Whoever said crime doesn't pay never bothered to run the numbers.
Cybercriminals can bank an estimated $84,000 a month on a $5,900 investment, representing a 1,425 percent return, according to a report out this week by security firm Trustwave.
According to an analysis of data across 15 countries, nearly half of all the incidents studied occurred in the United States, meaning U.S. consumers and business are typically the ones suffering the financial consequences of digital security breaches.
Hackers of the Silver Screen: Photos
Estimates vary on how much cybercrime currently costs, with studies suggesting security breaches account for between over $400 billion to around $1 trillion annually. Globally, cybercrime will cost businesses in excess of $2 trillion every year by 2019, U.K.-based Juniper Research estimated last month.
Given these staggering numbers that reflect the massive scale of theft, how exactly are hackers enlarging their own bank accounts while diminishing those of an untold number of online users?
The majority of hackers target online retail outlets, which account for 43 percent of incidents in the Trustwave report. Other industries coping with cybersecurity breaches include food and beverage, hospitality, and finance companies.
The method by hackers compromised a system to steal information typically depends on the industry. In the case of food and beverage websites, for example, 95 percent of security incidents occurred in point-of-sale (POS) environments, in other words systems used for customer checkout. This common point of entry among security incidents is the result of a reliance of remote access connections to complete a transaction.
Video: Hackers and Your Data
E-commerce and POS systems draw the overwhelming majority of cybercriminal activity across industries, with 82 percent of compromises occurring in these environments. The other 18 percent is the result of incidents targeting corporate or internal networks.
Once cybercriminals have debit or credit card information, they make their money in a variety of ways. They could use the financial information themselves to make wire transfers to their own bank accounts. Demand by payment card fraudsters also fuels an entire online industry dedicated buying and selling stolen info, which presents another opportunity to cash in. Criminals may also buy goods online, enter fraudulent payment credentials, and then resell the goods for profit.
Hackers Playbook: Common Tactics
Once criminals have a user's financial information, they can usually take their time deciding what to do with that. In fact, perhaps most alarming of Trustwave's findings is that in 81 percent of cases, victims did not detect the breach themselves, and in fact were left unaware for a median length of 86 days.
Users can take steps to predict themselves. Stronger passwords are a good first step. "Password1″ is still the most popular choice among users, and any sequence of characters that a hacker can easily guess is not going to be very secure.
The longer, more complex a password, the better. As Trustwave notes, an eight-character password can be cracked in a day, but it's 10-character equivalent could take nearly 600 days to unlock.
Keeping software up to date is also essential in order to patch any possible security weaknesses. Ninety-five percent of apps have at least one potential vulnerability that hackers can exploit.
Finally, never open a link in an email from a suspicious sender. These have the potential to redirect users to harmful websites that can install malware onto machines.
Users also should be aware of the communications policies of their financial institutions in order to spot potential phishing schemes that aim to trick users into providing confidential information to an entity that appears to be a trusted service.