What if Street Crime Statistics Matched Those of Cybercrime?
If street crime statistics matched those of cybercrime, our world would resemble the Wild West.
Almost 60 million Americans said they were affected by cyber identity theft in 2018. That's one in every 5.4 citizens. FBI statistics show that over 282,000 robberies (thefts) were recorded in the United States during the same period - one for roughly every 1,160 citizens. In other words, you are over 200 times more likely to be a victim of cyber theft than 'traditional' robbery. On a broader level, robberies are included in the FBI’s list of violent crimes, the victims of which number 1.2 million, or around one in every 270 citizens (as opposed to every 5.4).
A further stat shows that "more than 446 million consumer records containing personal information were exposed in data breaches in 2018". A lot of wallets/passports/ID cards need to be stolen to get the same amount of information.
In 2018, the average dollar value of property stolen per reported robbery was $2,119. One set of figures puts the average ransomware payment at over 17 times this amount ($36,295), almost dollar-for-dollar the same amount paid for the average price of a light vehicle in the US ($36,843).
Corporate cybercrime stats are just as disturbing and a business/organisation somewhere in the world is predicted to suffer a ransomware attack every 14 seconds during 2019 (down to 11 seconds by 2021). And it's not only businesses. Cities are becoming the target of hackers, such as Florida's Riviera Beach, Baltimore and the combined attack on 23 towns in Texas. The number of US cities attacked rose from 38 in 2017 to 53 in 2018, and that number is expected to rise with each passing year. Imagine the reaction if armed intruders stormed the city hall of a different US city each week for a year and held that city to ransom.
Gaining physical access to many businesses these days involves security on many levels in order to prevent just anyone from getting past the front door. However, our attitude towards workplace cybercrime prevention can resemble an 'open door' policy, with 66% of cyber breaches caused by employee negligence and malicious acts. It also doesn't help that IT departments are being ignored. One study of 3,000 workers around the world showed that 46% access personal documents on their work device without IT's permission, while a further 41% download professional software and applications. And even though 93% of executives know this behaviour causes issues, 57% have accessed software and apps without IT's knowledge.
THE COST OF CYBERCRIME
Some of the world's biggest 'traditional' heists and robberies netted spoils that soared into the hundreds of millions of dollars, with one - the Central Bank of Iraq 'heist' in 2003 - exceeding $1.3 billion in today's money. In comparison, the 'revenue' of cybercrime is stratospheric and some (global) figures for 2018 go as high as $1.5 trillion. If this is the case and cybercrime was a country, it would have the 13th highest GDP in the world.
Even conservative estimates for annual cybercrime revenue, like the $600 billion - which would have a 'country GDP' ranking of around 21 - figure from the Center for Strategic and International Studies, far exceeds anything achieved pre-cyber. One of the most notorious band of cyber thieves - those behind the Gandcrab ransomware - announced their intention to retire in May, 2019, after stealing in excess of $2 billion. Part of their farewell statement read: "We are a living proof that you can do evil and get off scot-free. We are getting a well-deserved retirement."
Nearly all the perpetrators behind the biggest traditional heists have been caught. Cybercrime, on the other hand, is a faceless crime. There is an attacker - someone (or more) to blame - but they are out of sight and rarely caught, usually because they are behind a computer outside the legal jurisdiction where the crime has occurred. Even when evidence has been gathered, there is often no way to arrest the person/s involved because some countries won't participate in reciprocal legal - extradition - agreements.
Countries that refuse to have reciprocal agreements often do so for their own good reason and this is where the Pandora's box that is state-sponsored cybercrime (attack/warfare/terrorism) is opened. Everyone does it and some (you choose which) spring to mind moreso than others. Many say it all began with what is referred to as the world's 'first digital weapon': Stuxnet. Countries have been cyber-attacking one another since the internet first appeared, but Stuxnet took cybercrime (warfare) to new heights, and countries have been conducting tit-for-tat attacks on each other ever since, while doing their utmost to protect the identity of those working on their behalf.
WHO IS ACCOUNTABLE?
Cybercrime victims around the world are much the same. Statistically, they are consumers who use numerous devices and are likely to use the same password across their accounts, or share this info with others. However, even after an attack, around a quarter of US cybercrime victims still use the same online password and 60% share their passwords with others for at least one device or account (if someone breaks into your house, you change the locks and don't hand out your keypad details to every Tom, Dick and Harriet). Despite this, nearly 40% of victims believe they can protect their data from future attack and 33% believed they would be a low risk of becoming a cybercrime victim again.
These beliefs show that, despite the increasing regularity of cyber attacks, many people think "it won't happen to me" and avoid taking the most basic cyber security precautions such as changing passwords. Perhaps it's because cybercrime happens 'out there' and we aren't physically or, for the most part, psychologically violated like 'old school' robbery. If your data is stolen, it is often done so with thousands, or millions, of others. What are the odds of you being singled out and compromised?
Often it is a mere annoyance. Even 'yours truly' was the victim of an online tax office scam that saw personal data handed over in a distracted moment. The error of my ways were realised within seconds of hitting 'Send' and the relevant organisations were contacted immediately and details updated/changed. Nothing more came of it. Life went on.
Of course, this isn't always the case. However, stats show that, amidst all this cybercrime from outside sources, we should take a good look at ourselves. Over 80% of US adults believe cybercrime should be treated as a criminal act, yet nearly 25% believe stealing information online is not as bad as stealing property in real life. A further 41% believe it's acceptable to commit "morally questionable behaviour" in certain instances, such as reading someone's emails (28%), using a false email or someone else's email to identify their self online (20%) and even accessing someone's financial accounts without their permission (18%).
Cybercrime stories on a global scale and with big statistics – WannaCry infected 300,000 computers across 150 countries, with damage reaching into the billions of dollars – fill the headlines and news bulletins. We are shocked at the scale of these but, once the furore dies down and the next big story in our 24/7 news cycle takes over, we move on. These stories are usually portrayed by a shadowy - sinister, even - figure hunched over a laptop in a darkened room. Such imagery might make us feel vulnerable, but are we becoming increasingly immune to cybercrime with each passing story, just as we've become immune to all but the most graphic street crime stories? The answer is, inevitably, yes.
. . .
If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.