{"id":37337,"date":"2018-02-16T06:00:11","date_gmt":"2018-02-15T19:00:11","guid":{"rendered":"https:\/\/www.aspistrategist.ru\/?p=37337"},"modified":"2018-02-15T12:54:05","modified_gmt":"2018-02-15T01:54:05","slug":"time-admit-failing-cybercrime","status":"publish","type":"post","link":"https:\/\/www.aspistrategist.ru\/time-admit-failing-cybercrime\/","title":{"rendered":"Time to admit we\u2019re failing on cybercrime"},"content":{"rendered":"<figure><img loading=\"lazy\" decoding=\"async\" width=\"640\" height=\"480\" class=\"alignnone size-full wp-image-37340 aligncenter\" src=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2018\/02\/monument-valley-618363_640.jpg\" srcset=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2018\/02\/monument-valley-618363_640.jpg 640w, https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2018\/02\/monument-valley-618363_640-205x154.jpg 205w\" sizes=\"(max-width: 640px) 100vw, 640px\" \/><\/figure>\n<p>The first step in solving a problem is recognising that there is one. When it comes to tackling cybercrime, it\u2019s time to admit our approach isn\u2019t working.<\/p>\n<p>Our failure is staring us in the face. In his address to the National Press Club last year, then-Cybersecurity Minister Dan Tehan said that in the past year the Australian Cyber Security Centre had \u2018identified 47,000 cyber incidents, a 15% increase on last year. Over half of these incidents were online scams or fraud, which saw an increase of over 22%.\u2019 That\u2019s five incidents every hour in Australia. As the minister put it, \u2018business for cybercriminals is booming\u2019.<\/p>\n<p>With this volume of crime, you might think plenty of people are being arrested. In fact, no. Asked by Nick Evans of the <em>West Australian<\/em> how many prosecutions there\u2019d been, the minister said, \u2018Prosecutions are incredibly difficult because a lot of what is occurring is occurring offshore \u2026 So it\u2019s not one where I can stand here and readily say to you that we\u2019ve had success in targeting this organisation or that organisation and we\u2019ve put them behind bars.\u2019<\/p>\n<p>There are multiple ways Australians are being fleeced through cybercrime. In one example reported by government, a cybercriminal stole money by posing as two senior executives at one company. First, the criminal, pretending to be the CEO, sent an email requesting a large payment from the financial controller. In a second email, the criminal, this time pretending to be the chief operating officer, authorised the \u2018CEO\u2019s\u2019 request. Believing that these fraudulent requests were genuine, the business made payments worth $500,000 to the criminal\u2019s offshore bank accounts. It\u2019s a scam repeated across the country, with estimates that compromised business email cost Australian companies $20 million last year, a 130% increase from the previous year.<\/p>\n<p>This isn\u2019t to single out Australia. The problem is universal. The UK Office for National Statistics released a national crime survey in 2017 that \u2018estimated that there were 3.3 million incidents of fraud in the survey year ending June 2017, with over half of these (57%; 1.9 million incidents) being cyber-related\u2019. In the United States, the director of the National Security Agency, Admiral Mike Rogers, has likened the cyber domain to the \u2018Wild West\u2018. Statistics from the US Internet Crime Complaint Center show that the financial loss from cybercrime in the US exceeded US$1.3 billion in 2016, a rise of 24%. Because this was only based on reported cases, it\u2019s likely a large underestimate.<\/p>\n<p>As the Wild West moniker suggests, there\u2019s very little risk of being caught if you\u2019re a cybercriminal. There are several reasons for this. As the statistics suggest, the volume of crime is so high that it has overwhelmed our capacity to respond. Traditional crime fighters are also unequipped to deal with this crime type. If you have $20,000 worth of valuables stolen from your home, your local police station will likely be on the case immediately. If you have $20,000 stolen in an online scam, going to your local police station will produce a very different experience. Online crime is likely to be both transnational and veiled in anonymity. Law enforcement activity is likely to require significant technical expertise and cooperation from foreign counterparts, both of which make successful attribution and enforcement difficult.<\/p>\n<p>These factors make cybercrime highly attractive. And if this wasn\u2019t bad enough, we\u2019ve more recently witnessed the rise of crime-as-a-service, allowing non-experts to essentially buy and apply ready-to-use kit. This opens cybercrime to even more actors.<\/p>\n<p>While the challenge is formidable, part of the problem has been our approach. We essentially have three responses to cybercrime.<\/p>\n<p>First, and most important, is improving our cybersecurity. This is so critical that there\u2019s now a Minister for Cybersecurity. Hardening defences against attackers makes eminent sense. The problem is that it\u2019s not enough. Even as Australia and other Western states have been hardening our cyber defences, the volume of reported cyber incidents has increased.<\/p>\n<p>Second, we can use our offensive cyber capabilities to make life harder for cybercriminals. On 30 June 2017, Australia made the rare, candid admission that its cyber offensive capabilities would be directed at \u2018organised offshore cybercriminals\u2019. While this increases the cost of carrying out cybercrime, it isn\u2019t a complete solution. This high-end capability can\u2019t deal with the overwhelming volume of cybercrime, and its effects are often not enduring\u2014it can\u2019t put cybercriminals behind bars, and even if their equipment is destroyed, the criminals can easily buy more.<\/p>\n<p>Finally, we can use law enforcement to deter cybercriminals. But with the current score card essentially 47,000 to 0, we can anticipate the average cybercriminal today doesn\u2019t feel much heat.<\/p>\n<p>What this all boils down to is the reality that national level efforts aren\u2019t enough. And for as long as we continue to fail, the attractiveness of cybercrime will increase owing to its low risk and high rewards, drawing in and supporting more and more nefarious actors, including organised crime groups and terrorist organisations.<\/p>\n<p>To address this problem, the cost of engaging in cybercrime has to increase, as does the risk of being caught. Ongoing improvements in cybersecurity and the limited use of offensive cyber capability are part of the solution, but we need to reconsider our law enforcement response.<\/p>\n<p>Acting alone, we\u2019re unlikely to succeed. One thousand new AFP officers won\u2019t stop cybercrime. But a broader approach, working in concert with other states, might bear fruit. The world is still too divided on this topic for a large multilateral forum like the UN to be able to move the needle on this issue. But a more narrowly focused \u2018coalition of the willing\u2019 or mini-lateral response has potential.<\/p>\n<p>There\u2019s a dawning realisation in like-minded countries that national-level efforts are failing to address the challenge of cybercrime, opening the door to more cooperative approaches. Australia should consider leading efforts to string together a small coalition of states with the interest and will to stump up the resources needed to shift the cost\/risk profile of cybercrime. There\u2019s no single right answer on what needs to be done, but the basic parameters are clear.<\/p>\n<p>The group should agree on a narrow set of coordinated actions they\u2019ll take to increase the cost and risk of cybercrime, as well as how these efforts will be coordinated at an international level. This would likely involve an initial focus on non-state actors that can be targeted by law enforcement (as opposed to criminal states involved in cybercrime such as North Korea). It might involve throwing considerably more resources into tracking where stolen funds end up, working together to bring law enforcement and diplomatic pressure to bear on destination states, and providing everyday citizens with a feedback loop so they know that when they report cybercrime, something will be done about it.<\/p>\n<p>The current situation is unsustainable. It\u2019s time concerned states revisit their approach.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The first step in solving a problem is recognising that there is one. When it comes to tackling cybercrime, it\u2019s time to admit our approach isn\u2019t working. Our failure is staring us in the face. &#8230;<\/p>\n","protected":false},"author":685,"featured_media":37340,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"footnotes":""},"categories":[1],"tags":[95,1801],"class_list":["post-37337","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-cyber-security","tag-cybercrime"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v19.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Time to admit we\u2019re failing on cybercrime | The Strategist<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.aspistrategist.ru\/time-admit-failing-cybercrime\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Time to admit we\u2019re failing on cybercrime | The Strategist\" \/>\n<meta property=\"og:description\" content=\"The first step in solving a problem is recognising that there is one. When it comes to tackling cybercrime, it\u2019s time to admit our approach isn\u2019t working. Our failure is staring us in the face. ...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.aspistrategist.ru\/time-admit-failing-cybercrime\/\" \/>\n<meta property=\"og:site_name\" content=\"The Strategist\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ASPI.org\" \/>\n<meta property=\"article:published_time\" content=\"2018-02-15T19:00:11+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2018-02-15T01:54:05+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2018\/02\/monument-valley-618363_640.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"640\" \/>\n\t<meta property=\"og:image:height\" content=\"480\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Fergus Hanson\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:site\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Fergus Hanson\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\",\"url\":\"https:\/\/www.aspistrategist.ru\/\",\"name\":\"The Strategist\",\"description\":\"ASPI&#039;s analysis and commentary site\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.aspistrategist.ru\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-AU\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/time-admit-failing-cybercrime\/#primaryimage\",\"url\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2018\/02\/monument-valley-618363_640.jpg\",\"contentUrl\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2018\/02\/monument-valley-618363_640.jpg\",\"width\":640,\"height\":480},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.aspistrategist.ru\/time-admit-failing-cybercrime\/\",\"url\":\"https:\/\/www.aspistrategist.ru\/time-admit-failing-cybercrime\/\",\"name\":\"Time to admit we\u2019re failing on cybercrime | The Strategist\",\"isPartOf\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/time-admit-failing-cybercrime\/#primaryimage\"},\"datePublished\":\"2018-02-15T19:00:11+00:00\",\"dateModified\":\"2018-02-15T01:54:05+00:00\",\"author\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/7eb1098c6aa7cd08e874d9b8dc1d376f\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/time-admit-failing-cybercrime\/#breadcrumb\"},\"inLanguage\":\"en-AU\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.aspistrategist.ru\/time-admit-failing-cybercrime\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.aspistrategist.ru\/time-admit-failing-cybercrime\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.aspistrategist.ru\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Time to admit we\u2019re failing on cybercrime\"}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/7eb1098c6aa7cd08e874d9b8dc1d376f\",\"name\":\"Fergus Hanson\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/fbd719c7258d6f0affed7dd4223f32eb?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/fbd719c7258d6f0affed7dd4223f32eb?s=96&d=mm&r=g\",\"caption\":\"Fergus Hanson\"},\"url\":\"https:\/\/www.aspistrategist.ru\/author\/fergus-hanson\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Time to admit we\u2019re failing on cybercrime | The Strategist","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.aspistrategist.ru\/time-admit-failing-cybercrime\/","og_locale":"en_US","og_type":"article","og_title":"Time to admit we\u2019re failing on cybercrime | The Strategist","og_description":"The first step in solving a problem is recognising that there is one. When it comes to tackling cybercrime, it\u2019s time to admit our approach isn\u2019t working. Our failure is staring us in the face. ...","og_url":"https:\/\/www.aspistrategist.ru\/time-admit-failing-cybercrime\/","og_site_name":"The Strategist","article_publisher":"https:\/\/www.facebook.com\/ASPI.org","article_published_time":"2018-02-15T19:00:11+00:00","article_modified_time":"2018-02-15T01:54:05+00:00","og_image":[{"width":640,"height":480,"url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2018\/02\/monument-valley-618363_640.jpg","type":"image\/jpeg"}],"author":"Fergus Hanson","twitter_card":"summary_large_image","twitter_creator":"@ASPI_org","twitter_site":"@ASPI_org","twitter_misc":{"Written by":"Fergus Hanson","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebSite","@id":"https:\/\/www.aspistrategist.ru\/#website","url":"https:\/\/www.aspistrategist.ru\/","name":"The Strategist","description":"ASPI&#039;s analysis and commentary site","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.aspistrategist.ru\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-AU"},{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/time-admit-failing-cybercrime\/#primaryimage","url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2018\/02\/monument-valley-618363_640.jpg","contentUrl":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2018\/02\/monument-valley-618363_640.jpg","width":640,"height":480},{"@type":"WebPage","@id":"https:\/\/www.aspistrategist.ru\/time-admit-failing-cybercrime\/","url":"https:\/\/www.aspistrategist.ru\/time-admit-failing-cybercrime\/","name":"Time to admit we\u2019re failing on cybercrime | The Strategist","isPartOf":{"@id":"https:\/\/www.aspistrategist.ru\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.aspistrategist.ru\/time-admit-failing-cybercrime\/#primaryimage"},"datePublished":"2018-02-15T19:00:11+00:00","dateModified":"2018-02-15T01:54:05+00:00","author":{"@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/7eb1098c6aa7cd08e874d9b8dc1d376f"},"breadcrumb":{"@id":"https:\/\/www.aspistrategist.ru\/time-admit-failing-cybercrime\/#breadcrumb"},"inLanguage":"en-AU","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.aspistrategist.ru\/time-admit-failing-cybercrime\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.aspistrategist.ru\/time-admit-failing-cybercrime\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.aspistrategist.ru\/"},{"@type":"ListItem","position":2,"name":"Time to admit we\u2019re failing on cybercrime"}]},{"@type":"Person","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/7eb1098c6aa7cd08e874d9b8dc1d376f","name":"Fergus Hanson","image":{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/fbd719c7258d6f0affed7dd4223f32eb?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/fbd719c7258d6f0affed7dd4223f32eb?s=96&d=mm&r=g","caption":"Fergus Hanson"},"url":"https:\/\/www.aspistrategist.ru\/author\/fergus-hanson\/"}]}},"_links":{"self":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/37337"}],"collection":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/users\/685"}],"replies":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/comments?post=37337"}],"version-history":[{"count":4,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/37337\/revisions"}],"predecessor-version":[{"id":37344,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/37337\/revisions\/37344"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media\/37340"}],"wp:attachment":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media?parent=37337"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/categories?post=37337"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/tags?post=37337"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}