The nature of security threats has changed over the past few years, with amateur hackers and script kiddies giving way to professionals backed by significant skills and resources. According to Stu Sjouwerman, founder and CEO of security training company KnowBe4 and author ofCyberheist (KnowBe4, 2011), the trend toward more professional cybercriminals won’t be changing anytime soon.
“Some of these cybercriminals are extremely well-funded and they have their own labs filled with test machines, each running the latest version of most antivirus products. They’ll find and exploit zero-day vulnerabilities in software like Adobe Reader, then send phishing test emails through all of this AV software,” says Sjouwerman, who was also one of the founders of security vendor Sunbelt Software. “They’ll find [a phishing email] that works, set up an email server, and send a few million phishing emails to a database of email addresses, then shut the server down within a day.”