For anyone who followed cybersecurity news in 2014, it was a banner year for cybercrime. Major companies such as eBay, JPMorgan Chase, Home Depot, and Staples made headlines by falling victim to data breaches at the hands of cyber criminals. The incidents cost them hundreds of millions of dollars to repair the damage caused and more still to plug the security holes in their systems to prevent further hacks.
Although 2015 has yet to complete its first quarter, this year has already had its share of new data breaches. Hackers have broken into many US medical and healthcare companies, most notably Anthem, compromising up to 80 million personal records.
With an ever-rising number of reports of high-profile data breaches, has cybercrime become a growth industry?
Although cybercrime has been around for quite some time, cybercrime-as-a-service is a relatively new term to most of us. Organized criminal organizations increasingly look to cybercrime, as the returns are great and the risks are low, according to a McAfee report. IT security company Trend Micro says that as cybercrime becomes a more professional industry, many cybercriminal organizations now have offensive capabilities that rival nation-states.
Now that savvy cybercriminals are selling their expertise to others, the stakes have grown substantially. Cybersecurity firm Kaspersky Lab recently disclosed that a multinational gang of cybercriminals has stolen up to $1 billion from roughly 100 financial institutions around the world over the span of two years. The Center for Strategic and International Studies has estimated the annual cost of cybercrime as more than $445 billion, which is a far more conservative figure than the $1 trillion that was mentioned by US President Obama in 2009.
Whatever the actual cost of cybercrime might be, most of us can agree that cybercrime has reached the point where decisive action must be taken, and it must be consistent and coordinated. After all, cybercriminals are dispersed throughout the world and successfully collaborate in their efforts. Why shouldn’t law enforcement do the same?
Police forces all over the globe are finding themselves often playing catch-up when it comes to detecting, tracking, and gathering evidence of cybercrime and their perpetrators. Last year’s “State of policing” report issued in the UK said that police forces in that country are facing an uphill struggle, “policing the crimes of today with the methods of yesterday.” Law enforcement agencies such as the Federal Bureau of Investigation in the US and the UK’s National Crime Agency are stepping up their recruitment efforts, directly advertising opportunities in their cybercrime units to the public and appealing to a sense of adventure and desire for justice among the IT community. The International Criminal Police Organization (Interpol) is also setting up a new cybercrime centre in Singapore this year to support the global efforts by its member police forces.
Who is ultimately responsible for fighting cybercrime?
As important as the police are for maintaining public safety in all areas, including cyberspace, we would be remiss to overlook the role that we play as individuals. Hackers typically break into computer systems and networks due to human failures, not technical ones. Arun Vishwanath at the State University of New York at Buffalo points the finger directly back at us when it comes to determining where the greatest cybersecurity risk lies. He says that we are “unintentional insiders” when we fall for hackers’ tricks, whether it is through phishing, social engineering, or other means. A key idea that Vishwanath emphasizes in his piece is the concept of cyberhygiene, which relates to how we behave online. Ultimately, we, as computer users, are gatekeepers who can prevent cyberattacks from succeeding.
There are many ways that we can improve our cyberhygiene. Every October is known as National Cyber Security Awareness Month in the United States, and many other countries, including Canada, have similar initiatives during that month. However, we don’t need to wait until October for a timely refresher. One of the major campaigns used to encourage healthy online habits is deceptively simple: Stop. Think. Connect. By following these three simple steps, we can do our part in fighting what has become a global epidemic: rampant cybercrime.
All this being said, we should not feel as though the burden of preventing cybercrime rests solely on our own shoulders. Former police officer Marc Goodman, author of Future Crimes: Everyone is Connected, Everyone is Vulnerable and What We Can Do About It, has a different perspective. In his book, he says that the most effective response against cybercriminals will require government, the private and non-profit sectors, and citizen advocates to combine forces and work collaboratively.
Working to prevent future crimes and acts of terrorism (even those security threats not yet invented), Goodman delivered a sobering TEDTalks presentation about the dark side of technology and provided examples of how criminals and terrorists are taking advantage of technology to commit serious crimes.
While the news headlines seem to speak of darker days ahead due to continually escalating acts of cybercrime, there is still hope. All of us – that includes businesses, policy makers, law enforcement, and people like you and me – have our own part to play. Without a doubt, cybercriminals are becoming far more successful at their trade through better organization and coordinating their efforts more strategically than ever before. It only stands to reason that we, on the other side, should take a play out of their own book in order to contain this alarming trend.
What actions can we take to make an impact in the battle against cybercrime?