Cybercrime, an industry that knows no crisis

Pierluigi Paganini December 03, 2011


During this days I had the opportunity to read the results of a couple of surveys:

The PricewaterhouseCoopers (PwC). Its Global Economic Crime Survey has demonstrated that Cybercrime has double digit growth being today third biggest crime threat in UK businesses behind asset theft crimes, frauds and corruption

Norton Cybercrime Report: The Human Impact, an groundbreaking study that exposes the alarming extent of cybercrime and the feelings of powerlessness and lack of justice felt by its victims worldwide.

The trend is the same all over the word, cyber crime industry has collected a lot of successes during the last five years.

Another important factor is that cybercrime’s financial and geographic growth shows no slowdown during the global economic crisis indeed, it probably took advantage of the crisis factor, to undermine the business much more profitable. Lack of awareness of the threat, and contraction of investment in prevention and awareness have played in favor of cyber crime. No company or organization is immune.

Cybercrime Growth has been fueled by an evident lack of adequate protection.

According a recent Norton cybercrime report costing fraud victims more than $388 billion worldwide over the past year, consider that up 35% of the global cybercrime bill were U.S. fraud victims, who spent $139 billion on cybercrime last year. An amounts of 141 victims per minute, an alarming statistic even for Norton’s consumer cybercrime expert, Helen Malani.

Reading the PWC survey document It is to understand that there are several significant problems in assessing cybercrime risks, mainly the difficult to address to right definition for the crime. Same event are classified under different categories that require different approach but in effect they are referring the same problem like industrial espionage  or asset theft.

During the assessment of the cost usually managers and corporates limit to proven losses through fraud, or include remedial costs or extend that to reputational damage, but has not defined a standardized metrics to evaluate them.

It is now essential for senior management to truly understand the risks and opportunities of the cyber world giving a strong commitment to fight the battle against an enemy that is increasing its energy.

Must be analyzed also the indirect cost like image dameges related to an incident that seriously damage brands or tarnish a reputation, leading organizations to lose market share. “Trust Level” and the company reputation must be considered like strategic asset and their damage can be critical like is happened for the Diginotar case.

Let me highlight main data published in the final report of the PWC survey:

  • Cybercrime now ranks as one of the top four economic crimes.
  • Reputational damage is the biggest fear for 40% of respondents.
  • 60% said their organization doesn’t keep an eye on social media sites.
  • 2 in 5 respondents had not received any cyber security training.
  • A quarter of respondents said there is no regular formal review of cybercrime threats by the CEO and the Board.
  • The majority of respondents do not have, or are not aware of having, a cyber crisis response plan in place.     

and also:

  • 34% of respondents experienced economic crime in thelast 12 months (up from 30% reported in 2009).
  • Almost 1 in 10 who reported fraud suffered losses of more than US$5 million.
  • Senior executives made up almost half of the respondents who didn’t know if their organization had suffered a fraud.
  • 56% of respondents said the most serious fraud was an ‘inside job’.
  • Suspicious transaction monitoring has emerged as the most effective fraud detection method (up from 5% in 2009 to 18% in 2011).
  • Organizations that have performed fraud risk assessments have detected and reported more frauds

Which is the more worrying threat related cyber crime?

No doubt, one of the biggest threats is related  crimes against mobile devices, natural consequence of large diffusion of smartphones and tablets to Internet connections. Official sources 80% of people accessing their mobile devices improperly protected, this provides fertile ground for cybercrime activity.

Businesses on line based for example allow users to access their services via mobile devices, this is especially disconcerting. But what happen if there aren’t procedure that effectively detect when fraudulent devices are logging onto their sites and requesting transactions? Organizations and their customers are vulnerable to evolving schemes such as credit card fraud , account takeover, card-not-present (CNP) fraud, phishing and identity theft.

Similar to legitimate economy, this growth has impacted the illegal underground marketplace that has demonstrated to be driven by innovation and opportunities. For cyber crooks, it’s all about exploiting the latest technology before the security gaps are identified and closed.

It is necessary to implement fraud preventative strategy that includes device reputation technology critical to identifying anomalous behavior that indicates fraud possibility.

How to protect our business?

  1. Know who you are dealing with –staff, suppliers, partners and agents.
  2. Align IT, Internal Audit and the Board in the fight against economic crime.
  3. Conduct regular fraud risk assessments.
  4. Leadership by a Cyber-Savvy CEO, who commit a cyber risk-aware culture.
  5. Implement a cyber crisis response plan.

The numbers show a growth difficult to stop, a relentless progression that requires us to implement, in both Government and private sectors, a series of measures to contain the threat.

First step is to become aware of the threat and risks … second step, action!

Pierluigi Paganini



you might also like

leave a comment