Ransomware, which is the fastest growing cybercrime, is expected to increasingly target mobile systems, with Android ransomware kits already beginning to appear on marketplaces.
Cyber security is among the top challenges being faced by businesses globally as well as in India; coupled with the digital transformation which many enterprises are either undertaking in their quest to stay ahead of the competition. However, one of the big misconceptions about cyber security is that companies can safeguard themselves by focusing their attention—and investments—predominantly on protecting their IT networks. In today’s era of remote workers, mobility and rapid digital makeover of workplaces, our office domain is now everywhere and anywhere. Cyber attacks too have become more specialised and concentrated in nature, targeting specific businesses and individuals. Last year, cyber criminals caused major service disruptions around the world, using their increasing technical proficiency to break through cyber defenses. A new cyber security report reveals cybercrime takes an almost $600 billion toll on global economy.
Recently, IT security firm McAfee, in partnership with the Centre for Strategic and International Studies (CSIS), released “Economic Impact of Cybercrime—No Slowing Down,” a global report that focuses on the significant impact that cyber crime has on economies worldwide. The report says that cybercrime costs businesses close to $600 billion, or 0.8% of global GDP, up from about $445 billion as per a 2014 study. The report attributes the growth in just three years to cyber criminals quickly adopting new technologies, the ease of engaging in cyber crime—including an expanding number of cybercrime centres—and the growing financial sophistication of top-tier cyber criminals.
According to McAfee officials, the cost of cyber crime is unevenly distributed among all the countries of the world. CSIS found variations by region, income levels and level of cyber security maturity. Cyber incidents are multiplying at an alarming pace in India and they are increasingly becoming more complex in nature. The constant rise in the number of cyber attackers targeting Android users has not been a hidden fact. The situation is worrisome in India when we take into account the steep increase in online transactions.
An important thing to note is that
estimating the cost of cyber crime can start to help the world manage and reduce cyber crime, a task whose importance will only grow as our reliance on digital technologies grows and as cyber crime grows along with it.
The elements of cyber crime costs that the McAfee-CSIS report has identified include:
* The loss of intellectual property and business confidential information
* Online fraud and financial crimes, often the result of stolen personally identifiable information
* Financial manipulation, using stolen sensitive business information on potential mergers or advance knowledge of
performance reports for publicly traded companies
* Opportunity costs, including disruption in production or services, and reduced trust for online activities. This includes the effect of ransomware, which involves both payments to redeem encrypted data, and, more importantly, serious disruptions to services and output
* The cost of securing networks, buying cyberinsurance, and paying for recovery from cyberattacks
* Reputational damage and liability risk for the hacked company and its brand, including temporary damage to stock value.
“The digital world has transformed almost every aspect of our lives, including risk and crime, so that crime is more efficient, less risky, more profitable and has never been easier to execute,” said Steve Grobman, chief technology officer for McAfee. “Ransomware-as-a-service cloud providers efficiently scale attacks to target millions of systems, and attacks are automated to require minimal human involvement. Add to these factors, cryptocurrencies that ease rapid monetisation, while minimising the risk of arrest, and you must sadly conclude that the $600 billion cyber crime figure reflects the extent to which our technological accomplishments have transformed the criminal economy as dramatically as they have every other portion of our economy.”
Banks remain the favourite target of cybercriminals, and nation states are the most dangerous source of cybercrime, the report finds. Russia, North Korea and Iran are the most active in hacking financial institutions, while China is the most active in cyber espionage.
“Our research bore out the fact that Russia is the leader in cyber crime, reflecting the skill of its hacker community and its disdain for western law enforcement,” said James Lewis, senior vice president at CSIS. “North Korea is second in line, as the nation uses cryptocurrency theft to help fund its regime, and we are now seeing an expanding number of cyber crime centres, including not only North Korea but also Brazil, India and Vietnam.”
The report measures cyber crime in North America, Europe and Central Asia, East Asia and the Pacific, South Asia, Latin America and the Caribbean, Sub-Saharan Africa, and the Middle East and North Africa. Not surprisingly, cyber crime losses are greater in richer countries. However, the countries with the greatest losses (as a percentage of national income) are mid-tier nations that are digitised but not yet fully capable in cybersecurity.
Interestingly, ransomware is the fastest growing cybercrime. Ransomware victims include big companies, small and medium enterprises, and individual consumers. While the cost to the individual is low, usually about $200 in ransom, the ability to hit thousands of targets at a low cost and with no risk of penalty explains why this category of cyber crime is growing so quickly. While many victims do not pay ransom, enough do to make this profitable. The FBI reported $209 million in ransom was paid in the first quarter of 2016, compared to just $24 million in ransom payments in all of 2015.
McAfee officials said, “We are seeing the commercialisation of ransomware, with turnkey ransomware toolkits available online for a few dollars and as much as $3,000 for specialised offerings. Ransomware is expected to increasingly target mobile systems, with Android ransomware kits already beginning to appear on marketplaces as cyber criminals look to take advantage of the massive number of unsecured phones worldwide. IoT devices are also expected to be more frequently targeted due to their lack of security protections, with industrial IoT, in particular, offering a potentially juicy target to bad actors.”
The most important area for the cost of cyber crime is in the theft of intellectual property and business confidential information. Internet connectivity has opened a vast terrain for cybercrime, and IP theft goes well beyond traditional areas of interest to governments, such as military technologies. One way to measure the cost of intellectual property theft is to look for competing products that take market share from the rightful owners. If hackers steal intellectual property, such as product designs, from a small or medium size enterprise, it can be a fatal experience. For big companies, it can be an unexpected source of revenue lost as competing products enter the market. The theft of intellectual property accounts for at least a quarter of the cost of cybercrime and, when it involves military technology, creates risks to national security as well.