Strategic management of cybercrime making crime pay
This presentation is the property of its rightful owner.
Sponsored Links
1 / 18

Strategic Management of Cybercrime Making Crime Pay PowerPoint PPT Presentation


  • 99 Views
  • Uploaded on
  • Presentation posted in: General

Strategic Management of Cybercrime Making Crime Pay. A/Prof Paul A. Watters Research Director ICSL. Overview. Use business planning activities to interpret current cybercrime tactics within a strategic context Understand the key drivers for management in cybercrime organisations

Download Presentation

Strategic Management of Cybercrime Making Crime Pay

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Strategic management of cybercrime making crime pay

Strategic Management of Cybercrime Making Crime Pay

A/Prof Paul A. Watters

Research Director ICSL


Overview

Overview

  • Use business planning activities to interpret current cybercrime tactics within a strategic context

  • Understand the key drivers for management in cybercrime organisations

  • Predict how new threats to cybercrime might change or curtail future organisational planning


Business planning

Business Planning

  • Cybercrime organisations are like any other business

    • What cash return is sought by their investors?

      • ROI

    • What are the (non-cash) critical success factors?

      • Risk management – threat of arrest, seizure of capital


Business planning1

Business Planning

  • How do we know they operate like a business?


Business analysis steps

Business Analysis Steps

  • What do we do?

  • To whom do we do it?

  • How do we do it?

  • How can we beat or avoid competition?


What do we do

What do we do?

  • Goal is to maximise revenue through fraud

    • Identify most vulnerable targets

      • The unemployed or desperate

    • Identity schemes which maximise return but minimise risk

      • Low or nil cost to operate, minimal risk of detection or arrest

    • Scheme proceeds laundered through legitimate businesses

      • Cheque cashing fraud, mules


To whom do we do it

To whom do we do it?

  • Identify asset-rich countries with sophisticated banking systems

    • Must have easy means to “cash out”

    • Attack launched from countries with no extradition treaty with target

    • Local “protection” from government, police, legitimate business as cover etc

    • Individual loss < minimum thresholds for investigation (no loss aggregation)


How do we do it

How do we do it?

Example: Implied Obligation?


How do we do it1

How do we do it?


How can we beat or avoid competition

How can we beat or avoid competition?

  • Principle of specialisation

    • Writing kits or running attacks?

    • Diversified industrial – very 1970’s

  • Strategic HR

    • Hiring the best talent

  • Partnerships

    • Strategic outsourcing where it makes sense

  • Trade organisations

    • Sharing knowledge, intelligence and expertise freely


Strategy from tactical data

Strategy from tactical data?

  • Key challenge to measure the threat landscape

    • Mapping of campaigns to identifiable groups

    • Estimate of potential impact

      • Quantitative – dollars lost

      • Qualitative – harm to reputation, confidence in banking


Phishing campaigns australian data

Phishing Campaigns Australian Data

Volume


Optimised threat management

Optimised threat management

  • Can we use data mining to optimise response to threats?

    • Best allocation of resources to different types of threat

      • Existing kits = takedowns, resource management

      • New kits = forensic investigation, focused intelligence discovery/updates


An example new threats

An Example: New Threats


An example new threats1

An Example: New Threats

Volume of new attacks

Time


No simple answers

No Simple Answers

Only 5% of variation in new case volume over time accounted for by linear model!


Profiling know your enemy

Profiling – Know Your Enemy


Summary

Summary

  • Cybercriminals operate as businesses

  • Analysing cybercrime data helps us interpret the threat landscape

    • Understanding of current activity levels

    • Prediction of future types of activity

    • Reveals the drivers and business planning choices undertaken by criminal groups

  • Simple techniques only achieve so much

    • More sophisticated algorithms needed to improve predictability


  • Login