Throughout history, societies have thrived on various forms of exploitation. These acts, initially less sinister, often evolve into schemes for profit. This pattern is evident in cybercrime, where what begins as a curiosity or a search for loopholes can quickly turn into lucrative opportunities for exploitation. What do 8 billion, 83%, and 5% have in common? Let's find out.
The Rise of Cyber Extortion
About 15 years ago, when I started exploring the world of cybersecurity, it was still a world mainly consisting of what we called “script kiddies” or “hackers.” Many of these grew up to be cybersecurity researchers, and some moved to a life of cybercrime. Perhaps they did both, or started as a researcher and eventually turned to crime, or maybe vice versa. However, it was more of a “check out what I can do” world in the early days.
Cybercrime of today is enormous in scope. I recently read an article titled “ Cybercrime Will Cost The World $8 Trillion This Year” The article defines the costs as “...includes, for example, the money stolen by cybercriminals, the subsequent investments in security tools and services, and the money spent on ancillary activities such as staffing, remediation, legal fees, fines and more.” So, the opportunity to profit from this relative newcomer to the exploitation world is relatively high.
A Case Study in Vulnerability: Dallas Under Siege
The impact and fallout from these exploitation attempts can be staggering. Another article from September, reviewing the aftermath of a Dallas municipal cyber attack in May 2023, discussed a major ransomware attack that essentially shut down significant portions of one of the largest municipalities in the USA, Dallas. The criminals also stole the personal information of 30,000 people. The long-term impact of ransomware attacks can be very high: a month later, Dallas had managed to resume 90% of its operational capability and, in September, had recovered fully.
The Economics of Cybercrime: A Profitable Venture
That leads me to the third article I wish to cite for context: "What percentage of businesses have paid up when they’ve been hacked?.” For those who can’t wait for the answer, the answer is 83%. Ok, that is an impressive number for any group wishing to profit from…well…anything! However, everything comes down to risk, so one must consider the percentage of those who perpetrate cybercrimes who get caught and eventually prosecuted. Would it surprise you that the number is about 5%? It is shockingly low.
Looking at all this from a risk vs reward perspective, there is a lot of money to be made in the world of cybercrime, and the risk is surprisingly low. If a cybercriminal organization is careful, its risk may be much lower than 5%. There is a good reason why criminals are getting bolder. Cybercrime does pay, and it pays well.
The Imperative for Enhanced Cybersecurity Measures
The current landscape of cyber extortion calls for a renewed focus on strengthening cybersecurity measures. Organizations must prioritize the protection of their digital assets to mitigate the risk of becoming the next target. Investing in advanced security technologies and early warning systems, implementing rigorous staff training, and fostering a culture of vigilance are critical steps in fortifying defenses against the evolving tactics of cybercriminals.
If an organization chooses not to invest in better ways to protect themselves from becoming victims of cybercrime, someone out there will invest in ways of taking what you have. Welcome to the new world where personal empires are built on ways to joyride on the information highway.