Growth of 'cybercrime-as-a-service' is a real threat. Some markets are offering a range of tools and services such as exploit kits, custom malware and botnet rentals to cyber criminals.
Cybersecurity is a truly democratic issue. Every stakeholder in cyberspace is fraught with risks. 2017 witnessed multiple large-scale cyber attacks that wiped out billions of dollars in business for large corporations.
A joint study by cybersecurity software giant McAfee and the Center for Strategic and International Studies (CSIS) reveals that cybercrime takes a $600 billion toll on the global economy. The report titled 'Economic Impact of Cybercrime – No Slowing Down' states cyber attacks cost 0.8 percent of the global GDP.
Back in 2014, the cost of global cybercrime was estimated to be $445 billion. This sharp rise has been attributed to the quick adoption of new technologies by cybercriminals. Not only are there more cybercrime centres world over, but technology has made conducting a cyber attack smoother and easier.
It will only get worse with the growth of the “cybercrime-as-a-service” economy. Cybercrime-as-a-service has become more sophisticated, with flourishing markets offering a broad diversity of tools and services such as exploit kits, custom malware and botnet rentals to criminals, states the report. Steve Grobman, Chief Technology Officer for McAfee, says,
The digital world has transformed almost every aspect of our lives, including risk and crime, so that crime is more efficient, less risky, more profitable and has never been easier to execute.
“The $600 billion cybercrime figure reflects the extent to which our technological accomplishments have transformed the criminal economy as dramatically as they have every other portion of our economy,” he adds.
The report points that global banks and financial institutions are the prime targets of cyber criminals. Countries such as North Korea, Russia, and Iran are the most active in hacking, while China leads cyber espionage.
The richer economies incurred higher losses. However, countries with the greatest losses (as a percentage of national income) were mid-tier nations that are digitised but not yet fully equipped in cybersecurity. James Lewis, Senior Vice President at CSIS, says,
Our research bore out the fact that Russia is the leader in cybercrime, reflecting the skill of its hacker community and its disdain for western law enforcement.
“North Korea is second in line, as the nation uses cryptocurrency theft to help fund its regime, and we’re now seeing an expanding number of cybercrime centres, including not only North Korea but also Brazil, India and Vietnam,” he adds.
Theft of intellectual property accounts for one-fourth of the cost of cybercrime. It also poses a threat to national security when it involves military technology.
Meanwhile, ransomware is the fastest-growing cyber crime tool, with more than 6,000 online criminal marketplaces and ransomware-as-a-service gaining in popularity. Steve observes,
Consider the use of ransomware, where criminals can outsource much of their work to skilled contractors. Ransomware-as-a-service cloud providers efficiently scale attacks to target millions of systems, and attacks are automated to require minimal human involvement.
Cryptocurrencies too are a major risk factor. Their anonymity protects criminals from easy identification. In some markets like India, cryptocurrencies have been deemed illegal by the government.
India ranks 23rd out of 165 nations in the United Nation’s Global Cybersecurity Index in terms of its commitment to cybersecurity.
The UN classified India under the “maturing” category implying the country is in the process of developing a complex cyber security programme.
In 2017, the Ministry of Electronics and Information Technology (MeITY) mandated all other ministries to earmark 10 percent of their IT budgets for security spending.
MeITY also plans to set up ten more Standardisation Testing and Quality Certification (STQC) labs that provide quality assurance services in IT and electronics. At present, there are 15 such labs across India.
Gartner estimates IT security spending in India will grow 12 percent to $1.7 billion in 2018. Many Indian enterprises are in their first or second iteration of creating and maturing their security programme.
“Rising awareness amongst CEOs and boards of directors about the business impact of security incidents, and an evolving regulatory landscape, have led to continued end user spending for security products and services,” states Gartner.