Cybercrime: Outwit It by Thinking Like the Perpetrators

Cybercrime is growing by leaps and bounds. According to the technology news in Information Agecybercrime in all forms rose 38% in 2016 over 2015 levels. It is expected to rise at least as dramatically this year. Half of all small businesses had at least one cybercrime incident each year.

Cybercrime is growing by leaps and bounds.

Nearly half of all breaches of data security, such as Heartbleed or WannaCry, stem from criminal intent or malice. (The other slightly more than 50% are caused by systems or human error.)

By 2019, it’s estimated that all forms of cybercrime — identity and other theft, such as ransomware, breaches, phishing, and other scams — will hit an astonishing $2 trillion in costs worldwide, three times the $500 billion registered in 2015.

Cybercrime, then, is astonishingly prevalent. It hits everyone from major corporations to small businesses to individuals.

How can it be stopped?

Business strategies often focus on increasing cyber deterrence and cyber protection. These can be effective methods, of course. But they aren’t ultimately effective, as cybercrime and cyber protection have grown in size hand-in-hand.

Think Like Hackers…

A recent Harvard Business Review article urges corporations to mobilize its employees to think like hackers. Although “hacker” is sometimes used in the press as a synonym for cybercriminal, there are “white hat” hackers who are simply nimble finders and strategizers of software, computers, and code. They can think of other ways to use a software or a system.

“Black hat” hackers are those who use those finding and strategizing skills for malicious or criminal uses, or both.

So, the theory goes, employees can think of other ways that a software or system could be used. How might one break into it, or subvert its intent? Once they know that, they can also strategize how to block that kick, so to speak.

The HBR authors encourage information technology teams to share how widespread breaches such as Heartbleed happened, and even to have a companywide simulation of how cybercrime happens.

…and Realize Cybercriminals Are Not Masterminds

Another important component of fighting cybercrime is realizing that it is not committed by shadowy masterminds. A team of Oxford University sociologists studied a Romanian town well-known as a locus of cybercrime.

Its findings? The decision to be a cybercriminal was made by people who were not necessarily sophisticated or even global. Cybercrime was a local issue that accidentally had global reach.

Why did Romanians become cybercriminals? First, the society around them has a high tolerance for corruption. Second, it is very poor, with few avenues to the middle class (but a view of the luxury living cybercrime affords). Third, it has a sophisticated digital infrastructure in place. Fourth, Romania under communism focused on science, technology, engineering, and math (STEM) training, so many people are knowledgeable about computers. Those who aren’t have even fewer economic avenues, but are able to become accessories to cybercrime.

The result? A perfect storm of cybercrime. But, as the leaders of the study point out, it helps to understand it as a localized story, not one of sophistication.

How to stop the global rise of cybercrime? First, focus on thinking creatively about how digital systems can be hacked maliciously — and work to counteract it. Second, realize that the problem is local and specific, not global and shadowy.