subject of informal and often ad hoc outsourcing agreements. Dark web providers are now selling exploits and malware to state actors. APT groups are no longer just eager to gain access to corporate networks and steal data there over a long period of time, but also try to generate income. It is also believed that government employees are allowed to work on the side to make some extra money.
Organizations need to prepare for these threats
In the United States, some cyber criminals have been blacklisted. In the event of ransomware attacks by these groups, both insurers and victims would be criminally liable for paying a ransom. Accordingly, these criminals try to circumvent the regulation by changing their names. As long as there is a market for their services, these groups will continue to operate. “Whether you are an ordinary cybercriminal or a state actor, these attackers are not superhumans. Companies have to create their security strategies independently of the possible adversary. This includes the continuous checking of processes, multi-layered defense measures, training of employees and clear guidelines, ”recommends Thomas Uhlemann.
"IT security made in EU"
IT security is a matter of trust. Companies in particular must be able to rely on the performance and reliability of the technologies and solutions used. As an industry pioneer and largest manufacturer of IT software security solutions with headquarters in the European Union, ESET was one of the first companies to receive the quality mark from the industry association TeleTrust. By signing the voluntary declaration of conformity, ESET has underscored its commitment to EU data protection and trustworthy IT security technologies.
More at ESET.com
About ESET ESET is a European company with headquarters in Bratislava (Slovakia). ESET has been developing award-winning security software since 1987 that has already helped over 100 million users enjoy secure technology. The broad portfolio of security products covers all common platforms and offers companies and consumers worldwide the perfect balance between performance and proactive protection. The company has a global sales network in over 180 countries and branches in Jena, San Diego, Singapore and Buenos Aires. For more information, visit www.eset.de or follow us on LinkedIn, Facebook and Twitter.