Comment: Cybercrime - Still a growth industry?

Over the last 15 years, the internet has revolutionised our lives and our businesses. It has provided a doorway to even the most obscure information, free and secure worldwide person-to-person communication and access to almost any product or service with just a click. Yet, its mass appeal, combined with the anonymity it allows, means it is still open to abuse by those committing cybercrime.

Who hasn’t received a confusing email message from unknown people purporting to be their bank? Cybercrime means an explosion in identity theft and loss of online banking credibility. The costs are in the billions of pounds and almost every industry is affected.

Periods of falling employment and increased personal financial pressure inevitably result in a commensurate upward swing in criminal activity. As individuals’ finances are squeezed, they will revert to the lowest cost purchasing route available – the internet. The explosion of price comparison and review sites on the internet over the last decade may have led to consumer empowerment, but the net may also prove to be their undoing with web surfers on a reduced budget tempted by 'bargains' that turn out to be illicit or grey market items.

Global e-retailing body, IMRG and US technology consultants Capgemini have estimated that around £320 million was spent online in a single day last December and they estimate that UK shoppers spent £13.16 billion online in the final quarter of 2008.

Given these consumer trends and the lower transaction costs of online trading, big business – and financial and retail businesses in particular – are doing all they can to drive more business away from the traditional branch based activity and towards this high tech, low cost route.

An ideal vehicle for cybercrime

So, the internet is an ideal vehicle for fraudulent activity; anonymity, low barriers to entry and the difficulty of law enforcement across multiple jurisdictions all combine to create an environment ideally suited to cybercrime. But, the chances of getting caught are very small. In Britain today, individuals are asked to report phish-based financial crime to their bank, not to the authorities, such is the acceptance that the chances of conviction for individual crimes are so minimal.

And cybercrime keeps getting more sophisticated. What began as simple cybersquatting 10 years ago has evolved into brand dilution from malicious sites, diversion of consumer traffic to competitors, abuse of trademarks and brands, sale of counterfeit goods and services and even identity theft by online criminals using the credibility of well known brands or trademarks to confuse and defraud customers. Although companies are spending more each year to fight these problems, the true cost of lost revenues associated with online brand abuse are only beginning to be understood.

Who is affected?

According to the International Anti-Counterfeiting Coalition, counterfeiting is now a £300bn a year problem compared with just £2.5bn in the early 80s. This increase corresponds not just to the internet explosion but also to the widespread outsourcing of manufacturing to developing countries, where intellectual property law is almost non-existent.

Here are a few stats that should make many brand owners’ eyes water:

  • In the global market for high-tech IT products, KPMG estimates sales of grey market and counterfeit goods at £70bn, 10% of which occurs online.
  • A Columbia University study showed that just 11% of online pharmacies were selling legitimate products, and worldwide losses due to counterfeit drug sales are worth £16bn and growing.
  • Automotive industry groups cite that 10% of parts are counterfeit, costing the industry £6bn per year, with 10% accrued to online sales.
  • It is estimated by that over 95% of Tiffany jewellery sold via online auctions is fake, a stat not uncommon for high-value branded items like jewellery, watches and handbags.
  • 41% of all phishing attacks are targeted at financial institutions, according to the MarkMonitor Brandjacking Index. As a result, the growth of online banking halted and has been in decline for the last three years, forcing financial institutions to revert to expensive bricks-and-mortar branches to service customers. The decline in profits attributed to this behavioural shift is estimated at £4.2bn annually.

Responding to the challenge

Given the difficulty in identifying cybercriminals and the virtual impossibility of bringing judicial action against the perpetrator of a crime that was committed in cyberspace, there is slim hope of any government body taking action to reduce the impact of cybercrime. The onus is therefore on the brand owners to protect their own names, reputations and profits. But how?

Create accountability – realise that the problem is large and multi-disciplinary; addressing it successfully requires a co-ordinated response from professionals in many departments including legal, IT, security, brand and product management, or online commerce business units. Make sure your company is clear about who needs to be involved and who will lead the effort.

Put the problem into perspective – think clearly through the costs associated with online brand abuse for your company – they’re probably bigger than you think. Aside from direct losses, consider damage to brand equity and business reputation.

Use the latest tools to fight the problem – some companies offer technologies and services to help corporations fight and overcome these issues. Waiting for your customers to inform your company about specific abuses or searching your brand names is not enough.

Be relentless – companies that actively police online brand abuse and respond to it make themselves unattractive to online criminals. Banks that actively monitor and respond to phishing attacks often experience a dramatic decrease in ongoing attacks as the criminals seek out easier targets.

Whilst everyone knows that the business impact of the internet is growing, comparatively few recognise that the opportunities for cybercrime are also growing, and exponentially.

Brand owners have a clear economic incentive to take action, with their heavily invested reputations under attack from a sophisticated and well organised set of cybercriminals intent on profiting from their good name at every turn.

What’s hot on Infosecurity Magazine?