During this days I had the opportunity to read the results of a couple of surveys:
The PricewaterhouseCoopers (PwC). Its Global Economic Crime Survey has demonstrated that Cybercrime has double digit growth being today third biggest crime threat in UK businesses behind asset theft crimes, frauds and corruption
Norton Cybercrime Report: The Human Impact, an groundbreaking study that exposes the alarming extent of cybercrime and the feelings of powerlessness and lack of justice felt by its victims worldwide.
The trend is the same all over the word, cyber crime industry has collected a lot of successes during the last five years.
Another important factor is that cybercrime’s financial and geographic growth shows no slowdown during the global economic crisis indeed, it probably took advantage of the crisis factor, to undermine the business much more profitable. Lack of awareness of the threat, and contraction of investment in prevention and awareness have played in favor of cyber crime. No company or organization is immune.
Cybercrime Growth has been fueled by an evident lack of adequate protection.
According a recent Norton cybercrime report costing fraud victims more than $388 billion worldwide over the past year, consider that up 35% of the global cybercrime bill were U.S. fraud victims, who spent $139 billion on cybercrime last year. An amounts of 141 victims per minute, an alarming statistic even for Norton’s consumer cybercrime expert, Helen Malani.
Reading the PWC survey document It is to understand that there are several significant problems in assessing cybercrime risks, mainly the difficult to address to right definition for the crime. Same event are classified under different categories that require different approach but in effect they are referring the same problem like industrial espionage or asset theft.
During the assessment of the cost usually managers and corporates limit to proven losses through fraud, or include remedial costs or extend that to reputational damage, but has not defined a standardized metrics to evaluate them.
It is now essential for senior management to truly understand the risks and opportunities of the cyber world giving a strong commitment to fight the battle against an enemy that is increasing its energy.
Must be analyzed also the indirect cost like image dameges related to an incident that seriously damage brands or tarnish a reputation, leading organizations to lose market share. “Trust Level” and the company reputation must be considered like strategic asset and their damage can be critical like is happened for the Diginotar case.
Let me highlight main data published in the final report of the PWC survey:
Which is the more worrying threat related cyber crime?
No doubt, one of the biggest threats is related crimes against mobile devices, natural consequence of large diffusion of smartphones and tablets to Internet connections. Official sources 80% of people accessing their mobile devices improperly protected, this provides fertile ground for cybercrime activity.
Businesses on line based for example allow users to access their services via mobile devices, this is especially disconcerting. But what happen if there aren’t procedure that effectively detect when fraudulent devices are logging onto their sites and requesting transactions? Organizations and their customers are vulnerable to evolving schemes such as credit card fraud , account takeover, card-not-present (CNP) fraud, phishing and identity theft.
Similar to legitimate economy, this growth has impacted the illegal underground marketplace that has demonstrated to be driven by innovation and opportunities. For cyber crooks, it’s all about exploiting the latest technology before the security gaps are identified and closed.
It is necessary to implement fraud preventative strategy that includes device reputation technology critical to identifying anomalous behavior that indicates fraud possibility.
How to protect our business?
The numbers show a growth difficult to stop, a relentless progression that requires us to implement, in both Government and private sectors, a series of measures to contain the threat.
First step is to become aware of the threat and risks … second step, action!