Sign up to save your podcasts
Or
Share Drudgery of Cybercrime
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Drudgery of Cybercrime
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-drudgery-of-cybercrime/)
Why does the press persist on referring to all cyber breaches as sophisticated attacks? Is it to make the victim look less weak, or do they simply not know the tedium that's involved in cybercrime?
Check out this post by Brian Krebs for the basis for our conversation on this week's episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and guest Steve Zalewski, deputy CISO, Levi Strauss.
Thanks to this week's podcast sponsor, IronNet Cybersecurity.
To combat sophisticated cyber threats, companies are increasingly adopting collective defense strategies to actively share intelligence with peer organizations to improve the detection capabilities of the collective. Through faster sharing of behavioral analytics, signature-based, and human threat insights, organizations can more effectively spot malicious activity and reduce attacker dwell time. More on IronNet Cybersecurity.
On this episode of Defense in Depth, you'll learn:
- There's a dichotomy between how the press glorifies cybercrime as being "sophisticated" when the reality is much of cybercrime is drudgery.
- Most cybercrime is under a pay-for-hire or a web-based service model. Cybercriminals have to deal with many of the same business-related issues we all do, such as support, infrastructure, customer relations, and sales.
- Given that the cybercriminals are usually doing work for someone else, they have customers and those customers will often complain if they are not getting the expected service.
- There was question if cybercrime does pay. It seemed that if you had some basic technical talents then legitimate InfoSec was a far more lucrative field that would probably offer benefits that cybercrime couldn't offer.
- The paper states that low-skilled administrators often don't know much about the systems they maintain. This would lead one to believe they're also far removed from the criminal activity.
- Many of these claims of the boredom of cybercrime can be made of the InfoSec community as well.
- Once you understand that cybercrime is a business with a need for ROI like any other business, the goal in protecting oneself is to simply make it too costly and not financially attractive to be hacked.
View all episodes
By David Spark, Steve Zalewski, Geoff Belknap
4.8
7373 ratings
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-drudgery-of-cybercrime/)
Why does the press persist on referring to all cyber breaches as sophisticated attacks? Is it to make the victim look less weak, or do they simply not know the tedium that's involved in cybercrime?
Check out this post by Brian Krebs for the basis for our conversation on this week's episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and guest Steve Zalewski, deputy CISO, Levi Strauss.
Thanks to this week's podcast sponsor, IronNet Cybersecurity.
To combat sophisticated cyber threats, companies are increasingly adopting collective defense strategies to actively share intelligence with peer organizations to improve the detection capabilities of the collective. Through faster sharing of behavioral analytics, signature-based, and human threat insights, organizations can more effectively spot malicious activity and reduce attacker dwell time. More on IronNet Cybersecurity.
On this episode of Defense in Depth, you'll learn:
- There's a dichotomy between how the press glorifies cybercrime as being "sophisticated" when the reality is much of cybercrime is drudgery.
- Most cybercrime is under a pay-for-hire or a web-based service model. Cybercriminals have to deal with many of the same business-related issues we all do, such as support, infrastructure, customer relations, and sales.
- Given that the cybercriminals are usually doing work for someone else, they have customers and those customers will often complain if they are not getting the expected service.
- There was question if cybercrime does pay. It seemed that if you had some basic technical talents then legitimate InfoSec was a far more lucrative field that would probably offer benefits that cybercrime couldn't offer.
- The paper states that low-skilled administrators often don't know much about the systems they maintain. This would lead one to believe they're also far removed from the criminal activity.
- Many of these claims of the boredom of cybercrime can be made of the InfoSec community as well.
- Once you understand that cybercrime is a business with a need for ROI like any other business, the goal in protecting oneself is to simply make it too costly and not financially attractive to be hacked.
More shows like Defense in Depth
View all
Hacked
187 Listeners
Security Now (Audio)
2,002 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
371 Listeners
Risky Business
375 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
638 Listeners
CyberWire Daily
1,020 Listeners
Smashing Security
321 Listeners
Click Here
415 Listeners
Darknet Diaries
8,007 Listeners
Cybersecurity Today
178 Listeners
Hacking Humans
314 Listeners
CISO Series Podcast
189 Listeners
Cyber Security Headlines
136 Listeners
Risky Bulletin
46 Listeners
Hacker And The Fed
171 Listeners