Cybercrime, an industry that knows no crisis

 

During this days I had the opportunity to read the results of a couple of surveys:

The PricewaterhouseCoopers (PwC). Its Global Economic Crime Survey has demonstrated that Cybercrime has double digit growth being today third biggest crime threat in UK businesses behind asset theft crimes, frauds and corruption

Norton Cybercrime Report: The Human Impact, an groundbreaking study that exposes the alarming extent of cybercrime and the feelings of powerlessness and lack of justice felt by its victims worldwide.

The trend is the same all over the word, cyber crime industry has collected a lot of successes during the last five years.

Another important factor is that cybercrime’s financial and geographic growth shows no slowdown during the global economic crisis indeed, it probably took advantage of the crisis factor, to undermine the business much more profitable. Lack of awareness of the threat, and contraction of investment in prevention and awareness have played in favor of cyber crime. No company or organization is immune.

Cybercrime Growth has been fueled by an evident lack of adequate protection.

According a recent Norton cybercrime report costing fraud victims more than $388 billion worldwide over the past year, consider that up 35% of the global cybercrime bill were U.S. fraud victims, who spent $139 billion on cybercrime last year. An amounts of 141 victims per minute, an alarming statistic even for Norton’s consumer cybercrime expert, Helen Malani.

Reading the PWC survey document It is to understand that there are several significant problems in assessing cybercrime risks, mainly the difficult to address to right definition for the crime. Same event are classified under different categories that require different approach but in effect they are referring the same problem like industrial espionage  or asset theft.

During the assessment of the cost usually managers and corporates limit to proven losses through fraud, or include remedial costs or extend that to reputational damage, but has not defined a standardized metrics to evaluate them.

It is now essential for senior management to truly understand the risks and opportunities of the cyber world giving a strong commitment to fight the battle against an enemy that is increasing its energy.

Must be analyzed also the indirect cost like image dameges related to an incident that seriously damage brands or tarnish a reputation, leading organizations to lose market share. “Trust Level” and the company reputation must be considered like strategic asset and their damage can be critical like is happened for the Diginotar case.

Let me highlight main data published in the final report of the PWC survey:

  • Cybercrime now ranks as one of the top four economic crimes.
  • Reputational damage is the biggest fear for 40% of respondents.
  • 60% said their organization doesn’t keep an eye on social media sites.
  • 2 in 5 respondents had not received any cyber security training.
  • A quarter of respondents said there is no regular formal review of cybercrime threats by the CEO and the Board.
  • The majority of respondents do not have, or are not aware of having, a cyber crisis response plan in place.     

and also:

  • 34% of respondents experienced economic crime in thelast 12 months (up from 30% reported in 2009).
  • Almost 1 in 10 who reported fraud suffered losses of more than US$5 million.
  • Senior executives made up almost half of the respondents who didn’t know if their organization had suffered a fraud.
  • 56% of respondents said the most serious fraud was an ‘inside job’.
  • Suspicious transaction monitoring has emerged as the most effective fraud detection method (up from 5% in 2009 to 18% in 2011).
  • Organizations that have performed fraud risk assessments have detected and reported more frauds

Which is the more worrying threat related cyber crime?

No doubt, one of the biggest threats is related  crimes against mobile devices, natural consequence of large diffusion of smartphones and tablets to Internet connections. Official sources 80% of people accessing their mobile devices improperly protected, this provides fertile ground for cybercrime activity.

Businesses on line based for example allow users to access their services via mobile devices, this is especially disconcerting. But what happen if there aren’t procedure that effectively detect when fraudulent devices are logging onto their sites and requesting transactions? Organizations and their customers are vulnerable to evolving schemes such as credit card fraud , account takeover, card-not-present (CNP) fraud, phishing and identity theft.

Similar to legitimate economy, this growth has impacted the illegal underground marketplace that has demonstrated to be driven by innovation and opportunities. For cyber crooks, it’s all about exploiting the latest technology before the security gaps are identified and closed.

It is necessary to implement fraud preventative strategy that includes device reputation technology critical to identifying anomalous behavior that indicates fraud possibility.

How to protect our business?

  1. Know who you are dealing with –staff, suppliers, partners and agents.
  2. Align IT, Internal Audit and the Board in the fight against economic crime.
  3. Conduct regular fraud risk assessments.
  4. Leadership by a Cyber-Savvy CEO, who commit a cyber risk-aware culture.
  5. Implement a cyber crisis response plan.
Conclusions:

The numbers show a growth difficult to stop, a relentless progression that requires us to implement, in both Government and private sectors, a series of measures to contain the threat.

First step is to become aware of the threat and risks … second step, action!

Pierluigi Paganini

References

http://www.pwc.com/en_GX/gx/economic-crime-survey/assets/GECS_GLOBAL_REPORT.pdf

http://us.norton.com/theme.jsp?themeid=cybercrime_report

http://www.odt.co.nz/news/technology/180572/cyber-crime-hits-431-million-adults-24-countries

http://blog.iovation.com/2011/10/11/cybercrime-growth-fueled-by-new-opportunities/

http://www.computerworlduk.com/news/outsourcing/3272871/pwc-fined-46m-over-satyam-fraud/?intcmp=in_article;related

 

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

7 hours ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

18 hours ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

22 hours ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

1 day ago

The DDR Advantage: Real-Time Data Defense

This is the advantage of Data Detection and Response (DDR) for organizations aiming to build…

1 day ago

Finnish police linked APT31 to the 2021 parliament attack

The Finnish Police attributed the attack against the parliament that occurred in March 2021 to…

2 days ago

This website uses cookies.