A Growing Threat: Cybercrime in 2018

A new report estimates that cybercrime will generate $1.5 trillion (£1.1 trillion) this year.

That’s more than South Korea’s GDP. In fact, if cybercrime were a nation state, it would have the thirteenth largest GDP in the world!

Figures like this are shocking. But, according to experts, the $1.5 trillion figure is actually conservative.

Of course, it’s very difficult to gauge the true scale of cybercrime – the most successful cybercriminals are experts at keeping their activities hidden. However, Dr Mike McGuire, the academic behind the report, deliberately calculated conservatively, so that inaccuracies involve only underestimates rather than overestimates.

Whatever the true figure, it’s safe to say that cybercrime is huge. In this article, we’ll take a deeper look at the state of cybercrime in 2018, and outline some simple things businesses can do to remain protected.

The Cybercrime Economy
How the Legitimate Information Economy Feeds Cybercrime  
Protecting Your Business
Where Is the Cybercrime Economy Heading?

 

The Cybercrime Economy

Cybecrime Economy

According to Dr McGuire’s report, the totality of cybercriminal activity is best thought of as an economy – a multifaceted, sophisticated and growing economy, in which “a hyper-connected range of economic agents, economic relationships and other factors are now capable of generating, supporting and maintaining criminal revenues at an unprecedented scale”.

Revenue generation in the cybercrime economy takes place at all levels.

For example, there are cybercriminal equivalents to large “multi-national” organisations, which can generate in excess of $1 billion (£736 million) annually. There are cybercriminal SMEs, which generate profits of around $30,000$50,000 (£22,000–£37,000) a year. And there are cybercriminal sole traders, who operate alone, either as a full time occupation or for some extra cash on the side.

The cybercrime economy is dominated by three major “services”. These are: illegal online markets, theft of trade secrets and data trading.

Additionally, so-called Crimeware-as-a-Service and ransomware contribute $1.6 billion (£1.2 billion) and $1 billion (£736 million) respectively.

Taking part in this economy is now easier than ever. Some cybercriminals are productising their services, making it easy for less techie individuals to get involved. Those at the top – those who are creating these services – have access to millions and millions of dollars, though, unlike legitimate business magnates, you’re unlikely to ever hear their names.

The owners of Crimeware-as-a-Service “businesses”, for example, are creating platforms and processes that give users a way to conduct criminal activities in an organised, automated and intuitive way. With services such as these, becoming a cybercriminal really is as easy as doing some online shopping.

 

How the Legitimate Information Economy Feeds Cybercrime

the Legitimate Information Economy Feeds Cybercrime

The information economy is home to many of the world’s most famous brands. Facebook, Uber, Amazon, Google, Apple, Alibaba – companies such as these know how to exploit the advantages of Big Data and have used this to dominate their industries.

A large percentage of those at the top of the information economy are known as “platform capitalists”. Platform capitalism has become central to the global economy, and operates on the premise that bringing different groups of users together can be hugely profitable

Facebook and Google, for example, connect advertisers, businesses and everyday users. Uber connects riders and drivers. Amazon and Siemens are building huge platforms that underlie much of the modern economy.

In order for the platform model to work, companies need data. And lots of it.

Since their inception, legitimate platform businesses have been treading a thin line between legality and illegality in terms of their data practices. Recently, the Facebook-Cambridge Analytica scandal has given us the clearest example of what can happen when they get it wrong.

But while legitimate platform businesses struggle to balance on the tightrope of data legislation, cybercriminal businesses are more than happy to jump right into illegal activities.

Unfortunately, legitimate platforms offer cybercriminals fertile ground for conducting their activities. Criminals can hack platforms to acquire user data, disseminate malware and sell illegal goods. They can use them to set up fake shop fronts to launder money. They can use them to connect buyers and sellers of illegal goods.

Though legitimate businesses are unwitting in their involvement in criminality, they have also helped cybercriminals in another – perhaps more dangerous – way: they have given them inspiration.

A model of platform criminality is beginning to emerge. Described by Dr McGuire as a “monstrous double” of the legitimate information economy, illegal platforms are copying legal platforms, often by mimicking the way they extract data – though in much less prudent and much more invasive ways.

Much like their legitimate counterparts, criminal platform owners are making far more money than those who use them. An individual hacker has been estimated to make around $30,000 (£22,000) a year; whereas a manager can make $2 million (£1.5 million) per job. In other words, the most successful cybercriminals are those who are selling crimes rather than committing them.

 

Protecting Your Business

Protect Your Business

In 2018, the number of threats businesses and individuals face online is greater than ever. However, by following some basic best practice policies, you can go a long way to avoid being exploited.

Cybercriminals will often target low-hanging fruit. This means that SMEs, whose security processes are often lacking, receive the brunt of cybercriminal activity. Indeed, 58 percent of all malware attack victims are categorised as small businesses, and the average cost of a single attack is a whopping $2,235,000 (£1,645,407)

Ensuring your business is secure, then, should be a high priority.

As a starting point, all businesses should:

  • Keep operating systems updated and regularly patched
  • Have a high-quality firewall that protects from virus, spyware and phishing attacks
  • Keep browsers updated
  • Keep all system software updated
  • Encrypt wireless networks
  • Restrict software and ensure that only administrators can install anything on company computers
  • Use filtering to control data access
  • Use internet filters to prevent hackers uploading data to storage clouds
  • Remove or disable USB ports to malicious software can’t be uploaded
  • Implement stringent password policies
  • Encrypt entire drives, folders and files

To ensure maximum protection, many businesses can benefit from consulting with professionals. Unified Threat Management (UTM) is a modern approach to security management that allows an administrator to monitor and control and range of security applications and infrastructure via a single console.

The UTM approach allows businesses to adopt key security features with ease: anti-virus, Intrusion Prevention Systems (IPS), web-filtering, anti-spam, traffic shaping and more. Such a multi-layered approach ensures complete protection for SMEs.

 

Where Is the Cybercrime Economy Heading?

Cybercrime Predictions

Digital technology moves fast. This means that cybercriminals and the companies trying to stop them are engaged in an ongoing battle. A development on one side must be countered quickly by the other.

It’s very hard to predict what the cybercrime economy will look like in a year – let alone five or 10. However, there are a few developments we can be quietly confident will materialise.

According to RSA’s whitepaper, 2018 Current State of Cybercrime, in the near future it’s likely that:

  • Mass data breaches will continue and will contribute to a spike in account takeover – Mass data breaches are allowing cybercriminals to access and sell usernames and passwords.
  • Cybercrime operations will expand to new platforms and infrastructures – The takedown of two large illegal marketplaces in 2017, AlphaBay and Hansa, has sent cybercriminals in search of new platforms. Social media platforms and websites hosted on the blockchain are likely to fill much of this void.
  • Omnichannel expansion, open APIs and faster payments will open up new vulnerabilities – As consumers migrate to mobile, so will criminals. At the same time, open API and faster payment mechanisms will increase potential fraud exposure.

Elite Group is the leading unified communications provider. We deliver an unrivalled product portfolio, including UTM security solutions and next-generation firewall defence.