In recent months, a significant amount of media coverage has been given to the plight of high-profile organisations falling prey to cyber-attacks of rapidly increasing sophistication and severity. With this in mind, you would be forgiven for thinking that there is something of an epidemic in cyber-crime at present. But is this really the case, or is this a prime example of saturation media coverage being responsible for creating unnecessary mass hysteria?
Unfortunately, cybercrime really is on the increase
Recent statistics indicate that cybercrime really is increasing at a rapid rate. While media reports concentrate on well-known ‘super-cases’ causing serious harm to high-profile public and private sector organisations, the man on the street is also incredibly vulnerable when it comes to being the subject of a cybercrime. Incredibly, in the UK alone it is estimated that cybercrime accounts for as much as 40% of all recorded criminal incidents – with one in ten people having fallen victim to cybercrime at some point. It is also likely that the vast majority of smaller scale cybercrime incidents – which tend to affect individuals rather than companies – goes unreported. Reasons for non-reporting can be due to factors such as failure to recognise an attack as a crime, embarrassment at having fallen victim to a scam, or not wanting to waste the authorities’ time with a ‘virtual’ rather than real life crime. All told, unfortunately cybercrime is here to stay and shows no sign of dissipating.
Why is cybercrime increasing at such a rate?
There are a whole host of factors which contribute to the continued rise in cybercrime. Three of the most significant factors are outlined below:
1. Opportunity
Since the advent of the internet, its scope has broadened tremendously. The internet is firmly embedded in the vast majority of people’s lives and we now use it in ways which were incomprehensible 25 years ago. We utilize the internet to shop, bank, pay our taxes and as a primary method of communication. Given the billions of transactions worldwide which occur on the internet every day, cybercriminals have a high degree of opportunity and it only takes the tiniest lapse in security for them to exploit a weakness in an organisation or individual’s online protection. In addition, there are no physical barriers to prevent the committing of online crime – with an individual located in the UK being perfectly capable of launching an attack on systems located in the USA, Australia or China.
2. Inability of the authorities to keep up
New types of attack are emerging all the time. Gone are the golden days of simply stealing account numbers by hacking into an online banking app and hoping that you are able to extract money before the unfortunate victim is aware of the attack. With malware, ransomware, phishing, rogue software and password attacks to name but a few, it is increasingly difficult for cyber law enforcement experts to keep up with increased diversity and sophistication of attacks. Our laws were also founded at a time when crimes were entirely physical, so in addition to the authorities being unable to keep up with the evolution of cyber-crime methods, the legal process is playing catch-up too.
3. Lack of consequences for online criminals
Even with the most sophisticated and dedicated cybercrime investigators on the case, it is still incredibly difficult to bring the perpetrators of this type of crime to justice. By their very nature cyber criminals are highly intelligent and expert in creating and refining new attack techniques. They are also skilled and making themselves hard to trace and so can become virtually invisible.
Even in those cases where the perpetrator can be identified the legal process faces significant challenges. Cyber-criminals operate across international borders, meaning that unless there is a reciprocal legal agreement in place between countries (and the country harbouring the criminal is prepared to extradite the perpetrator – often a frustrating and sometimes futile exercise), making the criminal face the legal process in the country affected by the crime is exceptionally difficult. Add to this the fact that gathering concrete evidence of a cyber-crime is exceptionally difficult, and the chances of a successful prosecution are slim. Of course, sophisticated online criminals are aware of this, so there is very little deterrent when it comes to committing these types of crime.
A gloomy outlook?
It seems a depressing picture, but there really is no need to despair. Most high profile cyber-attacks have worked by exploiting an easily fixable glitch in an organisation’s security protocol – think the failure of NHS organisations to update their Windows security profile. Taking basic steps to protect yourself really does go a long way to reversing the increase in cybercrime. In addition, countries and authorities worldwide are starting to better understand the damaging nature of cyber-attacks and the importance of working together to combat cyber-crime. There are also powerful software to detect ransomware, malware and other cyber crimes in progress. Hopefully, in the not too distant future, the authorities will finally get ahead of the game, and there will come a time when cyber-criminals will no longer be able to hide in the shadows.