Talk:Cybercrime

From Blindside

Reasoning behind the impact assessment:

Impact 3: Cybercrime has documented cases of major financial loss. It also has significant influence on attitudes towards use of the internet.

Maturity 3: Techniques for Cybercrime are widely available and include both technolgy and social engineering.

(Tom Fuller writes) I disagree with the impact and maturity ratings. Cybercrime has a direct impact on information assurance, it is true, but as in the wider society, it is perceived to be more prevalent than it really is. In addition, a look at cybercrime shows the following:

1. Identity theft and fraud by private thieves for commercial exploitation is at least one order of magnitude less than similar crime outside of cyberspace, and chip and pin credit cards, evolving passwords and every-use verification is reducing it further. 2. Other crimes against persons (stalking, grooming, predatory behaviour towards minors) is actually easier to detect and trace in cyberspace than in the real world. 3. Crimes that exist because of cyberspace (dissemination of viruses and malware, illegally sent spam, hijacking of personal computers for unauthorised purposes) have few perpetrators, and criminal justice systems are learning how to deal with them.

I think the Impact Level is properly assessed at 1. I believe the Maturity level is also 1, as both criminal activity and detection methods are very primitive.

However, I believe that industrial espionage and assaults on government information systems will grow in both number and sophistication, and will need to be addressed separately, and I believe that both impact and maturity ratings will be different.