What Causes Cybercrime?

In the physical world, we have what is known as crime and entire authority systems built around resolving this obvious issue. These systems and teams of people are in place to control and mitigate crime such as the police and other security/protection standards. The same sort of structure applies to digital crime e.g illicit, illegal and unauthorized criminal acts conducted by malicious actors that exist in cyberspace (on the internet and relating to any connected device). Several forms of cybercrime are perpetrated by varying types of threat actors (cybercriminals). A cybercrime event is called a cyber-attack. These threat actors (hackers) then can launch varying types of cybercrimes via a vulnerable attack surface point, utilizing several attack vectors and techniques to finish the job. An attack surface and attack vector can be defined as; the possible intrusion points and attack techniques a cybercriminal strategy includes for cybercrime to be facilitated. Phishing and ransomware, to be specific, are two forms of cybercrime that cybercriminals use that consist of malware and social engineering tactics for the end goal of collecting data, disrupting it, or ultimately making profit gains. Cybercrime comes in many shapes, sizes, and colors, one of which is identity theft. Specifically, identity theft is one form of cybercrime among dozens of other types of cybercrimes that plague the internet and our connected systems today. For cybercriminals, time is money, so the strategy is always to use the least amount of effort for the biggest possible gain. For this reason, social engineering scams like phishing and ransomware takeovers are the most popular types of cybercrimes today.

What Does Cybercrime Refer To?

The extremely rapid pace of technological growth, constant developments in the IT industry, and emerging technologies of this decade have opened up the floodgates for an apocalyptic battalion of greedy and merciless cybercriminals. The advancement and growth of the internet facilitate new areas, attack surfaces, and vectors for cybercriminals to exploit. Cybercrime refers to the presence of digital crime, although not always exclusively digital because of the fact that crime conducted digitally nowadays has the ability to transfer to real-world damage (cyber-physical). Essentially, cybercrime refers to all illegal and malicious activity that targets individuals, organizations, and governments. Most people have heard of viruses and worms, which are only a small staple in the cybercriminal’s arsenal of tools. Cyber attack techniques fall under terms such as; DDoS attacks, ransomware, viruses, worms, RATs, SQL injection, and several others.

What Causes Cybercrime and How Can it be Mitigated?

Mitigating cybercrime, which means creating solutions for and if possible resolving it completely, is a very difficult task. In fact, that would be the equivalent of somehow stopping real-world crime, only in the digital sense. The internet today is a global asset that brings everyone closer together and facilitates business activity like no other tool on Earth. It is in the last two decades alone that the internet has become a fundamental part of life, with even nations’ national security depending on it. As with any power, there comes responsibility and so with this incredible tool that has brought so much evolution and power to our society, there is a considerable dark side that creates difficulties every passing minute. Cybercrime is extremely lucrative, and efficient, bringing trillions of dollars of return-on-investment for those that are part of it. It does not require the physical presence or effort that real-world crime requires, nor the same resources, while at the same time can be equally as (or more) destructive and will only get worse if we are not prepared. Cybercriminal activity, therefore, can be placed into the following;

• The hacking and deployment of malware on user devices such as personal computers, smartphones, other smart devices like wearables for identity theft or extraction of user credentials/data
• The brute-force breaching and social engineering schemes on accounts that includes social media accounts, bank accounts, medical accounts, and more to disrupt or steal data
• The infiltration of organization’s servers, business systems and subsequent exfiltration of data, as well as general espionage, with the help of malicious insiders
• The hacking of government servers and cloud storage to extract sensitive confidential information commenced by politically motivated attacks between nations in the form of APTs or ransomware

Cybercrime can be initialized by one individual, or it can be caused by a group of one thousand hackers -at the end of the day, the result is almost always destructive for the target/victim where only the scale of the damage varies. This is happening to the extent that almost half of the world today has in some way been involved in a data breach (for example where user emails and other credentials are massively gathered and posted on the dark web for sale). Cybercrime is caused by;

• Easy to access systems without the proper safeguards and inscrutable cybersecurity (digital security) that is paramount in the 21st century
• The simple fact that storing stolen data takes up very little space and requires very little storage resources
• Cybercriminals take advantage of loops, holes, and misconfigurations in any system
• Negligence and malicious employees in an organization can bring an entire business to its knees as well as make it lose all of its brand reputations
• Evidence related to crimes can be easily destroyed and is mostly untraceable in the digital realm
• There are openly available resources for cybercriminals to use, which means that being an expert in cybercrime is not required at all
• The general lack of public awareness in cybersecurity is exploited by cybercriminals

Tackling cybercrime requires a global pushback against threat actors and nation-state hacking groups. This automatically means that nations, law enforcement, and cybersecurity specialists must collaborate to stop international cybercrime. Even though cybercrime is heavily romanticized in popular culture, the macabre reality of it is that everything from theft, fraud and even child exploitation is, unfortunately, a part of this which makes this topic transcend barriers and ultimately put it at the top of the list of international global threats. Mitigating cybercrime translates into;

• Advanced international criminal investigations that use the help of cybersecurity leaders in the field
• Prioritizing the training and recruitment of technical experts like network specialists
• Developing standardized methods and collaborations that are widely applied
• Working through developing regulations, bills, and cybersecurity frameworks
• Educating the general public about internet hygiene and best practices

At this stage, over half of the world’s population is online and the Internet is penetrating systems and servers all across the world at a rapid pace. It is a common misconception that hackers are out there to switch off power grids, disrupt traffic, or bring down entire nations (although there have been such cases such as gas pipeline interruptions and water treatment hacking). The main takeaway is that the majority of cybercrime is facilitated by simple human error, not insufficient defense walls. Fundamental cyberspace security hygiene like keeping to complex passwords, avoiding oversharing, and monitoring suspicious employees is a basic start to a good cybersecurity strategy for everyone. A positive takeaway is that a global threat like cybercrime should bring nations together to join forces in the fight against a very dangerous, often invisible enemy that acts extremely quickly with devastating force.