HUMAN Blog

Strengthen Your Cybersecurity Posture in an Economic Downturn

We’re sorry to say it, but the global economic outlook is shaky. Stock markets are declining globally, inflation is high, and many organizations are laying off staff. History has shown that criminal activity, and cybercriminal activity specifically, increases in times of recession. With the risk of difficult economic times ahead, protecting the source of your online revenue — your internet presence — from digital attacks is more important than ever.  

When the economy is tight, bad actors zero in on the places where money is flowing — and web applications and digital ad channels are high on the list. Not only are bad bots and other digital attacks a major security issue, they also have a large negative impact on brand reputation, operational costs, and marketing spend.

The Economics of Cybercrime

Like any business, cybercriminals have economic models (albeit perhaps more informal) that govern their attacks. Fraudsters know that it will cost them $X to execute an attack and that they’ll likely get $Y out of it — and in many cases, the economics are very much in their favor.

For example, a list of stolen credentials costs a few dollars on the dark web. Research estimates an 8% success rate (varies based on databases) if those credentials are used in a credential stuffing attack. Validated accounts can be sold for around $3 each. That’s quite a profit. And there are similar gains across multiple types of digital attacks.

Disrupt Cybercriminals' ROI

In hard economic times, cybercriminals rush to execute the lowest cost, biggest benefit digital attacks. Protecting against these threats requires a layered defense model that not only stops attacks in real-time, but also proactively prevents future attacks. That is where a modern defense strategy comes into play.

We define modern defense as the combination of global visibility, network effect and disruption, which work together to raise the cost for attackers and reduce the cost of collective defense. A modern defense strategy delivers positive ROI because it disrupts the economics of cybercrime, disincentivizing future attacks as it stops digital attacks in real time. 

Here are some examples of how HUMAN delivers on modern defense:

  • Scenario-optimized proof of work (PoW): PoW requires a users’ device to complete a computational task before adding an item to a shopping cart, verifying a card number, or completing a similar activity. It takes a lot of energy and CPU cycles to perform computations like this at a scale (for example, if your device is operating bots attempting thousands of logins per second), making it more expensive for cybercriminals to finish their attacks. 
  • Proactive credential monitoring: By automatically flagging and blocking logins using compromised credentials, businesses get an early warning signal and proactive protection against account takeover (ATO) attacks. This deters attackers from targeting your site because it makes compromised credentials unusable.
  • Continuous authentication: Fraudsters can use stolen valid credentials to gain unauthorized access to user accounts and commit fraud therein, such as changing the email, password, or shipping address associated with the account, disabling MFA, or capturing stored credit card numbers and other PII. By continuously evaluating user activity post-login, businesses can identify anomalous behavior and remediate breached accounts before damage is done.
  • Blocking only the bad stuff: Blocking malware-infected ads protects users from malvertising threats -- but it doesn't stop the threat itself from rearing its head again in the future. To enable long-term protection, businesses must disincentivize attackers in addition to blocking them. We do this by blocking only the malicious activity within ads while still allowing the ad impression to fire. This forces malvertisers to pay for the impression without their reward, flipping the economics of malvertising on its head.

Disrupting the economics of cybercrime presents strong disincentive for future attacks on your site. Cybercriminals won’t waste their resources when there are so many fish in the sea — i.e, sites on the web that are cheaper to attack and don’t have obstacles in place to deter perpetual attacks.

Read the whitepaper, How to Maximize Your Cybersecurity ROI, to learn how to protect your online revenue source and maintain profitability in a slow economy.