The High ROI of Cyberweapons: Five Factors Driving the Rise in Threats

When you look at the payoff calculus of cyberweapons, it is no surprise that business is booming. Compared with conventional weapons, cyberweapons have a low barrier to entry and a low-risk, low-cost, high-reward payoff calculus that is attractive to malicious actors.

What’s Driving Up the ROI of Cyberweapons?

The high return on investment (ROI) of cyberweapons is contributing to a rise in threats across the technology landscape. Here is a look at five major factors behind this influx.

1. Low Barrier to Entry

Unlike conventional weapons, cyberweapons can be acquired with very little monetary or organizational resources. While nuclear weapons, for example, are only the in purview of nation-states, cyberweapons can be leveraged by small groups and individuals. For example, a British teenager hacked CIA Director John Brennan’s email account with nothing more than an internet connection and social engineering. The availability of these tools dramatically expands the set of actors who can access and leverage cyber weapons.

2. Low Risk, Low Cost, High Reward

Because of the attribution dilemma in cyberspace, cybercriminals face a low risk of getting caught. And because there is a low risk of getting caught, as well as very little overhead executing an attack from a keyboard, the payout is virtually all profit. The ROI is hard to beat when compared with any conventional weapon or tactic.

3. An Asymmetrical Weapon

In addition, because of the potential damage that can be done with very few resources, cyberweapons are asymmetrical tools that act as force multipliers for actors large and small, state and nonstate, rich and poor. For smaller actors, cyber weapons level the playing field with larger actors.

4. The Rapidly Maturing Cybercrime Market

Contrary to the theory that there is no honor among thieves, cybercriminals have established a very stable and mature market for selling not only the products of cybercrime such as personally identifiable information, health records and credit cards, but also state-level tools, cyber weapons and hacking services — putting cyber weapons in the hands of anyone with enough motivation.

5. More Devices, More Opportunity

Gartner estimated that there will be 20.4 billion devices connected to the internet by 2020. Every insecure device that connects to the internet is another potential attack vector that can be exploited by a malicious actor. And the rise of the Internet of Things (IoT) is an explosion of opportunity for cybercriminals and malicious cyber actors.

Changing the Payoff Calculus

The best defense we have against malicious actors in cyberspace is to change the payoff calculus by fortifying our networks to increase the costs to mount an attack, reduce the probability of success and minimize the ROI of cyber weapons.

Don’t make it easy for cybercriminals to cash in on your valuable data. Pull the trigger on a robust security strategy to ensure that your organization is prepared for whatever advanced threats come its way in 2018.

Read the white paper: The Evolving Face of Cyberthreats

Jan Dyment

i2 Threat Hunting Product Marketing Manager at IBM Security

Jan’s passion is a fusion of her education in international relations and her career in the cybersecurity industry...