A report by U.K.-based Juniper Research last year found that criminal data breaches could cost businesses worldwide a total of $8 trillion through 2022.
Juniper’s research found that ransomware is becoming a far more advanced form of malware, as cybercriminals hold businesses’ stored data and devices hostage until they are paid for their release. The ransom strategy exploits businesses that run older software and don’t budget enough to keep their systems secure.
The company also predicts that the number of personal data records stolen by cybercriminals will reach 5 billion by 2020.
According to Mike McGuire, senior lecturer in criminology at Surrey University in England, cybercrime generates at least $1.5 trillion in revenues every year. McGuire studied the criminal economy that’s thriving on the internet for 10 months on behalf of cybersecurity company Bromium. The result of his work is the study “The Web of Profit.” McGuire found that illicit and illegal online markets generated annual revenue of $860 billion; trade secret and IP theft had $500 billion; data trading, which includes revenue from trading in credit and debit card information, $160 billion; cybercrime as a service, $1.6 billion; and ransomware, $1 billion.
According to his findings, high-earning cybercriminals can make $166,000-plus per month, while middle-earning criminals can make $75,000-plus per month. Even what he categorized as “low earners,” these criminals can make $3,500 per month.
And how do you hide all those ill-gotten gains? It follows the age-old criminal way: you launder it.
According to the United Nations Office on Drugs and Crime, the estimated amount of money laundered globally in one year is 2 to 5 percent of the global gross domestic product, or $800 billion to $2 trillion. The UN states, “Though the margin between those figures is huge, even the lower estimate underlines the seriousness of the problem governments have pledged to address.”
According to McGuire, an estimated $80 billion to $200 billion is laundered each year via digital payment systems such as PayPal and cryptocurrency trading platform BTC-e.
Another sneakier way to do it is through gaming platforms. McGuire found that games such as Minecraft, FIFA, World of Warcraft, Final Fantasy, Star Wars Online and GTA 5 are “among the most popular options because they allow covert interactions with other players that allow trade of currency and goods.”
“Understanding revenue generation and how it flows can help the tech community develop new options to disrupt cybercrime and can help law enforcement fight the problem,” McGuire wrote. “But another key takeaway is that there needs to be greater collaboration to address this issue. To effectively combat cybercrime, we need a holistic approach. Focusing on specific types of cybercrime and the way they are committed is only effective to a point. Without a holistic overview, one that considers the dynamic and interconnected nature of the cybercrime economy, we will never have a full and accurate understanding of the problem.”
This is where the tech companies have stepped in.
“The devastating attacks from the past year demonstrate that cybersecurity is not just about what any single company can do but also about what we can all do together,” Microsoft President Brad Smith said in a statement.
With a collective mindset, 34 international technology and security companies on April 17 mounted a united defense against the incessant global cyberattacks by signing a “Cybersecurity Tech Accord.”
Smith said, “This tech sector accord will help us take a principled path towards more effective steps to work together and defend customers around the world.”
The 520-word pact secured the 34 companies’ commitment to essentially protecting users and customers everywhere in the world via shared efforts, tools and partnerships.
One interesting aspect of the accord is the separation of business and state with no geopolitical alignment. The line in the pact reads: “We will not help governments launch cyberattacks against innocent citizens and enterprises from anywhere.”
In March, the Trump administration cast blame on Russia for engineering cyberattacks on U.S. and European nuclear power plants as well as electric and water utilities that could have potentially shut down their operations. The accusation was backed up by an alert from the U.S. Department of Homeland Security reporting Russian government cyber activity targeting “U.S. government entities as well as organizations in the energy, nuclear, commercial facilities, water, aviation and critical manufacturing sectors.”
In August 2013, an international-based cyberattack came to Westchester County when an Iranian hacker gained acces to the controls of the Bowman Avenue dam in Rye Brook. Hamid Firoozi was indicted in March 2016 by the U.S. Attorney’s Office in the cyberattack. Six other Iranians were also indicted for conducting a coordinated campaign of cyberattacks against the U.S. financial sector on behalf of the Islamic Revolutionary Guard Corps.
Last year, Gov. Andrew Cuomo announced the first-in-the-nation cybersecurity regulation to protect the state’s financial services industry and consumers from cyberattacks. The regulation, which was phased in over a 180-day period, requires banks, insurance companies and other financial services institutions regulated by the Department of Financial Services to establish and maintain a cybersecurity program. By September of this year, all of the financial institutions need to be in compliance.
In addition to Microsoft, the companies that signed the accord are ABB, Bitdefender, Cisco, Arm, BT, Cloudflare, Avast!, CA Technologies, DataStax, Dell, HPE, SAP, DocuSign, Intuit, Stripe, Facebook, Juniper Networks, Symantec, Fastly, LinkedIn, Telefonica, FireEye, Tenable, F-Secure, Nielsen, Trend Micro, GitHub, Nokia, VMware, Guardtime, Oracle, HP Inc. and RSA.
“The Tech Accord will help to protect the integrity of the 1 trillion connected devices we expect to see deployed within the next 20 years,” said Carolyn Herzog, general counsel of U.K.-based technology company Arm. “It aligns the resources, expertise and thinking of some of the world’s most important technology companies to help to build a trusted foundation for technology users who will benefit immensely from a more security connected world.”
Gregory Webb, CEO of Bromium, said his company sponsored McGuire’s study to “instigate a meaningful conversation about how to disrupt the economic systems and poor security practices that enable cybercrime around the world; frankly because it’s far too easy for them.”
“Law enforcement, the cybersecurity industry and both the public and private sectors need to be vigilant about disrupting cybercrime. Protecting applications that access sensitive data is an absolute requirement. We need a whole new approach to cybersecurity or these figures will continue to increase over time.”