Preventing Cybercrime: Not Worth the Effort?

New study says focus should be on locking up cyber criminals, not protecting against cybercrime

3 min read
Preventing Cybercrime: Not Worth the Effort?

“The cost of protecting ourselves against cybercrime can far exceed the cost of the threat itself … [therefore] we should spend less in anticipation of cybercrime and more on catching the perpetrators.” 

That is the controversial conclusion of a new University of Cambridge IT security research study called “Measuring the Cost of Cybercrime” (pdf) being released today. The study, conducted at the request of the UK Ministry of Defense which was concerned that cybercrime was being over-hyped, is claimed in a press release to be “the first systematic estimate of the direct costs, indirect costs and defence costs of different types of cybercrime for the UK and the world.”

Of course, in studies like this, it is important to look at what the study authors defined as being a “true cybercrime” which is one “unique to electronic networks, e.g., attacks against information systems, denial of service and hacking.” As noted in the paper,  

“We distinguish carefully between traditional crimes that are now ‘cyber’ because they are conducted online (such as tax and welfare fraud); transitional crimes whose modus operandi has changed substantially as a result of the move online (such as credit card fraud); new crimes that owe their existence to the Internet; and what we might call platform crimes such as the provision of botnets which facilitate other crimes rather than being used to extract money from victims directly.”

“As far as direct costs are concerned, we find that traditional offences such as tax and welfare fraud cost the typical citizen in the low hundreds of pounds/Euros/dollars a year; transitional frauds cost a few pounds/Euros/dollars; while the new computer crimes cost [only] in the tens of pence/cents.”

However, the societal costs for protecting against new computer crimes are far out of proportion with what the new crimes net, the researchers argue, whereas the cost of protecting  against more traditional crimes is more in line with their direct costs imposed upon society. For example, the UK is said to be spending some $1 billion on efforts to protect against or clean-up after a threat, including $170 million on antivirus measures, but only $15 million is being spent on law enforcement to pursue cyber criminals. A better approach is to “perhaps spend less in anticipation of computer crime (on antivirus, firewalls etc.) but we should certainly spend an awful lot more on catching and punishing the perpetrators.”

The argument seems premised on the assumption that a small number of cybercriminals are responsible for the vast majority of the cybercrimes  and that business will make the requisite investment to keep their IT systems secure.

The researchers don’t give much in the way of advice on how much less we should spend on anti-virus software (or how individuals should decide to forego it), or how much more funding should be spent on law enforcement. Would quadrupling to $60 million the amount of money spent on UK cybercrime law enforcement make a serious dent on UK cybercrime, for instance? Would that amount allow UK citizens to pitch their anti-virus software? Or would that increase in spending be a wasted effort unless similar increases in law enforcement spending happened around the world as well?

The Cambridge University study, which is to be presented to next week at the Workshop on the Economics of Information Security in Berlin, Germany is just another that adds to the confusion about the significance of the threat cybercrime poses and what to do about it, as I noted  last month. In fact, contrast the Cambridge study with an editorial in the New York Times about two weeks ago written by, Preet Bharara, the United States attorney for the Southern District of New York where he wrote that:

"The alarm bells sound regularly: cybergeddon; the next Pearl Harbor; one of the greatest existential threats facing the United States. With increasing frequency, these are the grave terms officials invoke about the menace of cybercrime — and they’re not understating the threat."

So is the cybercrime threat exaggerated or not?

At least for myself, I plan to keep my IT security guard up for a little while longer, especially given the two stories, one by Reuters and the other in the New York Times that discuss the increasing cyber threat to business (and personal) bank accounts.  And even if an IT security all-clear is given, I don't think I will be an early adopter of dropping my anti-virus software.

Photo: iStockphoto

The Conversation (0)

Metamaterials Could Solve One of 6G’s Big Problems

There’s plenty of bandwidth available if we use reconfigurable intelligent surfaces

12 min read
An illustration depicting cellphone users at street level in a city, with wireless signals reaching them via reflecting surfaces.

Ground level in a typical urban canyon, shielded by tall buildings, will be inaccessible to some 6G frequencies. Deft placement of reconfigurable intelligent surfaces [yellow] will enable the signals to pervade these areas.

Chris Philpot

For all the tumultuous revolution in wireless technology over the past several decades, there have been a couple of constants. One is the overcrowding of radio bands, and the other is the move to escape that congestion by exploiting higher and higher frequencies. And today, as engineers roll out 5G and plan for 6G wireless, they find themselves at a crossroads: After years of designing superefficient transmitters and receivers, and of compensating for the signal losses at the end points of a radio channel, they’re beginning to realize that they are approaching the practical limits of transmitter and receiver efficiency. From now on, to get high performance as we go to higher frequencies, we will need to engineer the wireless channel itself. But how can we possibly engineer and control a wireless environment, which is determined by a host of factors, many of them random and therefore unpredictable?

Perhaps the most promising solution, right now, is to use reconfigurable intelligent surfaces. These are planar structures typically ranging in size from about 100 square centimeters to about 5 square meters or more, depending on the frequency and other factors. These surfaces use advanced substances called metamaterials to reflect and refract electromagnetic waves. Thin two-dimensional metamaterials, known as metasurfaces, can be designed to sense the local electromagnetic environment and tune the wave’s key properties, such as its amplitude, phase, and polarization, as the wave is reflected or refracted by the surface. So as the waves fall on such a surface, it can alter the incident waves’ direction so as to strengthen the channel. In fact, these metasurfaces can be programmed to make these changes dynamically, reconfiguring the signal in real time in response to changes in the wireless channel. Think of reconfigurable intelligent surfaces as the next evolution of the repeater concept.

Keep Reading ↓Show less