180 likes | 354 Views
Strategic Management of Cybercrime Making Crime Pay. A/Prof Paul A. Watters Research Director ICSL. Overview. Use business planning activities to interpret current cybercrime tactics within a strategic context Understand the key drivers for management in cybercrime organisations
E N D
Strategic Management of Cybercrime Making Crime Pay A/Prof Paul A. Watters Research Director ICSL
Overview • Use business planning activities to interpret current cybercrime tactics within a strategic context • Understand the key drivers for management in cybercrime organisations • Predict how new threats to cybercrime might change or curtail future organisational planning
Business Planning • Cybercrime organisations are like any other business • What cash return is sought by their investors? • ROI • What are the (non-cash) critical success factors? • Risk management – threat of arrest, seizure of capital
Business Planning • How do we know they operate like a business?
Business Analysis Steps • What do we do? • To whom do we do it? • How do we do it? • How can we beat or avoid competition?
What do we do? • Goal is to maximise revenue through fraud • Identify most vulnerable targets • The unemployed or desperate • Identity schemes which maximise return but minimise risk • Low or nil cost to operate, minimal risk of detection or arrest • Scheme proceeds laundered through legitimate businesses • Cheque cashing fraud, mules
To whom do we do it? • Identify asset-rich countries with sophisticated banking systems • Must have easy means to “cash out” • Attack launched from countries with no extradition treaty with target • Local “protection” from government, police, legitimate business as cover etc • Individual loss < minimum thresholds for investigation (no loss aggregation)
How do we do it? Example: Implied Obligation?
How can we beat or avoid competition? • Principle of specialisation • Writing kits or running attacks? • Diversified industrial – very 1970’s • Strategic HR • Hiring the best talent • Partnerships • Strategic outsourcing where it makes sense • Trade organisations • Sharing knowledge, intelligence and expertise freely
Strategy from tactical data? • Key challenge to measure the threat landscape • Mapping of campaigns to identifiable groups • Estimate of potential impact • Quantitative – dollars lost • Qualitative – harm to reputation, confidence in banking
Optimised threat management • Can we use data mining to optimise response to threats? • Best allocation of resources to different types of threat • Existing kits = takedowns, resource management • New kits = forensic investigation, focused intelligence discovery/updates
An Example: New Threats Volume of new attacks Time
No Simple Answers Only 5% of variation in new case volume over time accounted for by linear model!
Summary • Cybercriminals operate as businesses • Analysing cybercrime data helps us interpret the threat landscape • Understanding of current activity levels • Prediction of future types of activity • Reveals the drivers and business planning choices undertaken by criminal groups • Simple techniques only achieve so much • More sophisticated algorithms needed to improve predictability