Collaborating against e-crime

Share this article:
Michael Barrett
Michael Barrett
One of the lasting contributions of the internet has been the establishment of e-commerce. Due to its convenience, limitless choice, ability to comparison shop and 24/7 availability, e-commerce is one of the fastest growing business segments ever.

Yet, e-commerce isn't only attracting online consumers. It's increasingly attracting cybercriminals who are constantly deploying new, creative methods to attack and steal money from internet users. Today, e-crime is becoming such a widespread occurrence that it won't be stopped without decisive, global action.

I've seen first-hand how security technology failures go through a predictable sequence: initial discovery by security professionals, followed by wide scale abuse by teenage vandals and, finally, appropriation by criminal enterprises. Now that the teenage vandals have largely dropped away, we are left with professionally executed attacks motivated solely by money. This evolution has only been a feature of the information security landscape since perhaps 2004 – in less than five years, e-crime has changed from an anomaly into an industry.

If e-crime continues its rise, consumer confidence will be eroded, possibly leading to popular abandonment of the internet and e-commerce. The problem we still face, though, is that governments, industry and law enforcement are divided and too often uncoordinated, which is a stark contrast to the criminal gangs who are extremely well-connected and coordinated.

Given this lack of coordination, the question remains: “Who's responsible for making the internet safe?” I'd argue that there should be a shared responsibility among government, private industry and consumers.

A good starting point would be developing a globally harmonized framework of legislation against e-crime.

Governments need to agree on the definitions of e-crime so that attackers can be aggressively pursued in the criminal justice system. In order to achieve this, it's quite possible that a new global governance organization is needed, as opposed to fractured regional ones.

Secondly, governments need to substantially increase their investment in e-crime law enforcement. The internet is a global entity. Either we need to find a way to enable global law enforcement teams to cooperate effectively, or we should give up on attempting to police the internet locally, and establish the “InterNetPol.”

Action is needed and we must act soon. If we collectively take no action, then we have perhaps five to ten years before criminal greed takes the internet away from us.



Financial fraud rises
The average annual loss reported by respondents doubled to $350,424 from $168,000 from the year before – with financial fraud causing the greatest damage, according to a 2007 survey from Computer Security Institute.

Gone phishing
A recent report from Gartner suggested that the international “take” from just one form of e-crime, phishing, was $3.2 billion in 2007 (and this number may be an underestimate, according to the report).

Look ahead
Companies need to invest substantially in the security of their applications and infrastructure, says PayPal CISO Michael Barrett. State of the art fraud management systems are essential today, he says.

Use the law
PayPal works with law enforcement to catch, prosecute and convict criminals. If others adopt the same strategies, Barrett is confident that phishing will become substantially more difficult and less financially rewarding.


Share this article:
You must be a registered member of SC Magazine to post a comment.
close

Next Article in Opinions

Sign up to our newsletters

TOP COMMENTS

More in Opinions

Heartbleed, Shellshock and POODLE: The sky is not falling

Heartbleed, Shellshock and POODLE: The sky is not ...

While it may seem like 2014 is the year of the vulnerability, in reality, this year has not been much different than years past.

Technology alone isn't going to secure IoT connected devices

Technology alone isn't going to secure IoT connected ...

It's clear that vulnerabilities continue to exist, despite our best efforts to combat them. In fact, we have addressed many of the same problems before.

DDoS is the new spam...and it's everyone's problem now

DDoS is the new spam...and it's everyone's problem ...

As new solutions emerge, it's critical for organizations to protect themselves by being informed, aware, and acting whenever possible. Those that don't take action are playing a very dangerous game.