As enterprise security leaders plan out their IT risk management strategies, it is absolutely crucial that they understand the business motives behind cybercrime. Criminal profits drive the vast majority of security incidents today and the cybercrime marketplace has coalesced to the point where most organized cyber criminals have a sophisticated value chain supporting the delivery of numerous thieving lines of business. It's gotten such that the most damaging cyber crooks think more like CEOS and consultants than techies. The better that enterprises can understand their adversaries' mindset, the more effective they'll be at reducing risk, explains a new report by Hewlett Packard Enterprise. 

"To truly disrupt the business of hacking is to increase the cost of the attacker’s business, erode their profits, and increase the time it takes to successfully execute an attack and sale," explained the report, which took a thorough look at the gears turning the cyber underground.

The paper took a deep dive into 10 different types of businesses supported by this mature marketplace -- including old reliable kinds like ad fraud, extortion, or credential harvesting -- and analyzed them based on profit variables. It also explained a lot of the guiding principles, culture, and market conditions that drive cybercrime today. The nut of it is that cybercrime looks more like an enterprise than many people might think.

For example, authors highlighted the fact that some cybercriminals even operate under banker's hours, running on a 9 a.m. to 4 p.m., Monday through Friday basis, with Monday the busiest day of the week as the bad guys catch up from the weekend.

Among some of the highlights, there are three big ways that the cyber underground has evolved, an understanding of which could potentially help CISOs and other security leaders.

The Value Chain Is Intricate        

The business of cybercrime is highly segmented and specialized, with a value chain that contributes to the "end product" of theft and fraud. This includes subcomponents that fit within categories like human development -- including recruitment and education -- as well as operations, technical development, and marketing and sales.

Each Line Of Business Follows A Maturity Curve

The different types of fraud and theft follow an industry growth maturity curve, much a line of business or product line would within a legitimate business.  

"The progression of credit card fraud provides a good example of this maturity curve. While there is still big money to be made in credit card fraud, the market is flooded and the business is in the declining phase," the report explains. "The introduction of EMV chip and pin cards in the United States will make it harder for attackers to make money on 'card-present' transaction fraud. Even slowing them down a little will negatively affect their profits and we should do it more often. The maturity curve restarts when new technologies are introduced, such as mobile payments. This full curve can mature much faster in cyber businesses than in traditional business."

Their SWOT Analysis Probably Looks Like Yours

Most savvy cybercriminals will weigh their costs and risks carefully against the potential payout for whatever line of business they operate within. More than likely, their strengths, weaknesses, opportunities, and threats (SWOT) analysis looks a lot like the typical legitimate business's. Coming from the lawful side of this, enterprises also need to understand this SWOT grid to be able to diminish the strengths and opportunities while playing up the weaknesses and threats of these adversaries.

"By knowing our competitors’ business goals, strengths, and weaknesses we can arrive at ways to reduce their competitive advantage," the report explains. "If attackers want to increase their profits, it is our job as their competitor to reduce their profits."