Why the Cybercrime Industrial Complex Is Targeting Small to Medium-Sized Businesses

February 8, 2023

Brian Scott

Brian Scott, president and founder of ClearTone Consulting, provides executive technology consulting services based on 35 years of technology expertise and 20 years of CIO/CISO experience within the exhibitions and events industry. Brian provides expert technology consultation in the areas of technology strategy, software development, systems integration, data warehousing and analytics, cyber security, data center operations, cloud computing, and end user support. He works with his customers to overcome technology challenges, leverage tech to drive growth and revenue, secure valuable digital assets, and execute projects to meet the organizational objectives.

Everywhere we look, from every cybersecurity firm that is monitoring the situation, the data indicate an ever-increasing level of cybercrime activity. Cybercrime is the ultimate Energizer Bunnyit just keeps going and going with increasing volume. These are data-driving insights. It is not media hype created simply to drive the cybersecurity industry, but rather hard facts seen from all angles and through all lenses and corroborated by both corporate, nonprofit and government measurements. 

Have you stopped to ask why this increase continues and maybe more importantly, why cybercriminals are targeting small and medium-sized businesses, such as associations and nonprofit organizations? Hopefully, this article can shed some light on that subject.

Let’s start with a brief review of the stages of development for an industry. Researchers have identified four common stages for industry development: introduction, growth, maturity and decline. What many non-techies don’t realize is that cybercrime is a trillion-dollar (yes, that’s trillion with a “t”) global industry, when you include online black markets, and unfortunately, it’s just hitting the growth phase. Believe it or not, we’re still in the relatively early stages of a massive global economic issue.

Introduction Phase

In the introduction phase, innovators create new business opportunities, products and services. The market is undefined and there is usually a fair amount of confusion and uncertainty as to where the market will ultimately lead. I would categorize the introduction of cybercrime in the mid-1990s and all the way through the early 2010s as this Introductory phase. Cybercriminals were typically lone wolf techies, and the mechanisms to attack organizations were less developed. Nation states actively developed talent during this phase, but most corporate risk was driven from single or unorganized groups of bad actors.

Growth Stage

The growth stage is defined as a time when the market has developed an understanding of the value of the new offering and demand grows rapidly. A handful of important players usually become apparent, and they compete to establish a share of the new market. This is the phase where business processes are improved and can be generally thought of as the industrialization of a marketplace. This is the phase cybercrime is in today. 

There are two key tenets driving the current cybercrime expansion: Profits are easily found in the path of least resistance, and scaling activity is the best path to higher revenue as well as safer criminal operations. Let’s examine how the ransomware sector of this market is scaling its practice.

Whereas it was true in the earlier Innovation stage that bad actors or hackers were often solo individuals, the reality today is that ransomware has matured into an industrial complex that looks identical to most supply chain markets. There are three primary constituents that make up this marketplace, each with their own defined role. These roles are that of the  ransomware-as-a-service (RaaS) operator, the service affiliate and the access broker.

Ransomware-as-a-Service Operator

In today’s cybercrime economy, the RaaS operator is the technical expert of ransomware. They are the programmers that develop, test and productize ransomware code, as well as all of the supporting systems and infrastructure to deliver their malware and support the business operations of a ransomware attack. They build the actual malware product, develop and support leak sites that allow the demonstration of proof of a data exfiltration, manage payment processing from victims and also act as communications intermediaries between the victims and the service affiliates.

Service Affiliates

The service affiliates are the users of the RaaS platform. They are typically not as technically advanced, but this is not needed. Their willingness to leverage the tools and processes developed by the RaaS operator allows them to be highly effective hackers and of course, make money with less investment in knowledge and skills. These are the actual folks getting into networks, exfiltrating data and delivering ransomware payloads. This group also provides some layer of obfuscation to the RaaS operators.

Access Brokers

Lastly, how do these service affiliates gain access to an organization’s network? That’s where the third leg of this stool comes in: the access broker. The access brokers are also highly skilled individuals that spend their time developing social engineering campaigns and exploiting known vulnerabilities to gain access to improperly protected networks. Once breached, the broker has then created a new inventory item that can be sold to the highest bidder in the affiliate marketplace. Types of access, types of companies, levels of permissions and the level of infrastructure security protections are all parameters that affect the market pricing for any specific access opportunity.

The investment costs are much lower for affiliates if they simply purchase access and subscribe to a RaaS system. With this lower barrier to entry into the cybercrime economy, there is a flood of service affiliates cashing in on the effective ransomware craze. And as with any economy, as there are more buyers for services, then there are more RaaS operators and access brokers springing up to support the demand.

The Risk for Small and Medium-Sized Businesses

Now for the last piece of the puzzle: Why is the trend for cyber criminals to hit more small and medium-sized businesses continuing? That’s a fairly easy trend to explain as it deals with a basic tendency of human nature: taking the path of least resistance.  

If you can make a large amount of money but only after a very long and significant effort, many will choose to make smaller amounts of money by only exerting a relatively small amount of energy. This is becoming even more common as a larger number of less skilled service affiliates enter the hacker marketplace. They don’t have the skills or patience to try to “win the hacking lottery.” A solid living can be gained by picking off an increased number of smaller organizations. Foregoing a $100K ransom paid from a single compromise but getting $10K paid by 10 unique compromises results in the same financial reward.

Additionally, now that large corporations have had years of heavy investing into cybersecurity protections, these larger targets have become much harder to penetrate. Small and medium-sized businesses have yet to make those investmentsor have been unable to do soand typically are far more vulnerable to malicious attacks. It’s easy picking for the affiliates.  

So, take heed, association market! The wave is already here, and it’s only going to get worse over the next several years. If you don’t know exactly what your organization’s cyber risks are and if you’re not actively following the trend of your improvement efforts, it’s time to take it seriously and up your game.


Don’t miss any event-related news: Sign up for our weekly e-newsletter HERE, listen to our latest podcast HERE and engage with us on Twitter, Facebook, LinkedIn and Instagram!

Add new comment

Partner Voices
Less than six months ago, Lisa Messina joined the Las Vegas Convention and Visitors Authority (LVCVA) as the first-ever chief sales officer after leading the sales team at Caesars Entertainment. A 12-year Las Vegas resident, Messina is a graduate of Cornell University’s School of Hotel Administration and serves on MPI International’s board of directors. TSNN had a chance to catch up with this dynamic leader and talk to her about her vision for the new role, current shifts in the trade show industry, creating more diversity and equity within the organization, and advice to future female leaders. Lisa Messina, Chief Sales Officer, LVCVA With Las Vegas becoming The Greatest Arena on EarthTM, what are some of the things you’re most excited about in your role? Our team was at The Big Game’s handoff ceremony earlier this month, and I couldn’t help but think, “We’re going to crush it next year!”  These high-profile events and venues not only drive excitement, but also provide unmatched opportunities for event planners. Allegiant Stadium hosts events from 10 to 65,000 people and offers on-field experiences. Formula 1 Grand Prix will take place in Las Vegas in November, after the year-one F1 race, the four-story paddock building will be available for buyouts and will also offer daily ride-along experiences that will be available for groups. And, of course, the MSG Sphere officially announced that it will open in September, ahead of schedule, with a U2 residency. It’s going to be the most technologically advanced venue as far as lighting, sound, feel, and even scent, and it will be available for buyouts and next-level sponsorships inside and outside. There’s no ceiling to what you can do when you’re doing events in Las Vegas.  Allegiant Stadium As the trade show and convention business returns to the pre-pandemic levels, what shifts are you noticing and how do you think they will impact the industry going forward? Our trade show organizers are very focused on driving customer experience. Most of our organizers are reporting stronger exhibitor numbers and increased numbers of new exhibitors, with trade shows proving to be almost or above 2019 levels. Now our organizers are really doubling down on driving attendance and focusing on the data to provide that individualized, customized experience to help attendees meet their goals and get the best value. Some companies continue to be cautiously optimistic with their organizational spend when it comes to sending attendees, but I think it will continue to improve. As the U.S. Travel Association makes more progress on the U.S. visa situation, we also expect a growing influx of international attendees. What are some innovative ways the LVCVA helps trade show and convention organizers deliver the most value for their events? We focus on customer experience in the same way that trade show organizers are thinking about it. We got rave reviews with the West Hall Expansion of the Las Vegas Convention Center (LVCC), so over the next two years, we will be renovating the North and the Central halls, which will include not just the same look and feel, but also the digital experiences that can be leveraged for branding and sponsorship opportunities.  Vegas Loop, the underground transportation system designed by The Boring Company, is also a way we have enhanced the customer experience. Vegas Loop at the LVCC has transported more than 900,000 convention attendees across the campus since its 2021 launch. Last summer, Resorts World and The Boring Company opened the first resort stop at the Resorts World Las Vegas , with plans to expand throughout the resort corridor, including downtown Las Vegas, Allegiant Stadium and Harry Reid International Airport. The LVCVA also purchased the Las Vegas Monorail in 2020, the 3.9-mile-long elevated transportation system that connects eight resorts directly to the convention center campus. This is the only rail system in the world that integrates fares directly into show badges and registration. For trade show organizers, these transportation options mean saving time, money and effort when it comes to moving groups from the hotels to LVCC and around the city. Also, the more we can focus on building the infrastructure around the convention center, the more it supports the customer experience and ultimately supports our trade show organizers. Scheduled to debut in Q4, Fontainebleau Las Vegas will offer 3,700 hotel rooms and 550,000 square feet of meeting and convention space next to LVCC.  What are some of the plans for advancing DEI (diversity, equity and inclusion) within your organization? We’re currently partnering with instead of working with a leading consulting firm, to lay the foundation and create a solid DEI plan and be the leader when it comes to DEI initiatives. The heart of that journey with the consulting firm is also talking to our customers about their strategic approaches to DEI and driving innovation in this space.  What are your favorite ways to recharge? My husband and I have an RV and we’re outdoorsy people. So, while we have over 150,000 world-class hotel rooms and renowned restaurants right outside our doorstep, one of my favorite things to do is get out to Red Rock Canyon, the Valley of Fire, and Lake Mead. Five of the top national parks are within a three-hour drive from Las Vegas, so there’s a lot you can do. We love balancing the energy of Las Vegas with nature, and we’re noticing that a lot of attendees add activities off the Strip when they come here.  Valley of Fire What advice would you give to women following leadership paths in destination marketing? I think it’s about being laser-focused on what you want to accomplish; building a team around you that lifts you and helps you achieve your goals; and being humble and realizing that you do it as a group. No one gets this done alone. Thankfully, there are a lot of women in leadership in this organization, in our customers’ organizations, and in this city that we can be really proud of. We’re a formidable force that is making things happen.   This interview has been edited and condensed. This article is exclusively sponsored by the Las Vegas Convention & Visitors Authority. For more information, visit HERE.