Cybercrime more profitable than drugs
The profits of cybercrime are huge, but what is it that IT security can do to stem the new wave of cybercriminals – exacerbated by the state of the economy.
The fruits of cybercrime have been calculated as $1 trillion annually, surpassing the levels of cash generated by drug crime, according to experts.
Latest research from security vendor Finjan claims this statement is backed up by testimony from AT&T's chief security officer (CSO) Edward Amoroso, who spoke last week at a US Senate committee hearing on improving cyber security.
Yuval Ben Itzhak, Chief technology officer, for Finjan,said that while the recession reduced the income of drug traffickers, cyber criminals were becoming better at extracting money from businesses and individuals.
"We revealed that one single rogueware network are raking in $10,8000 a day, or $39.42 million a year," he said in a statement.
"If you extrapolate those figures across the many thousands of cybercrime operations that exist on the internet at any given time, the results could easily reach a trillion dollars."
Itzhak said there was a trend of unemployed IT personnel making criminal income by purchasing and using crime toolkits or malware as a service.
He said that he believed that this was just the beginning of a wide trend that would continue in 2009 and 2010.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
"Having the large number of layoffs of IT professionals all around the world, we expect a rising number of people willing to give it a try' and to get stolen credit card numbers, online banking accounts and corporate data they can use to generate income," Itzhal said.
Paul Dorey, director of CSO Confidential, said that individually, CSOs had a difficult time in assessing the threat of a new wave of cyber criminals.
While he felt the $1 trillion figure and research proved useful, individual CSOs had to wait until the businesses they worked for underwent real loss themselves before management invested more in security.
"The single incidents or low levels of detection they may be seeing, or not even aware of yet, could be the start of a serious trend that could impact their business badly," he said.
"Lets hope that those losses will be small and quick fixes will be possible. Better still, let us all get in opposition where we are anticipating threats and keep our controls in-step."