A cybercrime tsunami

What to do about a world-wide wave

Science and technology

Crime is down in advanced economies around the world—at least that is what some statistics suggest. While it is true that violent crime has dropped precipitously in the developed world over the past two decades, in fact, there is a tsunami of criminal activity on the horizon. It is in the form of cybercrime, and its impact on individual, corporate and national security will be profound in 2016.

Today’s transnational organised-crime groups are technologically sophisticated and their business plans have more in common with global technology companies than they do with the Tony Sopranos of yesteryear. Their illicit enterprises employ the latest business-management strategies well before they appear in the Harvard Business Review. Modern criminal startups are using gamification techniques, as well as offering incentives such as sports cars to hackers who invent the most profitable scams.

The future of cybercrime will be both automated and three-dimensional. Automated, because the majority of online scams are no longer perpetrated directly by humans but by crimeware—software specifically scripted to carry out crime. Cryptolocker, for example, automates extortion by encrypting infected hard drives and demanding ransoms in bitcoin for the safe return of a user’s data files. The widespread arrival of crimeware has also democratised the hacking process, opening computer crime to thieves with much lower levels of technological sophistication than previous generations of hackers.

As a result, cybercrime is growing extremely fast, and will do so throughout 2016. A 2015 report by Juniper, a research consultancy, estimated that it will cost businesses $2 trillion a year by 2019.

And cybercrime is about to enter the third dimension, leaping into the world that surrounds us. Physical objects, increasingly embedded with computer chips, are becoming hosts of information technology. Tele­visions, cars, refrigerators, smoke detectors and pacemakers now connect to the internet in a phenomenon known as the internet of things (IOT). Cisco, a technology company, predicts that 50 billion new devices will be connected to the internet by 2020, almost all of them insecurely. As the number of things that connect to the internet grows, so will the mass and scale of the attacks.

The internet of things that can be broken into

The McKinsey Global Institute predicts that by 2025 the IOT will generate up to $11 trillion in value to the global economy. Criminals are gearing up to take their piece of that pie. Doing so is simple. For example, a piece of malware known as Stagefright, discovered in 2015, exposed a billion Android mobile phones, allowing hackers to seize control over the devices merely by sending an infected text message.

The insecurity of the IOT is troubling, as all objects around us morph into computer code. Smart homes and smart grids sound like a great idea, until one realises that the computer code driving these is entirely hackable. What were once theoretical cyber-attacks are now becoming reality, as we saw with the July 2015 hacker takeover of a Jeep Cherokee as it motored down the highway in Saint Louis at 70mph (113kph). When cybercrime goes 3D, it’s not just bits and bytes that get manipulated, but atoms too, allowing malicious people to manipulate objects half a world away.

Historically, battling crime has been a government affair. Taxes are levied and police forces are raised to combat criminality. But law enforcement has proved itself incapable of making a dent on cybercrime. This is not entirely the police’s fault. A police officer in London cannot make an arrest in Moscow but transnational crime groups can hop from network to network and country to country with impunity.

Although governments have shown themselves to be highly effective in hacking each other, their ability to defend themselves and their citizenry is woefully inadequate. If governments cannot protect themselves from these types of attacks, they clearly cannot protect you, which is a pity, as it will lead businesses to invest nearly $100 billion on cyber-security measures by 2017, according to Gartner, another technology consultancy. That spending represents an indirect tax on businesses, which will find themselves forced to bolster their own security defences in the absence of any effective government response.

One area in which government could make a difference is as a convener and funder, drawing together the best and brightest from industry and academia to get at the root cause of the hacking epidemic: insecure computer code. But technological risk cannot be solved with technology alone. A strategic response that takes into account the role of people is required.

According to a study by IBM Security, 95% of all data-security breaches involve human error. Understanding that provides hope as we now know where to begin reducing these threats. Training and education, in classrooms and offices, are foundational elements of cyber-self-defence. And just as organised-crime groups have crowdsourced the commission of crime, so too must the good people of society begin to crowdsource their own security, working together to combat these threats in 2016 and beyond.

You are reading a small selection of content from The World in 2018.
To read all the articles in this year’s edition download The Economist app.
Download 'The World In 2018 iOS app'
Download 'The World In 2018 Android app'