Hi there, I have a few questions. I am doing a research project and I was hoping in getting some more recent information about cybercrime. The information on google.com and bing.com about cybercrime is either 2 years old, or irrelevant to what I am seeking. The questions I have are as follow, What is the the major threat? How can someone prevent these attacks? The reason I ask is because there are many ideas on how to defend yourself online. Some say use VPN, others say use Tor, or proxies. How are people suppose to understand what this means when the information we are given is not in detail. The information that I have heard in detail cost me 20 dollars. Even there some information and ways to prevent aren't allowed. Is cyber security something the government wants to control? I would like to continue on, but I will leave this here and wait for some opinions from you. Thank you.
Succinctly, ransomware, phishing, and business email compromise continue to be major problems for businesses. Defensively, you need to stick to the basics: patch management, vulnerability scanning, robust backups, etc.
There are a number of good industry reports on cybercrime:
(ISC)2 sponsored Cybersecurity Trends - 2017 Spotlight Report
California Attorney General's Office California Data Breach Report 2016
Stick to the basics. CIS gives you good, high-level objectives. NIST gives you very in-depth options.
*800-53 has tons of controls, other 800-xx go in-depth on specific topics.
What's exactly are you trying to protect from the criminals? Are you thinking about home users, small business, large corporations, governments...? I'd suggest the response to your question will vary depending upon what the target is.