The unrelenting number of cybercrime breaches reported each week would seem to buttress the traditional school of thought that a cybercriminal’s capability increases the chances of a successful breach of a firm’s cyber defences.
However, I often debate the question ‘are cybercriminals really becoming more capable in this age of the dark web and the $2tn annual crime-as-a-service industry where cybercriminals who collaborate with like-minded peers, armed with a free spear-phishing script plus a helping hand from a willing or unwitting insider can gain illegal access to most firm’s networks in an instance?’
The truth is cybercriminals don’t have a higher IQ than most cybersecurity professionals – they just have less morals coupled with bravery and determination, plus they collaborate with their like-minded peers rather than compete against their peers at the expense of collective success.
Addressing cybersecurity leaders and professionals in workshops since last year, most still say they’d loathe to address internal cyber threat agents e.g. senior executives who are most often the targets of spear-phishing attacks, out of a fear of being sacked for pointing out the risk. If we’re working from a perspective of fear and unease over our board’s unwillingness to back us in trying to protect the business’s assets – then we can never match the bravery and effort of the cybercriminal expended when trying to steal our data.
Alas, most cybercriminals are fearless and so cybersecurity leaders and professionals can’t afford to be anything other than fearless too. Imagine a surgeon refusing to operate on a patient for fear of being blamed if things go wrong?
Cybercriminals are definitely no more capable or intelligent than we the good guys for sure – just braver. We can match their bravery too and, in doing so, protect our businesses to the best of our ability.