Inspired by recent movements in Europe, where tech giants like Airbus have advocated for a sovereign fund to support local technology sectors, this article explores Australia’s strategic need to develop sovereign satellite communication systems. As digital connectivity becomes increasingly crucial, the time to fortify our …
Information Security News Elon Musk’s Starlink Could Be Used to Transmit Australian Election Voting Results The Guardian by Josh TaylorThe Guardian reports that Elon Musk’s satellite internet service, Starlink, is being considered as a potential method to transmit voting results in Australian elections. This proposal …
Biometric Update by Masha Borak
The European Union is making significant strides towards tech sovereignty with the development of EuroStack, a comprehensive technology initiative aimed at reducing dependence on foreign tech giants amid ongoing trade tensions. This ambitious project seeks to bolster the EU’s capabilities in digital services and infrastructure, promoting a self-reliant approach to technology that aligns with its strategic economic and security interests.
EuroStack is poised to enhance data protection, cloud computing, and overall digital autonomy for the EU, marking a pivotal shift in the global tech landscape as Europe navigates the complexities of international trade and tech dominance.
Read more
SecurityWeek by Kevin Townsend
In a novel cyberattack, malicious actors are exploiting the popularity of Trump-themed commemorative coins to distribute malware. This campaign targets supporters through phishing emails that offer a chance to purchase these coins, only to infect their systems with malicious software when they attempt to engage.
The deceptive emails are crafted with convincing details and a call to action that redirects users to compromised websites. This strategy highlights a growing trend of using political memorabilia and current events as bait, reflecting an evolution in social engineering tactics aimed at specific demographic groups.
Read more
Security Affairs by Pierluigi Paganini
Cybersecurity experts are raising alarms about a critical vulnerability in PHP, identified as CVE-2024-4577, which is being exploited on a massive scale. This severe flaw allows attackers to execute arbitrary code on servers running vulnerable versions of PHP, potentially compromising millions of websites and web applications.
The widespread use of PHP in server-side scripting for web development makes this vulnerability particularly dangerous. Security professionals urge immediate patching and updates, as exploiting this flaw can give attackers control over web servers, leading to data theft, site defacement, and further network compromise.
Read more
Dark Reading by Jai Vijayan
The cyber threat group known as SideWinder is intensifying its targeted attacks on the maritime sector, deploying sophisticated tactics to infiltrate networks and steal sensitive information. This group’s activities have raised significant security concerns within the maritime industry, which is crucial for global trade and logistics.
SideWinder’s methods include using advanced malware and phishing attacks to gain access to ship management systems and port authority databases, aiming to disrupt operations and gather strategic data. The escalation of these attacks underscores the need for enhanced cybersecurity measures in critical infrastructure sectors to protect against increasingly adept and persistent threat actors.
Read more
ZDNet by Lance Whitney
A significant cyberattack is reported to be the cause behind recent widespread outages of the social media platform X. This attack highlights the vulnerabilities in digital platforms that are increasingly becoming targets for sophisticated cyber threats.
The cyberattack not only disrupted service for millions of users worldwide but also raised concerns about data security and the robustness of infrastructure against such incursions. The incident has prompted urgent calls for stronger cybersecurity protocols and resilience strategies to shield against future disruptions and potential data breaches.
Read more
Cyberscoop by Derek B. Johnson
Recent findings have revealed multiple vulnerabilities in ICONICS industrial SCADA software, posing significant risks to critical infrastructure systems that depend on this technology for operational control and monitoring. These vulnerabilities could allow cyber attackers to manipulate controls, alter configurations, or even shut down operations, potentially leading to severe consequences in sectors like energy, manufacturing, and water treatment.
The discovery underscores the critical need for continuous vulnerability assessments and prompt patching within industrial systems to safeguard them from potential cyber threats and ensure the continuity of essential services.
Read more
BleepingComputer by Bill Toulas
Switzerland has introduced a stringent new regulation requiring critical sector organizations to report cyberattacks within 24 hours of detection. This rule aims to enhance national cybersecurity resilience by ensuring swift and coordinated response efforts to digital threats.
The legislation covers entities in essential services such as healthcare, transportation, finance, and utilities, emphasizing the importance of transparency and prompt communication in mitigating the impacts of cyber incidents. The move reflects a growing global trend toward tighter cyber regulations as governments seek to fortify defenses against the increasing frequency and sophistication of cyberattacks.
Read more
The Hacker News by Ravie Lakshmanan
Security researchers have uncovered a new polymorphic attack technique that clones legitimate browser extensions to stealthily steal user credentials. This sophisticated method involves altering the code of popular extensions, turning them into trojans that can capture sensitive information such as passwords and banking details without alerting users or security systems.
The findings highlight a significant escalation in browser-based threats, emphasizing the need for users to verify the authenticity of extensions and maintain updated anti-malware solutions. The report calls for heightened awareness and stricter security practices to counteract these deceptive strategies that exploit the trust in commonly used digital tools.
Read more
The Register by Connor Jones
The cyber threat group Rhysida has successfully breached two US healthcare organizations, compromising the personal and medical information of over 300,000 patients. This sophisticated attack highlights the increasing vulnerability of the healthcare sector to cyber incursions, which can have devastating consequences for patient privacy and institutional integrity.
The hackers utilized advanced tactics to infiltrate network defenses and exfiltrate a significant amount of sensitive data, underscoring the critical need for healthcare entities to enhance their cybersecurity measures. This incident serves as a stark reminder of the importance of robust security protocols and continuous monitoring to protect patient information against such malicious activities.
Read more
Cybersecurity Dive by David Jones
The former director of NSA’s cyber division has issued a stark warning that significant job cuts within the agency pose a serious threat to national security. These reductions in cybersecurity personnel come at a time when cyber threats are becoming more frequent and sophisticated.
The former director emphasizes that decreasing the number of skilled cybersecurity professionals undermines the country’s ability to defend against and respond to cyber incidents effectively. This alert calls for urgent reconsideration of budget and staffing decisions to ensure the NSA and other critical security agencies are well-equipped to safeguard national interests in the digital age.
Read more
The Hacker News by Ravie Lakshmanan
A new malware known as SilentCryptoMiner is targeting Russian users by masquerading as legitimate VPN and DPI (Deep Packet Inspection) bypass tools. The malware has already infected approximately 2,000 individuals, covertly mining cryptocurrency using the resources of compromised systems.
This campaign highlights the dangers of downloading software from unverified sources, as attackers capitalize on the demand for privacy tools in regions with strict internet regulations. The incident underscores the need for heightened vigilance and the importance of using trusted channels for software downloads to prevent such deceptive and harmful intrusions.
Read more
BleepingComputer by Lawrence Abrams
Several US cities are issuing warnings about a new phishing scam involving unpaid parking tickets. The scam sends text messages to individuals, falsely claiming they have unpaid parking fines and directing them to a fraudulent website.
Once on the site, victims are prompted to enter personal information, which the scammers can then use for identity theft or financial fraud. This wave of phishing attacks highlights the increasingly cunning tactics used by cybercriminals to exploit everyday situations. Authorities are urging the public to verify any such claims through official municipal channels and to be cautious about providing personal information online.
Read more
The Nation
The Thai National Cyber Security Authority (NCSA) has been ordered to intensify its preparations against potential cyber warfare threats. This directive comes in response to escalating global cyber tensions and the increasing sophistication of potential cyber-attacks that could target critical national infrastructure.
The NCSA’s enhanced focus aims to bolster the country’s defenses by developing more advanced cyber response strategies, conducting regular security drills, and strengthening collaborations with international cybersecurity entities. This proactive approach is designed to ensure the nation remains resilient in the face of growing cyber threats and can effectively mitigate the impact of any cyber-attacks.
Read more
The Guardian by Eromo Egbejule
Internet shutdowns have reached a record high across Africa, with governments increasingly ‘weaponizing’ access to control information and suppress dissent. This trend is alarming advocates for freedom of expression and digital rights, as shutdowns not only curtail civil liberties but also impact economies and disrupt everyday life.
The use of internet blackouts as a political tool is particularly prevalent during protests, elections, and civil unrest, raising serious concerns about the erosion of democratic norms. This pattern underscores the urgent need for international dialogue and policy interventions to protect internet access as a fundamental right and to prevent its use as a tool for political manipulation.
Read more
The Observer by Carole Cadwalladr
This in-depth article chronicles the harrowing experience of a woman whose life was dramatically affected by a relentless campaign of online abuse. It explores the devastating impact of cyberstalking, which included constant harassment, the spreading of personal information, and threats that extended beyond the digital realm into her physical life.
The case study sheds light on the psychological and social repercussions of such targeted attacks, highlighting the insufficient legal protections and the often inadequate response from law enforcement agencies. This story calls for stronger regulatory measures and more robust support systems to protect individuals from cyber harassment and to hold perpetrators accountable.
Read more
The Record by Suzanne Smalley
According to experts, the office of the White House cyber director is poised to receive expanded powers under the Trump administration. This move aims to enhance the national cybersecurity strategy by centralizing authority and improving coordination among various federal agencies involved in cyber defense.
The bolstering of the cyber director’s office reflects an acknowledgment of the growing cyber threats facing the United States and the need for a more unified government response. Experts suggest that this restructuring will enable more effective policy-making and operational decisions in cybersecurity, potentially leading to stronger protections against cyberattacks on national infrastructure.
Read more
BleepingComputer by Bill Toulas
Recent discoveries have revealed undocumented commands in a widely used Bluetooth chip, present in over a billion devices, raising significant security concerns. These hidden commands, if exploited, could potentially allow attackers to execute arbitrary actions on affected devices without the user’s knowledge.
This vulnerability underscores the critical importance of hardware security and the potential risks associated with overlooked or hidden functionalities in common technology components. The exposure of such commands highlights the need for manufacturers to conduct thorough security audits and for users to ensure their devices are regularly updated to mitigate any potential threats arising from such vulnerabilities.
Read more
Security Affairs by Pierluigi Paganini
The Japanese telecommunications giant NTT disclosed a significant data breach impacting approximately 18,000 corporate clients. This breach involved unauthorized access to a wide range of sensitive data, potentially exposing business secrets and personal information.
The incident highlights vulnerabilities in telecommunications networks that can have far-reaching consequences for both the service provider and its extensive client base. NTT has initiated a comprehensive security overhaul and is collaborating with law enforcement to investigate the breach. This event underscores the need for enhanced cybersecurity measures and continuous vigilance to protect against sophisticated cyber threats in an increasingly interconnected world.
Read more
Cybersecurity Dive by Alexei Alexis
The frequency and severity of cyberattacks targeting IT vendors have dramatically intensified, resulting in substantial financial and operational losses. This trend is particularly alarming as IT vendors often serve as gateways to broader networks, making them attractive targets for cybercriminals looking to exploit multiple victims through a single entry point.
These attacks not only disrupt IT operations but also compromise the security of their clients’ data and systems. The article highlights the growing need for IT vendors to implement robust cybersecurity strategies, including multi-factor authentication, regular security audits, and employee training, to mitigate the risks and protect both their assets and those of their clients.
Read more
BleepingComputer by Bill Toulas
An emerging cyber threat involves extortion of YouTubers through the manipulation of copyright strike processes to distribute malware. Cybercriminals are targeting content creators by threatening them with copyright strikes, which can severely impact their channel and revenue unless they comply with demands that often include downloading malware-laden software.
This strategy not only exploits the legal copyright mechanisms but also turns them into a tool for cyber extortion. The practice highlights a new form of cybercrime that blends traditional copyright abuse with digital extortion, significantly complicating the security landscape for online content creators. It underscores the importance of vigilance and legal awareness among YouTubers to protect against such sophisticated and damaging attacks.
Read more
The Register by Iain Thomson
A developer orchestrated a sabotage attack against his former employer by implementing a kill switch that activated upon his dismissal. This deliberate act caused significant disruption to the company’s operations, as critical systems were disabled, leading to downtime and financial losses.
The incident underscores the potential risks associated with insider threats and the importance of maintaining stringent security protocols, especially regarding access control and monitoring of sensitive systems. The company has since taken steps to bolster its security measures and review its policies to prevent such occurrences in the future, highlighting the need for continuous vigilance and robust security practices in the workplace.
Read more
Security Systems News by Cory Harris
Experts in cybersecurity are emphasizing that the fight against cyber threats is an ongoing battle that requires constant vigilance and adaptation. This article discusses the ever-evolving nature of cyber threats and the critical importance of staying proactive in cybersecurity practices.
Industry leaders warn against complacency, highlighting that as technology advances, so do the tactics of cybercriminals. Harris, editor of Security Systems News, advocates for continuous investment in cybersecurity infrastructure, regular updates to defensive strategies, and ongoing training for all staff. The message is clear: the cybersecurity landscape is dynamic and requires perpetual effort and innovation to keep data and systems safe.
Read more
itWire by Grant Titmus
Rapid7’s Chief Scientist, Raj Samani, has issued a stark warning to Australian businesses regarding the escalating threat of ransomware attacks. Samani is urging companies to prioritize their ransomware response policies and strengthen their cybersecurity defenses to combat this pervasive threat.
His call to action comes amid rising incidents of ransomware across Australia, which are increasingly sophisticated and disruptive. The article highlights the necessity for businesses to implement comprehensive security measures, including regular data backups, employee training on phishing awareness, and robust incident response plans. The emphasis is on preparation and resilience, aiming to mitigate potential impacts and ensure business continuity in the face of these cyber challenges.
Read more
CyAN Member Nick Kelly
CyAN Member Nick Kelly provides a detailed analysis of the FY2024 IT and cybersecurity spending across selected ASX 200 companies, revealing significant trends and investment patterns. This report underscores the growing emphasis on cybersecurity in the corporate sector, reflecting increased allocations toward enhancing digital defenses.
Kelly’s analysis points out that despite economic pressures, companies are prioritizing investments in cybersecurity to address the escalating threat landscape. The document serves as a crucial resource for understanding how top Australian companies are strategically positioning their resources to combat cyber threats, offering valuable insights into the prioritization of IT and cybersecurity expenditures in response to evolving challenges.
Read more
Keynote by Dan Elliot
📅 Date: March 12
📍 Location: Peoplebank, Sydney
🔗 Event details
📅 Date: April 1-2
📍 Location: Lille, France
🔗 Event details
📅 Date: March 19
📍 Location: Online
📩 See emails for details
📅 Date: April 14-16
📍 Location: Marrakesh, Morocco
🔗 Event details
📅 Date: April 23-25
📍 Location: Marina Bay Sands, Singapore
🔗 Event details
📅 Date: May 6-8
📍 Location: Dubai World Trade Center, UAE
🔗 Event details
📅 Date: May 8
📍 Location: London, UK
🔗 Event details
📅 Date: May 14-15, 2025
📍 Location: Dubai, UAE
🔗 Event details
📅 Date: June 7-9, 2025
📍 Location: Rabat, Morocco
🔗 Event details
Last Friday, I attended the launch of The Cost of Domestic Violence to Women’s Employment and Education at the University of Technology Sydney. Written by the renowned researcher and writer Anne Summers, this report lays bare how domestic violence and coercive control disrupts women’s financial …
Information Security News Latin American Orgs Face 40% More Attacks Than Global Average Dark Reading by Nate NelsonOrganisations in Latin America are experiencing a surge in cyberattacks, facing 40% more incidents than the global average. This alarming trend underscores the unique cybersecurity challenges in the …
It is essential to clarify from the outset that this analysis does not seek to establish a direct correlation between cybersecurity expenditure and measurable security outcomes, such as the successful mitigation of cyber threats or financial savings resulting from reduced attack impact. While investment in cybersecurity is a necessary component of a robust defence strategy, the complexity of cyber risk, evolving threat landscapes, and the multifaceted nature of security effectiveness preclude any straightforward causal relationship between financial allocation and security success. This study, therefore, focuses on the strategic prioritisation of cybersecurity investment within financial institutions rather than attempting to quantify its direct operational efficacy.
Furthermore, it is important to note that the financial data presented reflects cybersecurity spending over a multi-year period, albeit one from several years ago. Given that this analysis is conducted in 2025, some figures may not fully capture more recent investment trends, emerging security technologies, or shifts in cyber risk exposure. While historical data provides valuable insight into spending patterns and institutional priorities, it does not necessarily indicate present or future financial commitments.
A subsequent analysis will seek to explore potential correlations between cybersecurity investment and key security outcomes, leveraging publicly accessible data where possible. This follow-up study will critically assess available metrics—such as breach frequency, regulatory penalties, and operational resilience—to determine whether any discernible patterns emerge between financial commitment to cybersecurity and real-world security performance. However, given the inherent challenges of isolating variables in this domain, findings will be framed within the limitations of available data, temporal gaps in financial reporting, and broader contextual industry factors.
Major global banks have dramatically increased their cybersecurity investments in the past five years, both in absolute spending and as a share of IT budgets. Table 1 below compares cybersecurity spending for several top banks (by assets) in 2018 vs. 2022, illustrating these trends. North American banks show some of the highest absolute cyber budgets (hundreds of millions of USD annually), while European banks tend to allocate a slightly higher percentage of their IT budget to security. Asia-Pacific banks historically spent less on cybersecurity (contributing to higher vulnerability rates in that region (Low investments in cybersecurity expose financial sector to threats: Experts – The Economic Times), but are now rapidly ramping up investments as cyber threats intensify globally.
Table 1. Cybersecurity Budget Trends at Selected Major Banks (2018–2022) (link here)
Detailed case studies from different regions demonstrate how major banks are implementing significant cybersecurity initiatives. These examples show how banks tailor their cyber strategies to address region-specific threats and comply with local regulations, while investing heavily to bolster resilience.
JPMorganChase, the largest U.S. bank by assets, has made cybersecurity a centerpiece of its technology strategy. In 2019, the bank spent roughly $600 million annually on cybersecurity and employs about 3,000 cybersecurity personnel (With $600 Million Cybersecurity Budget, JPMorgan Chief Endorses AI and Cloud – SecurityWeek). For perspective, this budget was a dramatic increase from preceding years (the bank’s cyber spend doubled from $250 million to $500 million in the mid-2010s (2018 Cybersecurity Market Report), reaching ~$600 million by 2019). JPMorgan’s CEO Jamie Dimon identified cyber risk as perhaps “the biggest threat to the U.S. financial system” (With $600 Million Cybersecurity Budget, JPMorgan Chief Endorses AI and Cloud – SecurityWeek), underscoring why the bank continues to pour resources into cyber defence. JPMorgan’s initiatives focus on advanced capabilities like artificial intelligence and cloud security. Again in 2019, Dimon endorsed a move “all in” on cloud and AI to enhance security, noting the cloud can improve resiliency and scale defenses.
Fast forward to 2024, and JPMorgan’s situation was laid bare by CEO JPM’s Asset Management & Wealth Mary Callahan Erdoes:
Hard numbers on the above were stated during the conference as: $15bn annual technology spend with 62,000 technologists, many of whom were/are focused on cyber specifically.
The firm has built multi-layered defenses and real-time monitoring to handle everything from routine fraud attempts to advanced nation-state threats. U.S. regulatory expectations (from bodies like the FFIEC and New York State DFS) and industry collaboration via the Financial Services Information Sharing and Analysis Center (FS-ISAC) have further driven JPMorgan’s strategy. The bank regularly works with government and industry partners to share threat intelligence and bolster critical infrastructure protection.
HSBC, one of Europe’s largest banks (with a global footprint concentrated in Europe and Asia), has likewise made robust cybersecurity investments and adaptations. HSBC’s annual cybersecurity spending is estimated in the hundreds of millions (USD) – on the order of $600–750 million per year in recent years (Financial Firms Spend Up to $3,000 Per Employee on Cybersecurity). This forms a significant portion of HSBC’s roughly $6 billion overall technology budget (approaching ~10% allocated to security). HSBC’s approach to cybersecurity is heavily influenced by the cross-border regulatory landscape and evolving threats in its key markets. European regulations (think the EU’s General Data Protection Regulation (GDPR) and the PSD2 directive (mandating strong customer authentication)) have pushed banks like HSBC to achieve high standards in data security and fraud prevention. Additionally, EU supervisors (e.g. the European Central Bank) now ask banks for detailed cyber resilience metrics (such as dedicated security staffing) to ensure preparedness (THE CHALLENGE OF ORGANIZING THE BUDGETARY MANAGEMENT OF CYBERSECURITY IN YOUR COMPANY – RiskInsight).
In response, HSBC announced a series of security initiatives to stay ahead of emerging threats. For example, in 2023, HSBC announced that it had become the first bank in the UK to trial quantum cryptography for network security, partnering with BT Group and Toshiba to pilot Quantum Key Distribution for encrypting data between its London data centres (We’re fighting the cyber criminals of the future | HSBC News).
This quote is from former CEO of HSBC Europe, Colin Bell, who highlighted HSBC’s proactive stance on next-generation security. HSBC also continually upgrades more immediate defences: the bank processes 4.5 billion payments a year, and it relies on encryption and real-time threat monitoring to protect those transactions.
Asia-Pacific: DBS Bank (Singapore)
In the Asia-Pacific region, DBS Bank provides a case study in integrating cybersecurity deeply into a digital transformation strategy. DBS is a leading Singapore-based bank operating across Asia, and it has been recognised as one of the world’s most technologically advanced banks. With this digital focus, DBS’s leadership is acutely aware that cyber risk comes hand-in-hand with innovation. A quote from Seng Wei Keng in this FS-ISAC piece sets the tone nicely:
DBS has implemented a multi-layer “onion” security architecture to defend its systems (DBS’ Piyush Gupta explains how the bank deals with digital trust in an era of deep fakes and misinformation – CNA). According to CEO Piyush Gupta, DBS operates under the assumption that some attackers will penetrate outer defences, so the bank emphasises in-depth measures and internal monitoring to limit any potential damage. This includes extensive use of techniques like micro-segmentation of networks, behavioural analytics, and AI-driven anomaly detection to quickly identify and isolate threats. DBS also contracts specialised cybersecurity firms to scour the dark web for any signs of attacks targeting the bank or brand, enabling rapid takedowns of phishing sites and fake domains. These initiatives have earned DBS recognition; it was the first bank to implement an innovative “digital soft token” mobile authenticator (with a money-back security guarantee for customers) and won the regional Cybersecurity Award in 2019 for its security excellence (DBS: On Becoming the Wizard of Digital Transformation).
Regional regulations and threat trends shape DBS’s cyber strategy as well. Singapore’s regulator, the Monetary Authority of Singapore (MAS), imposes stringent Technology Risk Management guidelines, requiring banks to maintain strong cyber governance and report incidents within hours. DBS not only complies but often exceeds these requirements, serving as an industry leader in implementation of measures like secure API frameworks and zero-trust principles. Asia-Pacific has become the most targeted region for cyberattacks globally (31% of all reported cyber incidents in 2022, for example, were in APAC) (Top Cybersecurity Statistics for 2024 | Cobalt), so banks like DBS have had to rapidly elevate their defences. The bank’s investments in cybersecurity have grown annually (while exact figures aren’t public, DBS’s overall tech spending is substantial, and a healthy fraction is devoted to security efforts). By leveraging its tech-forward culture and complying with forward-looking initiatives (for example, MAS’s 2024 quantum-resilience trials with banks (MAS to commence quantum-proofing cybersecurity trials with banks …)), DBS adapts to the region’s unique challenges.
Leaving the reader with these quotes gives you a sense – at least on paper and in front of the press mic – of the seriousness with which bank executives are taking the cyber threat. Leading banking executives have explicitly underscored the importance of proactive cybersecurity investment and strategy – and it’s clear that the spend, both in total volume and as a percentage of IT spend – supports their intuitions. Whilst data are sometimes a bit hard to nail down, what’s clear is that major banks, globally, are spending with vigour. (How effective spend is in reducing loss from cyber attacks is a topic for another article, although successes like that of DBS, for example, suggest risk and impact can be managed well.)
Below are selected quotes from CEOs and board-level leaders at major banks over the past years, highlighting their perspectives on cyber initiatives and commitment:
Next I’ll attempt to articulate the impact of this spend…
Nick Kelly | SecureFlag | CyAN Member
Website: www.secureflag.com
LinkedIn: Nick Kelly
Abstract In today’s rapidly evolving digital landscape, organizations face unprecedented challenges that necessitate establishing a robust framework to navigate operational agility and economic security. This document delves into dynamic resilience, harmoniously integrating these vital components to foster sustainable growth, adaptability, and long-term success. Through a …
Information Security News 89% of Enterprise GenAI Usage Is Invisible to Organizations, Exposing Critical Security Risks The Hacker NewsA new report reveals that a staggering 89% of generative AI usage within enterprises remains undetected, exposing organisations to severe security risks. This covert AI activity can …
Every year, Safer Internet Day reminds us of the importance of making the internet a safer place for everyone. Initially conceived as a tool to connect people and make life more convenient, the internet has evolved into a cornerstone of modern living. Yet, it has also become a breeding ground for a darker reality: the business of cybercrime.
The digital revolution has opened countless doors, but it has also created lucrative opportunities for cyber attackers. These bad actors are no longer lone individuals operating in the shadows. Today, cybercrime is a sophisticated industry with its own ecosystem, leveraging the same technologies meant to enhance our lives to exploit, disrupt, and profit.
Cybercrime has become an extraordinarily profitable enterprise. According to recent studies, the global cost of cybercrime is expected to reach trillions of dollars annually, surpassing the GDP of many countries. Ransomware attacks, phishing schemes, data breaches, and fraud campaigns are not random acts of chaos; they are carefully orchestrated operations driven by clear business goals.
Much like legitimate businesses, cybercriminals rely on a variety of strategies to ensure their success. They conduct reconnaissance, analyse market opportunities, and even perform risk assessments to maximise their returns. They’ve built dark web marketplaces to sell stolen data, malware, and hacking tools, creating an underground economy that rivals legitimate industries in scale and sophistication.
The internet was designed to make life easier, but in the hands of cyber attackers, it can turn into a tool of destruction. For example:
The dual nature of technology—its potential to be both beneficial and harmful—poses a unique challenge for society. The rise of artificial intelligence (AI) has only amplified this risk, enabling more targeted, scalable, and automated attacks.
The integration of AI into cyber attacks represents the next wave of challenges. AI-powered malware can adapt and evolve, making it harder to detect and mitigate. Social engineering attacks, such as phishing, can leverage AI to craft hyper-personalised messages that are almost indistinguishable from legitimate communications.
The irony is that the same AI tools used by organisations to strengthen their defenses are also being weaponised by attackers to undermine them. This arms race underscores the critical importance of vigilance and innovation in cybersecurity.
Days like Safer Internet Day serve as important reminders of our shared responsibility to protect the digital world. Governments, organisations, and individuals must work together to address the risks posed by cyber attackers. Here are some practical steps everyone can take:
The Road Ahead
The internet remains a powerful tool for good, but we must recognise that its potential for harm grows alongside its benefits. Cyber attackers are not going away; they are evolving, driven by a business model that thrives on opportunity and innovation.
As we celebrate Safer Internet Day, let it be a moment of reflection and action. By understanding the business model of cybercrime and taking steps to protect ourselves and others, we can help ensure that the internet remains a space for connection and progress—not exploitation and harm.
Together, we can build a digital future that is not only more connected but also more secure.
Cyber Threat Intelligence Manager | CyAN APAC Director | CISM, CEH, CRISC, ATT&CK® SOC & CTI
Read the original post on LinkedIn: Safer Internet Day: The Business Model of Cyber Attacks in the Digital Era
Connect with Saba Bagheri, PhD on LinkedIn: Saba Bagheri, PhD
by Shantanu Bhattacharya Posted on February 20, 2025 | Originally published on RSAC Conference 🔗 Read the original article on RSAC Conference In today’s digital-first business landscape, Chief Experience Officers (CXO) are frequently on the move, driving business growth outside the organization’s secure network perimeter. …