Economic Cybercrime: The Next Economic Crime Vector

Posted on by Liviu Arsene

global networkAn economic cyberattack could potentially disable the economy of a city, state or country. Worst-case cyberattack scenarios involve attacks on critical infrastructures, and could potentially cost insurance companies billions.

Hollywood has even gotten into the game, inventing the term “fire sale,” in which a nationwide cyberattack on transportation systems, financial systems, and public utility systems could destabilize an entire country.

One of these types of attacks recently targeted power grids in Ukraine, and it is believed that the software (read: malware) used in crippling Ukraine’s power systems was also spotted affecting mining and railway companies.

Traditional forms of economic crime, such as bribery, asset misappropriation, or procurement fraud are the common types of fraud that have topped cybercrime lists in past years, according to recent studies. However, economic cybercrime's rapid ascension could be explained by the fact that it is less dependent on human interaction with goods and can be performed even by individuals outside of a country's borders. 

As economically developed countries, it stands to reason that countries such as the U.K. or the U.S. would be likely targets for economic cybercrime. Although financial gain is usually the number one motivation behind cyberattacks, intellectual property or government data could be just as powerful as a motivation. 

According to the U.K.’s National Cyber Security Strategy, around £1.9 billion is to be invested in cybersecurity measures, technologies and mechanisms aimed at protecting the country from cyberattacks targeting organizations or critical infrastructure. This is one of Europe’s most ambitious plans in terms of cybersecurity investments, and the U.K.’s Modern Crime Prevention Strategy shows great potential. However, it remains to be seen how this money will be invested and whether it will plug the majority of cybercriminal activities.

The U.S. government is constantly under pressure to increase investment in cybersecurity, and the Federal cybersecurity market has been estimated to grow to $22 billion by 2020, from $18 billion in 2017. In early February 2016, President Obama proposed a cybersecurity budget of $19 billion for 2017, more than $5 billion over 2016.

The annual cybersecurity spending of the U.S. federal government significantly outweighs that of any other country, potentially indicating that they face a greater threat from cyberattacks than others.

“No matter how good we get, we will never stop 100 percent of intrusions,” said Michael Daniel, special assistant to the president and cybersecurity coordinator.

And as more of global economic activity is moving to the cloud, that threat grows.

The purpose of cloud infrastructure is to help organizations grow their business and optimize costs, yet the safety of storing data in the cloud is debatable, as it usually depends whether the cloud is private, public, or hybrid, and whether the sensitive data is properly secured behind adequate security mechanisms. To that end, cyberattacks on organizations that use the cloud have indeed intensified, as past events have shown some companies have had their data leaked due to various forms of attacks on their cloud infrastructure.  

Considering that economically developed countries are willing to continuously invest in cybersecurity and security intelligence, it’s safe to assume they believe more could be achieved to combat economic crime. The cybersecurity versus cybercrime battle will not end any time soon, regardless of how much money is invested. However, investing in cybersecurity technologies and mechanisms will definitely reduce the damages caused by cybercrime in the long run.

Liviu Arsene

Director of Threat Research and Reporting, CrowdStrike

Blogs posted to the website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community