Cybercrime : there are always new vulnerabilities, new criminal methods, new environments for offending and new victims.
The total cost of cybercrime to society is really significant. A recent report suggests that victims lose around €290 billion each year worldwide as a result of cybercrime, making it more profitable than the global trade in marijuana, cocaine and heroin combined.
The Internet is one of the fastest-growing areas of technical infrastructure development. Today, information and communication technologies (ICTs) are omnipresent and the trend towards digitization is growing. The demand for Internet and computer connectivity has led to the integration of computer technology into products that have usually functioned without it, such as cars and buildings. E-mails have displaced traditional letters, online web representation is nowadays more important for businesses than printed publicity materials and Internet-based communication and phone services are growing faster than landline communications.
The introduction of ICTs into many aspects of everyday life has led to the development of the modern concept of the information society and it offers on one side great opportunities, but however, on the other side it has created some new types of attacks, such as attacks against information infrastructure and Internet services .
Like traditional crime, cybercrime can take many shapes and can occur nearly anytime or anyplace. Criminals committing cybercrime use a number of methods, depending on their skill-set and their goal. This should not be surprising: cybercrime is, after all, simply ‘crime’ with some sort of ‘computer’ or ‘cyber’ aspect. Cybercrime can cover a very wide range of attacks, for example fraud, offenses ranging from criminal activity against data to content and copyright infringement ,unauthorized access , forgery, child pornography, cyberstalking and financial crimes.
There are several approaches to obtaining information, the most known are the access to a computer system or to data storage device to extract information and try to manipulate the user to make them disclose the information or access codes that enable offenders to access information (“phishing”). Recently, offenders have developed effective scams to obtain secret information (e.g. bank-account information and credit-card data) by manipulating users using social engineering techniques. Think about a normal client-agent of emails , or also upload data onto webservers or access web-based external storage media, or fixed lines or wireless, VoIP communications or chat: these actions can be simply intercepted by offenders if there are weak points in our system (for example, in case of a wireless area, hackers can use a radius to intercept the communication between the access point and your computer).
For what concerns the crimes, it has to be said that the financial world gets increasingly high-tech, and so protecting data has never been such important:innovations such as smartphones and cloud computing offer banks great opportunities for efficiency and customer engagement, but they also are targets for cybercriminals. Let’s just think about social networks , or web stored data connected with our phone full of our private data. Sometimes people make operations such as connect to a online-web banking while they are logged on a social network and so are identified with a particular account and cookie that save all the history of this user. These are just a few of the possible lacks of attention.
The financial damage in fact caused by cybercrime is reported to be enormous: in 2003 alone, malicious software caused damages of up to USD 17 billion.
The alarming fact is that the time that passes between the identification of the vulnerability and the reaction of the vicious codes is only of 6 days, and unlikely , the time that passes to recognize it and to create a patch to destroy it is of about 50 days: it means that for more than a month a system is unprotected and could receive more cyber-attacks.
After the long description of what is a cybercrime, how it moves and where, my question is: What should bank, financial society do to protect their data and so their customers’ money? How has to be the Information security software?
There are a lot of techniques that actually start with the design of the software itself, financial institutions must recognize that as you are designing the functionality, you also need to design in the security from the beginning. It really starts from the design phase of a piece of software; as it’s being built there should be a lot of testing about how to secure the app. The phase of testing is one of the most important and has to be done not only by who makes the code, but in particular by external tester who haven’t seen the program before.
It’s also very important to educate developers about how to build in security. In many cases, banks are relying on pieces of software they didn’t build.
There is a challenge in the fact that much software today is multilayered and relies on components in the mainframe world, the middleware world and the end-device world.
So it’s important to build in security from the beginning, and ongoing maintenance of the app is also important.