Cyber Crime vs. Cyber Defense

Published June 03, 2013

After reading an article on the Huffington Post the other day, I started thinking about the fact that we really ARE now living in a world where BIG DATA = BIG BUSINESS = BIG MONEY. With more and more people paying bills, shopping, banking and socializing on the internet, there are going to be obvious financial losses to individuals and organizations. The article prompted some further sleuthing, which led to some eye-opening statistics.

Below is a brief summary of data showing the difference between what cyber criminals are estimated to steal in a given year and the money being spent to protect against their digital crimes.

Cyber Crime:

Fake Antivirus - $97M

Users get a message warning them that their computer has been infected with malware. When they click on a link to download antivirus software, their machine is infected. An analysis of financial records from three criminal gangs found that from 2008 to 2010 they collectively earned $97 million annually.

Stranded Traveler - $10M

Hijacked e-mail accounts are used to ask friends for money, claiming to be stranded traveling abroad. According to an analysis from several major e-mail service providers, criminals receive between 1-5 payments a day, on average.

Online Banking Fraud: Malware - $370M

Cyber criminals target businesses and individuals using malware to capture passwords, account numbers, and other data to get into online banking accounts. As of September 2011, the FBI was investigating 400 cases of “corporate account takeover” where criminals stole $85 million.

Online Banking Fraud: Phishing - $320M

Online banking fraud is sometimes carried out in a phishing attack, in which criminals impersonate websites to get unsuspecting users to provide their login credentials.

Cyber Defense:

Bank Countermeasures - $1,000M

Banks often hire companies to conduct penetration testing to ensure that their IT infrastructure is up to the standards of being secure. They also many times pay companies to search for and eliminate bogus websites used in phishing attacks. There are also additional internal security costs, such as authentication programs, UTM appliances, Firewalls, AV software and systems for generating one-time passwords.

Antivirus - $3,400M

It’s currently estimated that between 74-88% of all households with a broadband subscriptions use some form of antivirus protection.

Patching Vulnerabilities - $1,000M

Software companies constantly patch their products against vulnerabilities that can be exploited by malware. Some evidence suggests that the development cost of a single patch for key enterprise software can run up to $1 million. Deploying that patch is equally costly.

User Cleanup - $10,000M

When antivirus programs fail, aren’t updated regularly or are just used incorrectly (if at all), users often times have to call on the help of a professional computer technician to clean up their PC. This type of service usually costs between $99-$300 dollars depending on the severity of the infection.

Business Security - $10,000M

Companies use a variety of tools to fight cyber-crime including firewalls, intrusion detection systems, software maintenance/patching, deployment, and user training.

Law Enforcement - $400M

The U.S. spends nearly $200 million a year to fight cyber-crime. This accounts for half the law enforcement work worldwide.

These number are staggering to say the least. I think it’s extremely important for end users and organizations to work together with security experts and IT professionals to put all of the necessary security measures in place to combat against system vulnerabilities. Also, it’s important that folks “in the know” educate other users on how to stay safe online. Through collaborative efforts and commitment to deploying aggressive multi-layered security policies, there is hope that the cyber-crime epidemic can one day be contained.