Cybercrime is Underestimated and Under Reported.

Posted by Geraldine Hunt on Tue, Mar 20th, 2012

For a cyber crime to count as a statistic, the crime has to be reported. Has your company  ever been the target of a phishing attack and not reported it? Because cybercriminals can launch coordinated attacks from all over the world catching them becomes more difficult as cyber crime continues to grow. Does a company have a legal obligation to come forward about cybercrime? Some consider that companies have ethical, civic and legal obligations to report cyber threats to authorities.

Many cyber attacks go unreported

In 2010, there were over 303,000 complaints filed with the Internet Crime Complaint Center (IC3), a partnership between the FBI and the National White Collar Crime Center (NW3C). Its purpose is to receive Internet related criminal complaints and to further research, develop, and refer the criminal complaints to federal, international law enforcement or regulatory agencies for appropriate investigation . Since its inception, the IC3 has received complaints in relation to a variety of threat and cybercrimes including online fraud , hacking, Online Extortion, Identity Theft and every other internet crime imaginable.

Many police departments are now training computer crime units where people can contact for information and assistance. These units come under the umbrella of law enforcement and the main role is investigative in tracking down cyber criminals.

Punishment for cyber crime is growing in severity

Different countries have different laws that cover cyber crimes and as the level of cyber crime increased the punishments dished out are growing in severity. Here are some examples of the punishments handing down in the U.S (from Carnegie Cyber Academy) :

• Hacking - Hacking is covered under a Federal law. Punishments range from paying a large fine to going to jail for up to 20 years, depending on the seriousness of the crime and how much damage the hacker has done.

• Spamming - Spamming is covered under the CAN-SPAM Act and the minimum punishment is a fine of up to $11,000. Additional fines are added if the spammer violated policies or used automated bots to collect email addresses. Spammers can be sent to jail if they used false information or a computer they weren't allowed to use.

• Identity Theft - The laws covering identity theft were enhanced in 2004, requiring tougher punishments to match the seriousness of the crime. Identity thieves can go to jail for up to five years. There are also increased punishments for identity theft used to commit terrorist acts and for people who abuse their position for identity theft.

Many high profile companies have suffered serious data breaches; possibly the biggest data breach in US history was the Epsilon attack last year. Epsilon a global provider of marketing services had their IT system hacked and the criminals gained access to the names and email addresses on their customer database which included some of the worlds largest companies across a variety of sectors. This successful attack gave criminals access to large amounts of information about individuals in these companies, details which will allow them to more effectively target each company more specifically. For a company this can have far reaching and costly consequences.

According to the FBI, worldwide cybercriminals earn over $100 billion per year through their increasingly sophisticated cyber attacks. SMBs are frequently more exposed to risk from cybercriminals than larger companies.

Security Challenges SMBs face :

• Inadequate security awareness among employee
• No Dedicated IT security professional
• Limited IT security budget
• Lack of IT security policies

Big company thinking is often about maximising the IT security budget, whereas SMEs are much more frugal and need to think about the customer. SMEs require fast, cost-effective and easy to manage solutions. Small businesses are faced with many of the same risks as larger firms but without the same level of resources. In this senario planning for security is an imperative.