Cyber criminals and online criminal gangs have two things in common: they are malicious actors and they have new business models. Today's cyber criminals are well organized and business savvy. They combine social engineering, viruses, trojans and spyware with sophisticated profit models, business plans and organization. There are several questions that we must try and understand in order to effectively manage risk for firms who increasingly have to protect an environment without a perimeter: What are the emerging cybercriminal business models and how easy are they to set up? Through which channels are cyber criminals generating revenues and who is receiving this money, eventually?
This paper will attempt to shed some light on these questions using qualitative and quantitative methodology exploring recent cases. This paper will also share how using a risk-based approach and user behavior analytics creates a methodology and repeatable process for business leaders to address these growing concerns. Importantly, risk increases and the ability to respond is compromised without clearer insight into the revenue generating schemes behind cyber-attacks.