With this ever-increasing influx of online communication, shared data, regular use of social media, and an entire generation who cannot recall a time before the Internet, it is no wonder that information security breaches are consistently appearing in the headlines. However, what most people don’t realize is that these online crimes are not new – they are just evolving.
Approximately 4 billion people around the world have access to the Internet, compared to 3.2 billion in 2015, providing connectivity and communication to the majority of the globe’s population. The dramatic increase in internet access provides criminals with more to exploit – namely, a large pool of individuals and information, as well as the ability to target anyone around the world with an internet connection.
While software and online communication has created some new crimes, such as malware and ransomware, a significant number of ‘traditional’ physical crimes have adapted to the online sphere. Law enforcement agencies and policy have not adapted as quickly, leaving a noticeable gap and demand for security protection. As a result, private companies and individuals have emerged to find ways to detect security vulnerabilities and find solutions.
Prior to the Internet, there were a number of crimes that typically required physical interaction and used significant resources and time to accomplish. Now many of these can be done off the street and without physical contact. While today we hear of identity theft happening at a more frequent rate, it did not start with the birth of the Internet.
Previously, individuals would go through your trash – dumpster diving – or use scam phone calls to gather important pieces of biographical information from their victims. Now with the advent of online banking, retail, and social media, the amount of information available has not only vastly increased but also has become more readily accessible.
The deluge of information and ease of access provided in today’s society has provided criminals a lower barrier of entry into the online space to exploit. This isn’t to say all criminals are engaging in low-level operations – many are extremely sophisticated in their ability to exploit systems and individuals to gather information – but a lower barrier to entry has provided a spectrum from novice to expert for which individuals can work along regarding their skills, resources, access, and targets.
For example, criminal groups engaging in cyber espionage typically have resources and skills rivaling a nation-state and are much more inline with a criminal enterprise or organization. Meanwhile criminals have more opportunities to make money through blackmail since selling ‘valuable data’ obtained through simpler operations is no longer the only means of profit. This is exemplified through criminals’ deployment of ransomware, which coerces their victims to pay for their data without having to create an actual attack.
With the widespread use of social media and its accompanying features like location tracking, the information available online isn’t exclusively used to conduct cyber attacks. It also allows criminals access to a slew of information to orchestrate other crimes, such as a physical attack, kidnapping, or theft. Our vulnerability is perhaps most evident through our willingness to share our information on Facebook, which has an estimated 2.23 billion users. The recent breach that allowed attackers to take over user’s accounts and see all their information, including private messages, impacted over 50 million of Facebook’s users. It can be assumed that similar breaches will continue to happen, as we share information with a few large very centralized companies and locations.
As users and possible victims, we have to thoughtfully make decisions on what, where, and with whom we share information online. We should also operate with the understanding that someone at some point will likely have access to a piece of information that could be used against us. With this underlying assumption we are able to take steps to prevent unauthorized breaches, mitigate damage, and identify possible future physical and online threats.
Megan Penn
Security Research Consultant
M.A. Security Policy Studies