There’s no substitute for training employees to avoid opening obviously suspect email and attachments, and HP Enterprise (HPE) issued a report which disclosed “a continued rise in attackers’ success at infiltrating enterprise networks” and as a result “defenders must accelerate their approach to detection, protection, response, and recovery.”  The HPE report entitled “Security Research Cyber Risk Report 2016” included comments about the pros and cons of market participation that has led to monetization of malware:

The fundamental elements of trade are buyers and sellers, along with the actual exchange of goods and services.

As in any market, if the number of buyers increases, the number of sellers tends to increase as well. In the case where there are incentives for criminal activities, a black or underground market often appears.  

As long as there is someone willing to pay, there will be someone willing to sell.

Security researchers and threat actors seek out vulnerabilities to improve their opportunity for financial gain through the monetization of bugs.

Note this comment in the Report’s introduction:

Security practitioners from enterprises of all sizes must embrace the rapid transformation of IT and ready themselves for both a new wave of regulations and an increased complexity in attacks.

Here are the Themes for the HPE report:

Theme #1: The year of collateral damage

Theme #2: Overreaching regulations push research underground

Theme #3: Moving from point fixes to broad impact solutions

Theme #4: Political pressures attempt to decouple privacy and security efforts

Theme #5: The industry didn’t learn anything about patching in 2015

Theme #6: Attackers have shifted their efforts to directly attack applications

Theme #7: The monetization of malware

No surprises in the Report, but important reminders about improving cybersecurity defenses.