The Economics of Cybercrime

With India’s continuous shift towards digitalisation of payment transactions, cybercrime has become more and more lucrative for cybercriminals. If the magnitude and multitude of data breaches reported worldwide in the recent past is any indication, India has a lot to be concerned about. It is reported that cybercrime is projected to reach $2 billion by 2019, which is a four-fold increase in the cost of security breaches over 2015. Likewise, during the last year, unknown malware downloads rose by over 900%, with more than 970 downloads per hour compared to 106 in the previous year.

And if you think that only countries like India with apparently lesser percentage of tech-savvy citizens are affected, think again. Two recent “ransomware” attacks happened in USA and Austria! Cybercriminals continue to stay ahead by developing more sophisticated techniques to compromise the infrastructure and are invariably successful in getting their victims to pay ransom.

Hundreds of new variations have sprung up this year alone. In the case reported in February 2017, even a suburban Dallas Police Department was not spared, with their eight years’ worth of digital evidence being frozen using a file-encrypting malware. The ransom demand of $4,000 was not paid since majority of the data was backed up in CDs or DVDs. However, they still lost some videos and photographs.

Another case of ransomware during January 2017 was that of a hotel in an Austrian village, wherein hackers penetrated their systems and managed to remotely lock its doors. The guests found themselves unable to open their doors and the hotel ended up paying about $1,800 in bitcoins. It was surprising that there was neither a backed up software nor any backup plans in case the electronic locks malfunctioned. There is no reason why a door that is opened electronically cannot also have a physical keyhole that enables someone to open it with a regular key in the event of a power outage, or a system failure, or a malicious compromise. The case reported last year was scarier, where ransomware shut down the computer systems in a hospital in Hollywood. The administrators were forced to pay the ransom of about $17,000.

With several loopholes in the security infrastructure, coupled with susceptible users who easily fall prey to social engineering attacks, it is no wonder that cybercrimes are increasing. The cybercriminals find such crimes more lucrative and less risky since they operate from other geographic locations. While the investment in developing the malware is minimal, the chances of detection and conviction are quite remote, making it an extremely tempting economic model for the cybercriminals.

Consequently, there is a growing demand for Cybersecurity professionals who can, not only fortify the infrastructure from such attacks, but also educate the end-users on acceptable use. Security solutions such as anti-virus, sand-boxing, anti-spam, web filtering, host-based IPS (Intrusion Prevention System)and firewalls need to be properly configured and deployed. At the same time, employee awareness is essential. As more people become aware and vigilant about such threats, the likelihood of such attacks being successful will decrease.

About the author: Mr. Satish Warrier (Former Director-Cybersecurity Program)

He is a seasoned Information Security professional, having handled the role of a CISO for over 15 years in Banking, Manufacturing, FMCG, Retail and Real Estate Sector. Besides being an MBA, Satish has done his Computer Management course from Jamnalal Bajaj Institute of Management Studies..He was the first CISO (Chief Information Security Officer) of IDBI Bank, having set up, from scratch, the entire security infrastructure of the Bank to protect the core banking application and alternate banking channels such as ATM, POS, Internet Banking, Mobile banking, etc. from internal and external threats.