Cybercrime has recently overtaken drugs as the number 1 illegal business in the world, expected to account for $6 trillion in cost globally. Many countries such as the United States, Israel and the UK have discovered the importance of the cyber threat landscape and have invested heavily in cybersecurity programs. North Korea is well known for using hackers to generate revenue for their country. North Korea is estimated to have earned about $2 billion in just over three years. The impact of cybercrime on businesses, government and national defence has been growing steadily over the last 10 years and it seems like this will continue well into the foreseeable future. The damage and impact of cybercrime can be divided into a couple of main categories that affect that economy:
1) Damage to Businesses
This is the most common type of damage an economy typically experiences. Many hackers break into corporate networks for financial gain, with a lot of success. One way they make money is by stealing personal information of customers and selling that information to other people who use it in fraudulent ways. In the US the average total cost of a data breach is 3.92 million. Another common method used to make money is via ransomware, which is where the hacker encrypts the company information and demands the company pays them money in order to get their information back. Typically hackers demand around $13,000 per attack. Another option that hackers use is to use the computing resources of the company’s IT infrastructure to make money, usually via mining bitcoin. What this looks like is if a hack is able to compromise 500 company servers, they will install software on those servers, unbeknownst to the company and use those servers to mine bitcoin for the hacker. The most susceptible companies to cyberattacks tend to be small to medium sized enterprises because they have more information, resources and money to pay ransoms than small businesses but they don’t have as much security as large companies, which make them ideal targets for hackers. Unfortunately the impact on these companies can be very big, as up to 60% of those companies close down within 6 months.
2) Damage to Critical Infrastructure
Another less common but more severe affect of cybercrime is damage to critical infrastructure which includes things like the energy sector, communications, national defense and so on. These types of attacks typically are not done for financial gain but are done for either military or political reasons. For example there was a Ukrainian power hack in December 2015 where three energy companies were compromised and millions of people lost electricity for several hours. It goes without saying but the ability to compromise a country’s critical infrastructure would have huge impacts on the economy and the lives of everyday citizens and it’s a real concern for all governments. It’s one of the reasons governments are investing so heavily in cybersecurity.
3) Cyber Espionage
The last area I will discuss is Cyber Espionage, which is when hackers sit and extract information from a company. This may seem similar to what was mentioned in the first paragraph but there is an important distinction. The first method is when the hacker is extracting personal customer information that they don’t personally care about for resale. While for cyber espionage the purpose of the operation is to extract information that has strategic value eg company product secrets, government military information, company plans etc and passing that information onto the client hiring them whether that is a competing company or an opposing government. The key point with espionage is extracting information with strategic value.
The impact of cybercrime is affecting almost all countries and new development techniques for malware (software used for malicious purposes) make it easier and easier for regular people to hack computers. It is projected that the cybercrime market will grow to $6 trillion by 2021, so in all likelihood this problem is here to stay.