Cyber crime – also known as “cyber espionage,” “cyber terrorism,” and even “cyber warfare” – is a severe problem that can have numerous, significant impacts on countries worldwide. While America has been the focus of much recent cybercrime activity, with Sony being hacked and millions of citizens’ data leaked from the Office of Personnel Management in 2015, it would be remiss to say that this is only an American concern.
Cyber space criminals are targeting governments, corporations, and individuals alike across the globe. Criminal activity can be global in scale and affect those countries that are targeted adversely. Cyber crime’s most significant impacts include financial and economic hardship, loss of critical intellectual property and sensitive data, and loss of revenue from diminished international trade.
The cost of cyber crime is already up to 0.8 percent of global GDP, or $600 billion a year, and businesses need to take this more seriously. Compared to 2014, this indicates a 34% increase from $445 billion, an average annual growth rate of 11.3% over the three years leading up to June 2017.
According to McAfee and the Centre for Strategic and International Studies’ latest assessment on the economic cost of cyber crime, Europe suffers the most prominent economic impact of cyber crime, which is assessed at 0.84% of regional GDP, compared to 0.78% in North America (CSIS). The key factors driving this growth are the increased availability of cyber crime tools, new technology adoption by nefarious actors, and a growing number of cyber crime centres.
The Impacts on Economy
The Global Cost
The scope of criminal conduct on the internet has expanded far beyond cybercrime, with virtually every type of illegal action now taking place online. According to a senior British official, approximately half of all recorded crimes in the United Kingdom are cyber-related. To avoid including the total cost of all harmful internet activity, we developed a more specific definition that only includes the cost of criminals gaining illegal access to the computer or network of a targeted victim. The following factors of cyber crime cost have been found based on this definition:
- Damage to intellectual property and confidential company data.
- In online fraud and financial crimes, stolen personal information is frequently the cause.
- Financial swindling, such as obtaining confidential business information on potential mergers or early access to publicly traded firms' financial reports, is a form of financial manipulation.
- Reduction in trust for online activities and disruption in production or service. While ransomware is a major threat to businesses, it can also cause significant problems in terms of service interruptions.
- Paying for network security and cyber insurance as well as the expense of recovering from cyber attacks.
Cyber crime costs have ranged from tens of billions of dollars to a trillion or more. This is due to a lack of data and a variety of approaches. Economic history research lends itself well to predicting cyber crime’s costs because data is often partial and discontinuous. CSIS believes that the worldwide cost of cyber crime could be as high as $600 billion, which this modelling effort attempts to approximate.
Estimation Issues
There are several difficulties in making an accurate cost estimate for cybercrime. Some countries have different reporting rules for different industries that make it even more difficult for victims to come forward and for the government to collect data. According to that country’s figures, only 13% of cyber crime is reported in the UK.
To make matters worse, many organisations refuse to come forward when they have been the victims of cyber crime. It is still difficult to acquire accurate data at the national level, and national estimates are notoriously sloppy. Underreporting is the biggest problem in establishing an accurate estimate of the cost of cyber crime. Only a small percentage of losses are reported to prevent liability and reputational damage.
Another problem is that it’s difficult to gauge the actual cost of people avoiding online transactions out of fear of being a victim of cyber crime. Digital technologies’ allure is still too strong for people and businesses to give them up, but there are hints that this may be changing.
A final issue with our cost estimate is that it gives governments the total cost rather than the cost borne by individual enterprises or consumers. It fails to account for the unequal distribution of victims. For example, the average cost per company is $10 if a country has ten businesses and loses $100 per year to cyber crime. According to the genuine distribution, two companies lose $50, and the other eight companies lose nothing or very little. Losses are unevenly spread among organisations, and some companies may not even know they have been hacked.
Financial Cyber Crime
Banks continue to be a popular target for highly competent cyber criminals. This has been the case for more than a decade. Financial institutions bear a disproportionate share of the burden of combating online fraud and blatant theft. According to one study, banks spend three times as much on cyber security than non-financial firms, and bank authorities believe that cyber crime poses a “systematic” risk to financial stability.
The combination of huge funds, access to expertise, and protection from law enforcement makes nation-states the most severe source of cyber crime. The CSIS believes that Russia, North Korea, and Iran are the most active in hacking financial institutions. Chinese espionage is still the most active. The Iranian distributed denial-of-service (DDoS) attack on leading US institutions demonstrates that Iran’s purpose is to exert coercive influence.
This region is home to many of the world’s most prolific hackers, whether or not they are working for the governments there. These countries must adjust their ways, or cybercrime will continue to be a worldwide concern.
Ransomware
Ransomware is the fastest-growing type of cyber crime. Companies of all sizes, small and large, and individuals have fallen prey to ransomware. There are many reasons why cybercrime is expanding rapidly, even while the individual cost is relatively low, often under $200 in ransom. Even while many victims do not pay the ransom, there are enough who do to make this profitable. Ransom payments in the first quarter of 2016 totaled $209 million, compared to just $24 million in all of 2015.
What sparked this rapid expansion? In the early days of ransomware, victims received floppy CDs in the mail with surveys asking them to rate their risk of catching AIDS. They had to send $189 in cash to a Panama P.O. box after the disk’s software froze their PCs. Since then, it’s evolved considerably – the artisanal use of ransomware has given way to the bulk distribution of the virus. When ransomware campaigns were first launched in 2015, they were typically carried out by criminal organisations that created their programs. There were 70 new families of ransomware products made available in 2016 alone, doubling the number of new offerings from 2012 to 2015.
Ransomware worms, which spread via networks and lock-off more devices than the initial target, are becoming increasingly common. The WannaCry attack demonstrated how these worms operate, and more of these attacks are anticipated in the future. New ransomware assaults are predicted to be able to exfiltrate files and lock the user out simultaneously, taking the target files and encrypting the data.
Lastly, it is believed that ransomware will increasingly target mobile systems. Since Android ransomware kits are already beginning to appear on marketplaces as hackers attempt to take advantage of the vast amount of unprotected phones worldwide. Due to the lack of security measures for IoT devices, they are projected to be increasingly frequently targeted by bad actors, particularly for industrial IoT.
Cybercrime-as-a-service (CaaS)
In the last two decades, cyber crime has evolved from a hobby to a business. Cyber crime is a thriving industry that provides a wide range of services and equipment for criminals. The variety and volume of cyber crime products and services have never been wider. As a result of this, the cyber crime threat has both broadened and deepened at the same time.
A new wave of cyber crime actors emerges as new tools and platforms become more widely available to those without advanced technological expertise. To counterbalance this growing sophistication in the dark net ecosystem, seasoned criminals are free to focus on honing their craft, knowing that they will find collaborators to help them design new weapons of unimaginable intricacy.
The evolution of the cyber crime ecosystem has been driven by the emergence of new actors and increased scrutiny. Cyber criminals have fled to the dark web, where Tor and Bitcoin obscure their identities because of the prospect of law enforcement action. Some marketplaces have implemented escrow payment methods to ease high-risk transactions because trust is difficult in these communities. Some vendors have responded by offering support services and money-back guarantees on their items.
Even the marketplace has been divided, with specialised chat sites being used by criminals to protect themselves from authorities and other crooks. This hasn’t stopped the growth of a thriving cyber crime economy based on these forums, which now offer everything from product development to technical support, distribution, quality assurance, and help desk services.
Intellectual Property Theft
Theft of intellectual property and secret company information is the most expensive form of cyber crime. Cyber crime is a multi-billion dollar industry, and the scope of theft extends far beyond traditional government interests, such as military technology.
Look for rival items that take market share from legitimate owners as one way to estimate the cost of piracy of intellectual property rights. To hack a medium-sized business and steal intellectual property, such as product designs, can be deadly. Large corporations may experience a loss of revenue due to new competitors entering the market.
When cyber crime involves military technology, the loss of intellectual property can significantly impact national security. Often, the victim is unaware of these losses. They still retain access to the stolen intellectual property. Thus a drop in earnings could be attributed to increased competition rather than theft.
Identity Theft
In light of recent high-profile data breaches, it’s no surprise that many internet users are concerned about identity theft. However, Bureau of Justice Statistics (BJS) figures from 2012 and 2014 show that identity theft losses remain minor. The BJS survey indicated that 16.6 million people were victims of identity theft in 2012, which resulted in $25 billion in losses.
That works up to about $1500 per event, which is a painful but not crushing figure for most people. Out of every 100 customers, just 14% experienced financial hardship, with the majority of these customers only losing $99 or less.
So, what is it about identity theft that is so alarming? Damages from this type of property crime cost the United States $10 billion higher than losses from all other types of property crime. Secondly, two-thirds of victims had no understanding of how or when their accounts had been stolen. When someone’s identity is stolen, they feel powerless. We should be concerned about an invisible crime that impacts many people. Identity theft isn’t always cyber-related, but the banks and credit card firms are the true losers, as they suffer the brunt of the damages.
Business Email Compromise
Using stolen identities, fraudsters can send large-transfer orders in the name of a company’s CEO or chief financial officer. When the CEO couldn’t get a hold of the CFO, he sent an email to a lower-level employee who worked for the CFO requesting that the employee move $10 million to a supplier’s new bank account immediately. Following instructions, the “supply” account was bogus, and the money was rapidly transferred from it to minimize tracking.
Because of how widespread the practice has become, the FBI launched a public awareness effort to alert business leaders. Since 2015, more than $5 billion has been stolen through these attacks. More than 22,000 businesses worldwide have been affected by email intrusion. According to the FBI, Detecting and preventing email compromise is challenging for banks since a legitimate, authorised customer employee is submitting the transaction. Banks are offering risk education, but losses continue to rise. In addition, firms are reluctant to publicize successful instances, preferring instead to take the losses on themselves.
Solutions
The subsequent cyber attacks will likely blend organised crime and terrorism into a single threat. As the Internet of Things (IoT) makes everything connected, there’s an increased expectation that companies will protect everything they make. Whether to a multi-billion dollar corporation or small business, a breach means losing money, data, and the public’s trust. There are several solutions to the cyber crime epidemic, which include:
- Basic security measures, such as regular software updates, patches, and open security architectures, must be implemented consistently, and continued investment in defensive technologies, from mobile devices to the cloud, is essential. Cyber crime prevention doesn't necessitate the most advanced defences for more cases. Companies and consumers bear the brunt of this responsibility.
- International law enforcement agencies and the private sector must work together more closely to combat cyber crime. This necessitates more resources for investigations and the expansion of agency resources in developing countries.
- Existing procedures, such as the Mutual Legal Assistance Treaty, can be improved (MLAT). Governments can request the assistance of another to investigate cyber crime or gather evidence through the use of MLATs. In the pre-internet era, MLATs were ineffective and needed to be updated or replaced.
- For critical areas like finance, greater standardisation (threat data) and cooperation of cyber security standards will increase security.
- Cyber crime is more prevalent in countries with weak cyber crime legislation, which in turn causes issues for those countries' neighbours. However, despite Russia's and other countries' objections to the Budapest Convention, a formal convention against cyber crime, the Budapest Convention has made modest progress. According to Russia, the deal is too intrusive and may not be interested in limiting Russian criminal organisations. They claim that they were not involved in the negotiation process and cannot sign the treaty. There will be no progress in curbing cyber crime if new conventions aren't negotiated soon.
- Finally, the international community must pressure countries that have become havens for cyber crime to modify their ways and work with other countries' law enforcement agencies. As a result, failing governments face financial penalties or other consequences. Sanctions have been exhausted against Russia and North Korea, and new sentences must be developed, penalties both hard and reversible - to deal with these countries.
In conclusion, the cyber security space is now and will continue to be a target for both threats and investment. The need for security teams that can react quickly to new vulnerabilities, anticipate threats and protect against hacks will be more critical than ever. A global approach must be taken to prevent and effectively respond to cyber crime. Financial failure is never a pleasant experience, but how companies effectively manage (or mishandle) a financial crisis will determine their long-term brand reputation and their ability to rebound.
Firms will be expected to take greater liability for the financial risks they bring to their customers, and the conversation about cyber risk insurance is growing louder. The need for companies to demonstrate their resilience will grow as well. Resilience means that companies will be able to fight back after a cyber attack and quickly recover using their current resources. However, some businesses may have to go back and rebuild their systems altogether due to this.
