Experts: Cybercrime threats 'persistent'

• Tweet

LONDON, Oct. 13 (UPI) -- Businesses need to become more aware of the "persistent and dynamic" threats posed by cybercrime, security experts at a London conference said this week.

Because of a new level of "persistent, dynamic, intelligent threats" against commercial databases, companies need to wake up to the reality that cybercrime will touch each one of them, officials of U.S. information technology software maker EMC Corp. said Tuesday at the RSA Conference Europe.

Chairman Art Coviello and President Tom Heiser of EMC's security division RSA, which has headquarters in Massachusetts, told the conference a better understanding of the true risk faced by businesses seeking to safeguard their "big data" needed to be established.

They warned it's no longer a question of "if" an organization will be compromised, but a question of "when," the Boston Business Journal reported.

"Intelligence about your potential attackers and most valuable assets shows you where to focus your efforts, such as what systems to protect and what users to closely monitor," the pair said.

The EMC executives were among information security professionals and business leaders from across Europe who attended 12th annual RSA Conference Europe, which concentrates on emerging threats to IT security.

Also among the speakers was Stefano Grassi, vice president of security and safety for Poste Italiane and chairman of the European Electronic Crime Task Force, a pan-European group based in Rome charged with preventing identity theft, computer hacking and other computer-based crime.

The U.S. Secret Service is part of Grassi's task force, which this year carried out an extensive survey of emerging cyberthreats and also concluded potential victims -- as well as law enforcement -- aren't aware of the pervasiveness of the threat.

Chief among the key factors it found was "a marked discrepancy between the actual situation and the perception of cyberfraud by those parties that fall victim to it or fight against it."

The threats change extremely quickly, frustrating crime fighters' attempts to develop and digest sufficient expertise quickly enough. Businesses as well as individual computer users "often do not have a complete perception of the risks which they are subject to."

The task force warned malicious software is increasing in its efficacy, becoming more versatile and acquiring a greater ability to mimic and be disseminated, while attacks run the gamut from exploitation of simple user errors to "sophisticated examples of social engineering."

But, Grassi also found, increasing collaboration between law enforcement agencies and private security experts has resulted in some success, forcing cybercriminals to change tactics.

"As a rule," he said, "the number of cyberfraud attacks is rising sharply, but the average profit per attack is dropping, at least for certain types of fraud," thanks to user awareness and "effective countermeasures against the most common attacks."

Because fraudsters are getting less "bang for buck," they are compensating by stepping up the intensity of the attacks to retain their profit margins.

Poste Italiane has been one of the most active players in Europe's anti cybercrime efforts, backing not only the European Electronic Crime Task Force but also the Global Cyber Security Center in Rome, a public-private partnership that performs research and training in Internet security.

Massimo Sarmi, the Italian post office's chief executive, said the task force's findings opened his eyes to the "phenomenon" of current threat.