Against the backdrop of increasing attacks on the IT infrastructure, Richard Stiennon of Fortinet feels there is dearth of inhibitors to counter the escalating threats. With attackers becoming more innovative in development of lucrative business models, it is time that organizations beef up their security infrastructure

Given that cyber crimes are on an increase, how have attackers changed their modus operandi? Is cyber crime turning into a lucrative business? If yes, how?
Cyber criminals are expanding their horizons. On the technology front, they are researching and discovering zero-day vulnerabilities in Windows (iFrames, WMF) and deploying them for profit. Cyber crime is truly very lucrative. From the extortion attacks that garner tens of thousands of dollars to credit card thefts which can earn the thief $12 to $100 per stolen credit card, it is huge money.

Cyber criminals are changing their modus operandi to become much more entrepreneurial.

Richard Stiennon CMO, Fortinet

In the contemporary scenario, who are more vulnerable to attacks? Are smaller organizations also targeted? What about home users, government and other sectors?
Medium enterprises with important web assets such as an e-commerce site that contributes more than 20 percent of their revenue are the most vulnerable. However, the scope of attacks is escalating and even large enterprises should take a fresh look at their risk profiles. In summary therefore, small as well as larger organizations are vulnerable to attacks although the degree of vulnerability could vary.

What is the nature of attacks today? Which part of an organization is more vulnerable? Is it the entire IT infrastructure or network specific?
The entire IT infrastructure is vulnerable. The network only enables the hacker by providing the avenue of attack. Web applications are vulnerable to business process hacking. Credit agencies, export-import and financial transaction sites have all been hit by attackers who purchase limited access and then abuse the underlying business logic to steal more information than they paid for. Employees are vulnerable to social engineering attacks and bribery that could lead to stolen IP and personal data.