In the shadowy world of security threats and bad actors, cyber extortion is a growing trend. Cybercriminals are taking advantage of the vulnerability of intellectual property, threatening to release potentially embarrassing information and encrypting data to render it useless to the rightful owners, among other sinister practices.

Unlike the risks associated with more traditional cybertheft, such as the loss of customer account data, the risks and costs related to extortion can be indirect and difficult to assess. The conventional thief looks for information, such as credit card numbers, that can be easily converted to money. This data has a direct market value — at least on the black market.

The cyber extortionist, however, takes advantage of information that is valuable to its rightful owner by rendering the data unusable and holding it for ransom or threatening to release it publicly.

Risk Assessment Is Crucial

According to TechTarget, risk assessment is crucial, especially considering the range of possible targets for cyber extortion and the varied forms it can take. Some data may pose multiple vulnerabilities. It’s important to know the protective measures and prospective costs associated with each one.

An email exchange between key employees, for example, might contain ideas and strategies that, if released publicly, would benefit business rivals. The exchange may also contain candid remarks that would be embarrassing if made public. This could persuade an enterprise to pay an extortionist not to release them.

On the other hand, covert encryption of an email thread could deny employees the ability to review and build upon their own work. Encryption could also potentially trigger a compliance violation if the organization loses its access to data it is responsible for preserving and providing on demand.

Protecting Against Cyber Extortion

In short, cyber extortion can put a single data repository at risk in multiple ways, each involving distinct technologies — both on the threat vector side and the protection side. The protective measures against cyber extortion threats can be as varied as the threats themselves.

Protective encryption of data can safeguard against it being exposed by cybercriminals. However, this does not protect against further unauthorized encryption that could render the data inaccessible. Prompt backup of generated data can protect the data from tampering, such as covert encryption, but does not keep attackers from releasing data taken from stolen originals.

As the TechTarget article put it, “risk is the ballast that ensures proper protection levels and mechanisms are in place” to protect enterprises against the full range of possible cyber extortion threats.

The CISO’s Responsibility

The CISO is at the center of the risk assessment and weighting process that determines what data repositories are at risk of what types of attacks, the magnitude of these risks and the optimum protective measures against each.

All enterprise leaders, however, must understand the challenges posed by cyber extortion and the need for a risk-based response.

More from CISO

How to Solve the People Problem in Cybersecurity

You may think this article is going to discuss how users are one of the biggest challenges to cybersecurity. After all, employees are known to click on unverified links, download malicious files and neglect to change their passwords. And then there are those who use their personal devices for business purposes and put the network at risk. Yes, all those people can cause issues for cybersecurity. But the people who are usually blamed for cybersecurity issues wouldn’t have such an…

The Cyber Battle: Why We Need More Women to Win it

It is a well-known fact that the cybersecurity industry lacks people and is in need of more skilled cyber professionals every day. In 2022, the industry was short of more than 3 million people. This is in the context of workforce growth by almost half a million in 2021 year over year per recent research. Stemming from the lack of professionals, diversity — or as the UN says, “leaving nobody behind” — becomes difficult to realize. In 2021, women made…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…

Detecting the Undetected: The Risk to Your Info

IBM’s Advanced Threat Detection and Response Team (ATDR) has seen an increase in the malware family known as information stealers in the wild over the past year. Info stealers are malware with the capability of scanning for and exfiltrating data and credentials from your device. When executed, they begin scanning for and copying various directories that usually contain some sort of sensitive information or credentials including web and login data from Chrome, Firefox, and Microsoft Edge. In other instances, they…