The term “cybercrime” includes a wide range of criminal acts directed at individuals or enterprises. The specific background to calling a criminal act a “cybercrime” is often explained by the use of IT and technology to enact the initial and/or subsequent steps up to completing the planned sequence of events. In many cases, cybercrime is accompanied or succeeded by more traditional forms of crime, such as extortion or plain theft.
Cybercrime exists throughout society and with varying degrees of sophistication. In line with the factors of motive, opportunity and effort, typical cybercrime patterns range from the opportunistic to advanced persistent threats (APTs). This should be taken into account when analyzing threats and risk, or when designing control systems and defenses.
The following subsections provide examples of how cybercrime targets vulnerabilities or gaps in enterprise defenses, including technical and human factors. It should be noted that, as technology evolves, so does cybercrime. Its primary characteristic is that criminal acts are prepared and enacted by intelligent adversaries with intent and the requisite background, including organized crime.