Cybersecurity is an endless battle. We have said this time and again. The year 2018 had a bumpy start with several high profile data breaches and cybersecurity threats ensuring that we are always on top of our toes.
In the midst of all this, there is the new found hullabaloo towards GDPR Compliance and the changing prime targets of cyber attackers. Yet a constant thing to worry is that the economic impact of cyber crime is not slowing down.
Most security enthusiasts and like minded people paying attention would notice that the cost of cyber crime has gone up along with the alarming rise in data breaches. But a new report by the CSIS (Center for Strategic and International Studies) and McAfee has managed to put a number to it.
Worldwide cyber crime costs an estimated $600 billion USD a year.
It's a significant increase from $500 billion USD in 2014. The new estimate amounts to 0.8 percent of global GDP, up from 0.7 percent in 2014.
Cyber crime leads in the risk-to-payoff ratio
The report makes a valid point i.e cyber crime is a low risk crime that provides high payoffs. A smart cybercriminal can make hundreds of thousands, even millions of dollars with almost no chance of arrest or jail. When you think of big cybercrimes, from Target to SWIFT to Equifax, none of the perpetrators have been prosecuted to date. Law enforcement agencies can be aggressive and skillful in pursuing cybercriminals, but many operate outside their reach. This is one reason why the cost of cybercrime continues to grow.
“Cybercrime is relentless, undiminished, and unlikely to stop. It is just too easy and too rewarding, and the chances of being caught and punished are perceived as being too low,” writes report author James Lewis, senior vice president at CSIS.
The report further believes that five trends can help explain the reason behind the increase in the cost of cyber crime. The first is state-sponsored bank robbery, followed by ransomware, Cybercrime-as-a-Service, an increased reliance on anonymization services (such as Tor and digital currencies), and, finally, the prevalence of the theft of personal information and the theft of intellectual property (IP).
Reasons for the rise in cyber crime
■ Quick adoption of new technologies by cybercriminals
■The increased number of new users online (these tend to be from low-income countries with weak cybersecurity)
■ The increased ease of committing cyber crime, with the growth of Cybercrime-as-a-Service
■ An expanding number of cyber crime “centers” that now include Brazil, India, North Korea, and Vietnam
■ A growing financial sophistication among top-tier cybercriminals that, among other things, makes monetization easier.
Monetization of stolen data, which has always been a problem for cybercriminals, seems to have become less difficult because of improvements in cybercrime black markets and the use of digital currencies.
Adoption of new technologies by cybercriminals
New technologies make businesses and consumers more efficient and effective, these include for cybercriminals too. The report suggests that cybercriminals are adopting new technologies at a fast pace. Tor anonymous browser and Bitcoin are believed to be the favorite tools of cybercriminals.
Malware writing is automated, with thousands of new pieces generated every day. TOR, a free software product that enables anonymous and untraceable internet activity, has become a preferred avenue for cybercriminals, who prefer operating in the “Dark Web.”
As internet activity has moved to mobile platforms, cybercrime has followed. Some cybercriminals even use artificial intelligence tools to find targets. Finally, Bitcoin and other digital currencies are both targets for theft and a means of payment and money transfers for cybercriminals.
Lewis further adds, "We expect further growth in cyber crime as hackers take advantage of poorly protected “internet of things” (IoT) devices that, while themselves not particularly valuable, provide new, easy approaches to steal personal information or gain access to valuable data or networks."
The report further estimates that computer and Internet users face 80 billion malicious scans each day. There are 33,000 phishing attacks and 4,000 ransomware daily, with about 780,000 records lost to hacking.
What can be done?
Though the report focused more on the cost of cyber crime yet based on it's research on cost analysis, it proposes the following steps to reduce cyber crime:
■ Uniform implementation of basic security measures (like regular updating and patching and open security architectures) and investment in defensive technologies—from device to cloud.
■ Need for increased international law enforcement cooperation.
■ Greater standardization (threat data) and coordination of cybersecurity requirements.
■ Tougher cybersecurity laws in several countries.
■ Imposing penalties on nations that harbor cybercriminals and fail to take action against cyber crime.