cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Chaotic
Newcomer II

Cybercrime

Hi there, I have a few questions. I am doing a research project and I was hoping in getting some more recent information about cybercrime. The information on google.com and bing.com about cybercrime is either 2 years old, or irrelevant to what I am seeking. The questions I have are as follow, What is the the major threat? How can someone prevent these attacks? The reason I ask is because there are many ideas on how to defend yourself online. Some say use VPN, others say use Tor, or proxies. How are people suppose to understand what this means when the information we are given is not in detail. The information that I have heard in detail cost me 20 dollars. Even there some information and ways to prevent aren't allowed. Is cyber security something the government wants to control? I would like to continue on, but I will leave this here and wait for some opinions from you. Thank you.

5 Replies
CISOScott
Community Champion

See if you can get your hands on the Verizon Breach Report (DBIR) for the current year. Usually a lot of good details in there.

Chaotic
Newcomer II

Thank you 🙂 I will check this out.
jwilsonjx
Newcomer II

I would also recommend checking out https://www.owasp.org -- while there review the OWASP top 10. There is a plethora of free information on this site that details both the common vulnerabilities as well as means to defend against them. Albeit, many defenses are from a developer perspective.

Keelan_Stewart
Newcomer II

Succinctly, ransomware, phishing, and business email compromise continue to be major problems for businesses.  Defensively, you need to stick to the basics: patch management, vulnerability scanning, robust backups, etc.

 

Sources:

There are a number of good industry reports on cybercrime:

(ISC)2 sponsored Cybersecurity Trends - 2017 Spotlight Report

California Attorney General's Office California Data Breach Report 2016

PhishMe Enterprise Phishing Susceptibility and Resilience Report 2016

Verizon 2017 Data Breach Investigations Report

 

Defense:

Stick to the basics.  CIS gives you good, high-level objectives.  NIST gives you very in-depth options.

CIS Critical Security Controls

NIST Special Publications 800-xx Series

*800-53 has tons of controls, other 800-xx go in-depth on specific topics.

TonyDS
Newcomer II

Hello,

 

What's exactly are you trying to protect from the criminals? Are you thinking about home users, small business, large corporations, governments...? I'd suggest the response to your question will vary depending upon what the target is.