Protecting your business against the cybercriminal enterprise

Steve Knibbs, Head of Vodafone Business Security Enhanced at Vodafone UK, explains how innovative cybercriminals are and how you should treat them as you would treat any business competitor in order to counter their threat.

  • Cybercrime is a growing and profitable industry

  • Damage from cybercrime is estimated to grow to over $10 trillion in 2025

  • Thinking of cybercriminals as a business competitor will shift your view on cybersecurity



Cybercrime is a fast growing and incredibly profitable industry, but it’s often overlooked how innovative cybercriminals are.

Research firm Cybersecurity Ventures estimates the cost of damages from cybercrime in 2023 is roughly $6 trillion. To put this in perspective, there are only two countries that have a higher national Gross Domestic Product (GDP) – the USA and China. To make things worse, Cybersecurity Ventures estimate this will grow to $10.5 trillion by 2025.

The reason people are generally attracted to cybercrime is simple. There is money to be made. Just like a legitimate business spotting a gap in the market, cybercriminals evolve to capitalise on an opportunity.

They have HR, technical support teams to help customers (other criminals), software developers, IT departments, web developers making sure that they stay undetected, product development and software testing teams. They may also be monitoring the news for the latest disclosed vulnerabilities in a company’s defences that can be used in the groups next attack campaign.

Cyber criminals have also seen how attractive digital transformation is, and their business model has evolved to offer malicious software for hire on the dark web. The ransomware world was the first to go in that direction, as groups started to follow the ‘Ransomware-as-a-service’ model.

Like other digital companies, this service offering could be as simple as leasing the software, or it could include a range of full-service wrap. One example offered today by these criminal groups offer is ‘Phishing-as-a-service’.

Businesses usually are set up to counter legitimate competitive threats that might appear in the commercial landscape. So why wouldn’t we take the same approach with cybercriminals?


Understanding the threat landscape

Vodafone Business Security Enhanced (VBSE) produces a monthly threat intelligence report to ensure customers understand how cybercriminal organisations are evolving. This business intelligence is incredibly common across other areas of business and would help adapt and transform operations in order to remain competitive.

Looking at the most recent report, there are some very interesting developments:

  • There has been a surge in mobile malware and phishing. Mobile security firm Zimperium suggests they found an average of 77,000 unique malware samples every month. More phishing attacks are moving to mobile as the devices are more frequently connected and harder to detect.

  • A new spyware mobile campaign is targeting users in Pakistan where fake applications (VPN app and nSure Chat app) are used to transmit data off the user’s device, as well as recording emails, text messages and phone calls.

  • The Anatsa banking trojan Is back. Frst discovered in 2021 targeting banking customers, it’s able to steal banking credentials through keyloggers and screen grabs. It disguises itself as PDF readers, QR code scanners, and two-factor authentication (2FA) apps on Google Play Store to siphon users’ credentials

These three examples show one trend. Cybercriminals are always looking to adapt their operations to capitalise on potential opportunities to make more money, which can often be linked to world events to further hide ill-intentions, praying on fears and insecurity.

The COVID-19 pandemic saw a huge rise in the number of malicious campaigns, with fake news stories being used to entice people to click links.

Reimaging a cyber criminal

The three examples from the report are interesting for different reasons.

Firstly, we have an example of adapting a technique to a new environment. Secondly, we have the emergence of new threats. Finally, we have the reintroduction of an old threat that has been enhanced.

Instead of thinking about these threats as threats, let’s imagine them as products.

Out of the research and development (R&D) department we have three new propositions. One is taking a successful product from one industry and adapting to another. One is entirely new product creation in a new market. The other is adding upgraded features and functionality to an old but popular product.

These businesses are evaluating the market, dedicating resource to create new propositions and solutions, before developing a Go To Market strategy, complemented by social media campaigns to drive end user interest.

The way cybercriminal’s function is not particularly dissimilar to the way normal businesses operate (if you ignore the illegality of course).


Evolving with the market through competitive intelligence

At VBSE, we provide advice dedicated to strengthening the cyber security position of organisations. We always start with two principles:

  • Nothing should ever be considered 100% cyber-secure

  • Cybersecurity is an ever-evolving practice

Some businesses might think that once you have developed a strategy, you can forget about it and re-evaluate the situation later, but that couldn’t be further from the truth.

Cyber criminals analyse the market and adapt. They’re probably already working out the best way to use a newly discovered vulnerability before it’s patched or beat the latest security enhancement before it’s even released.

Our Customer Account Security Manager (CASM) service offers bespoke solutions and advice to your organisation to meet your individual business needs – from governance, risk & compliance, through to best practice, account support and training.

Commercially, companies are constantly evolving their proposition to ensure they are competitive in the market. It’s an ongoing transformation project to ensure the commercial proposition is fit for purpose, measured against changes in the market and the way rival companies are evolving.

The same approach should be placed on cybersecurity. If you view a cybercriminal as a competitive threat with R&D resources, a Go To Market function and a marketing team, we believe companies would be a lot more proactive.

The first step is always understanding what you have in your estate, monitoring new devices that are connected to your network and ensuring all software is fully up to date. Paired with this, an understanding of the evolving landscape is critical, as a cybersecurity strategy should never stand still. A breach can cost millions, but also has a significant detrimental impact on a corporate reputation.

How financial institutions can adapt to the shifting world of cyber security

Learn how to protect your business from fraudsters with an infrastructure that’s secure by design

Cyber security challenges in healthcare and how to fix them

Discover the challenges that healthcare organisations face can how they can become genuinely cybersecure

Cyber Security for small businesses

Learn about how small businesses can protect themselves from the growing threat of cyber attacks

Get in touch