topic Re: Cybercrime in Member Support

Cybercrime

Chaotic — Mon, 09 Oct 2023 08:21:09 GMT

Hi there, I have a few questions. I am doing a research project and I was hoping in getting some more recent information about cybercrime. The information on google.com and bing.com about cybercrime is either 2 years old, or irrelevant to what I am seeking. The questions I have are as follow, What is the the major threat? How can someone prevent these attacks? The reason I ask is because there are many ideas on how to defend yourself online. Some say use VPN, others say use Tor, or proxies. How are people suppose to understand what this means when the information we are given is not in detail. The information that I have heard in detail cost me 20 dollars. Even there some information and ways to prevent aren't allowed. Is cyber security something the government wants to control? I would like to continue on, but I will leave this here and wait for some opinions from you. Thank you.

Re: Cybercrime

CISOScott — Mon, 06 Nov 2017 19:34:55 GMT

See if you can get your hands on the Verizon Breach Report (DBIR) for the current year. Usually a lot of good details in there.

Re: Cybercrime

Chaotic — Tue, 07 Nov 2017 16:14:18 GMT

Thank you 🙂 I will check this out.

Re: Cybercrime

jwilsonjx — Tue, 07 Nov 2017 19:15:57 GMT

I would also recommend checking out https://www.owasp.org -- while there review the OWASP top 10. There is a plethora of free information on this site that details both the common vulnerabilities as well as means to defend against them. Albeit, many defenses are from a developer perspective.

Re: Cybercrime

Keelan_Stewart — Tue, 07 Nov 2017 20:31:08 GMT

Succinctly, ransomware, phishing, and business email compromise continue to be major problems for businesses. Defensively, you need to stick to the basics: patch management, vulnerability scanning, robust backups, etc.

Sources:

There are a number of good industry reports on cybercrime:

(ISC)2 sponsored Cybersecurity Trends - 2017 Spotlight Report

California Attorney General's Office California Data Breach Report 2016

PhishMe Enterprise Phishing Susceptibility and Resilience Report 2016

Verizon 2017 Data Breach Investigations Report

Defense:

Stick to the basics. CIS gives you good, high-level objectives. NIST gives you very in-depth options.

CIS Critical Security Controls

NIST Special Publications 800-xx Series

*800-53 has tons of controls, other 800-xx go in-depth on specific topics.

Re: Cybercrime

TonyDS — Fri, 10 Nov 2017 21:34:13 GMT

Hello,

What's exactly are you trying to protect from the criminals? Are you thinking about home users, small business, large corporations, governments...? I'd suggest the response to your question will vary depending upon what the target is.