Keyboard Criminals: How Cybercrime Has Grown Up and Diversified
By Nadav Morag, Ph.D., University Dean of Security Studies
Cybercrime is a growing problem in the United States and globally. One estimate suggests that cybercrime may cost the United States as much as $100 billion per year. Globally, that estimate may range into the hundreds of billions of dollars annually.
In general, cybercrime – as opposed to cyber-espionage, which is directed against governments, or hacktivism, which is directed against either governments or corporations but carried out for political and social reasons rather than financial gain – can be broken down into two categories: crimes against businesses and crimes against individuals.
Cybercrime Against Businesses: Undermining the Economy
Broadly speaking, there are two kinds of cybercrimes directed at businesses. The first focuses on stealing intellectual property and selling it so others may profit from patents, unique designs, inventions, etc. produced by companies. In the corporate context, intellectual property can range from things like pharmaceuticals, to software packages, to new production methods for sneakers. Virtually anything a company’s research and development arm can come up with (patented or not) to improve the quality of a product, its marketing, the materials it is made of, and so on can comprise part of that company’s intellectual property. When that is stolen, it can result in significant losses as competitors domestically or overseas can then use this intellectual property, and thus diminish the market share of the company that spent the time and money to actually develop the particular product, process, formula, etc.
The other major way that cyber criminals can negatively impact businesses is through the theft of confidential business information. This can include a wide range of things, such as the personal data of employees and/or customers, business strategies, nondisclosure agreements between the company and other companies, confidential legal information about the company, or virtually anything else that, if made public or provided to a competitor, could damage the company’s operations and/or reputation.
One of the challenges of coping with cybercrime against businesses is that it often goes unreported to law enforcement due to the fear, on the part of many companies, that news of a breach in the company’s computer networks will leak to the press and lead consumers to lose confidence in the company and move their business elsewhere. Companies can also be reluctant to share information with their competitors regarding computer attacks and breaches, even though the entire industry may stand to gain if competitors share information to help design better defensive strategies that benefit everyone. Instead, a company can be reluctant to share any potential proprietary information with its competitors so that those competitors do not use that information in order to gain more market share at the compromised business’ expense.
Crimes Against Individuals: Defrauding Granny
Cybercrimes against individuals are often closely linked to crimes against businesses because they involve the theft of consumers’ or employees’ personal information and its fraudulent use in order to generate income for the cybercriminal. Cybercriminals regularly try to steal money from banks, credit card companies, insurance companies, and others through identity theft, the stealing of an individual’s personal identity and its fraudulent use by the criminal who uses it to take out a loan, apply for a credit card, etc. Cybercriminals also often attack unsuspecting individuals directly by luring them to websites or by getting them to open email attachments that then download malicious computer programs (known as “malware”) onto the victim’s computer, which allow the cybercriminal to access that individual’s computer in order to steal passwords, bank account information, social security numbers, or any other useful information that may be stored on the computer’s hard drive. Cybercriminals also regularly try to entice unsuspecting victims to provide passwords or other confidential information, usually via email, by masquerading as legitimate businesses. These are known as “phishing” attacks, or “spear phishing” when directed at particular individuals, often by name.
Individuals, of course, do not have the resources that large companies enjoy and, consequently, often do not know when they have inadvertently downloaded malware onto their computers and are about to become victims of identity theft. Hence, individuals are the Achilles’ heel of the cyber-defense system. The best way to combat these types of criminal activities against individuals is to raise awareness of the threats, ensure that people are equipped with the latest anti-malware software packages, and educate people to be more suspicious of information they receive via email or on websites and not to provide personal information so readily.
Guarding Against Hype: The Economy Is Not Defenseless
As increasing amounts of business activity move to the Internet and other computer networks, criminals will follow, and a larger percentage of crime will involve cyber activities. At the same time, it should be kept in mind that the private sector is not utterly defenseless when it comes to coping with cybercrime. Major companies in every industry often employ top-notch cybersecurity personnel to protect their systems and investigate breaches. They also use antivirus and other software packages developed by cybersecurity companies, but the need for effective cybersecurity personnel is likely to be an ongoing feature of the 21st-century economy.
Nadav Morag, Ph.D., is university dean of Security Studies at CTU. He works on projects for the Department of Homeland Security and the Department of Defense, and he is a published author on terrorism, security strategy and foreign policy. Connect with Dr. Morag on Twitter.
Image Credit: Flickr/Intel Free Press