Cyber Security: What to Know and What to Do

We communicate online. We shop online. We manage our bank accounts online. The introduction of smart phones and tablets have only made it easier to do these things, but this also makes it easier for criminals.

So what do you need to know about cybercrime? Find out below, and be sure to share this with anyone you feel could benefit.

What is cybercrime?

Cybercrime is crime committed via digital means.  That may sound simple, but it can be difficult to establish a clear definition.  If somebody physically robs a bank, for instance, that’s a crime.  If they instead digitally transfer funds out of the bank into their own accounts, that’s a cybercrime.  Clear enough.  However, if the physical robbery happened because the thief obtained security information by hacking into the bank’s database, it can be unclear whether a traditional crime or a cybercrime was committed.

On the whole, when we talk about cybercrime we mean a crime that happened entirely, or in large part, online. These crimes become more common as electronics become more versatile, more convenient, and less expensive.  The level of knowledge and experience required to use these devices has lowered and, as a result, the number of people abusing them for personal gain has grown.

Types of cybercrime

What kinds of crimes do people commit online?  A comprehensive list is impossible to create, as cybercriminals are constantly finding new angles of attack, but this article provides a great overview of some of the most common. The most common type is identity theft, which is when somebody assumes the identity of another and gains access to sensitive data.  This crime can be committed in many ways, from hacking websites to simply guessing passwords.

Attackers can also trick victims into turning sensitive information over through phishing.  Phishing attacks use clever methods of fooling victims into believing they’re dealing with a legitimate organization.  For instance, they may create a website using stolen logos from an actual bank, and send an email warning of an overdraft.  Logging-in hands your username and password over to the criminals.

Another common cybercrime is the DDoS attack.  DDoS stands for “distributed denial of service,” and it essentially overloads certain websites to prevent them from functioning as intended.  These can happen for many reasons, from terrorist attacks against government websites to personal vendettas.

Cybercrime statistics

How common is cybercrime?  CBS reports an average of 1.5 million cyber attacks annually. That means that there are “over 4,000 cyber attacks every day, 170 attacks every hour, or nearly three attacks every minute.”

That’s significant, and drilling down doesn’t make the numbers any less frightening.  IBM estimates an average of 16,856 attacks on businesses every year. That’s 46 attacks every day, or about one attack every half hour.  By no means are all of those attacks successful, but it makes the need for vigilance clear. The report also explains that 47% of American adults had their personal information stolen by hackers in 2014, and there was an increase in identities stolen of 594% between 2012 and 2013.

Further reading and more statistics are available from U.S. News & World Report, including the fact that the U.S. Director of National Intelligence ranked cybercrime as the highest threat to national security.  “Higher than that of terrorism, espionage, and weapons of mass destruction.”

How difficult is it to enforce cybercrime law?

There are a few reasons cybercrime is trickier to enforce than traditional criminal activity.

Firstly, cybercrime doesn’t obey clear legal boundaries.  The global nature of the internet means that a crime can be committed in one country by somebody in another part of the world.  The issue is further complicated when information is routed through a third region.  (Or fourth.  Or fifth…) This makes it difficult to determine whose jurisdiction the crime falls into, and whose responsibility – and right – it is to investigate.  Even when nations cooperate to bring criminals to justice, the problem of who has ultimate authority over the methods used, the rights granted to the criminals and victims, and the severity of the punishments need to be agreed upon by all parties. This complicates enforcement.

Additionally, cybercriminals may have thought of a crime before the law did. That may sound silly, but if somebody commits a heinous act online, it can be difficult to prosecute them if there’s not an actual law on the books prohibiting it.  Add to this the fact that evidence of a digital crime can potentially be deleted or overwritten, and you’ll see that stopping cybercrime is more complicated than it seems.

Staying smart about cyber security

Even if you’re not interested in pursuing a career in the field, staying knowledgeable about cyber security is a good idea.  The less prepared you are, the more easily you can fall victim to attacks. The Department of Homeland Security has put together this list of general tips.  They may seem obvious, but cybercriminals use a wealth of methods, and general tips can keep you safer than you realize.

For instance, not sharing your password seems like easy advice to follow, but if you share with a cybercriminal the name of your first pet, where you grew up, or anything else that seems innocuous, you may well give them the ability to guess or change your password.

The best cyber security strategy is one that involves skepticism of any questions you receive about your finances, your job, or even yourself.  If you get an email or a text message from your bank about a problem, call the bank directly at a number you already know.  If you receive a phone call from somebody claiming to represent a company or institution, hang up and call that company or institution directly.

The savvier the general public is about cybercrimes, the harder it will be for criminals to get what they want.  Stay smart, centered, and in control of the conversation.  Don’t click links in emails, don’t reply to mysterious texts, and don’t be afraid to hang up if anything seems “off” about a phone conversation.

If you’re interested in entering the field of cyber security or a related subject (including information technology and computer programming) don’t hesitate to get in touch.