Your Reading List & recommendations

Are you at risk from Cybercrime as a Service (CaaS)?

Hummingbad, Stuxnet, Love Bug, Trojan, worm, ransomware – rarely a day goes by without some major data breach or new strain of malware hitting the headlines. Over the past few years, the internet has seemingly become a scary place with people out to get your data and extort money from you at every turn. Much of what is driving this is the commoditisation of cybercrime, says Pete Roythorne.

Pete Roythorne, cyber security commentator

The rise of Cybercrime as a Service (CaaS) providers means it’s really simple to pull together everything to launch a cyber attack in one nice, neat, easy-to-use package. In fact, the barriers to entry into cybercrime are now so low that even those with no technical skills are able to get involved.


The 2014 Internet Organised Crime Threat Assessment (iOCTA) report was one of the early pieces of research to draw attention to the rise of a service-based criminal industry, where those operating in the virtual underground – or darknet – were starting to make products and provide services for use by other criminals. Since then CaaS has gone from strength to strength, and today at any given moment you can find thousands of online forums selling everything from stolen credit cards and personal data, to malware and even fully deployed browser exploit packs – provided you know where to look, of course.


This means that gone are the days of IT guys fighting the good fight against a comparatively small but hugely experienced group of hackers. Today, the majority of cybercriminals are actually chancers looking for a quick buck from an easy exploit. The fact that the consequences for perpetrators are minimal and entry is easy opens up the cybercrime market to almost anyone. Indeed, Adrian Leppard, Commissioner of the City of London Police, asserts that around a quarter of organized crime groups in the UK are involved in financial crime. On top of this, a recent University of Cambridge study showed that 60% of cybercriminals also had a criminal record unrelated to cybercrime.


Good news

So, the good news is that unless you’ve made enemies of Anonymous or are on the wrong side of nation state hackers, chances are that you’re more likely to come into contact with opportunistic petty crime. Admittedly that petty crime can be pretty devastating if you’re on the wrong end of it – leaving your business paralysed or facing damage to its image thanks to the loss of sensitive data.


However, the opportunistic nature of these attacks means that attackers are keen to take the path of least resistance. Make it difficult for them and they’ll likely turn their attentions to someone else who hasn’t bothered to heed the warnings and strengthen their defences.


It’s always tougher for the good guys because they have to cover every possible eventuality, whereas the bad guys just need to focus all their efforts on one potential point of weakness.  Ultimately this means ensuring you have layers of security in place to make yourself hard to hack – which is about the best you can hope for.


What layers do you need?

Putting layers of defence in place will make your business more resilient. Gone are the days of thinking “hey I’ve got antivirus so I’m fine”, you’ll also need to make sure you’ve got the following:


  • Mail filtering and spam filtering

Weeding out any dodgy looking emails that either come from blacklisted addresses or that link to less than reputable websites will have a big impact. The most popular way of delivering malware is still via email; cut this off and while far from home and dry, you can at least sleep a little easier.

  • Web protection

Stopping your staff from visiting insecure websites will also pay huge dividends. Another popular method of malware delivery is via corrupted websites.

  • Patch management

The main way for bad guys to get into your system is via a known weakness in your software. Ensuring that all your software is up to date with the latest security patches will help close the window of opportunity as quickly as possible.

  • Backup

Because you can never be 100% sure nothing will get through, making sure you have a regular backup process in place is essential. If you do get struck by a piece of malware, you can quickly and easily revert back to a stage before your network got infected and lose the minimum data possible.


It’s pretty much impossible to run a modern business without the internet. So if you want to keep your company safe and functioning make sure you get your layers of security in place today, before you become part of the headlines.



All articles


Public sector

Safe & secure


Tech advice

Work smarter