Cyber-Enabled Fraud: Impacts of Cybercrime in Our Digital World

We live in a highly dynamic and volatile era. In this unprecedented time for doing business, leaders must build a comprehensive awareness of the many factors involved in digital criminal activity, from supply chain and energy security to world economics, post-pandemic effects, and misinformation. Our global society is not only rapidly changing, it is digitally hyper-connected. Understanding the impact that US and world events present to businesses and organizations is critical to survive and thrive in this ever-changing climate.

In this evolving context, cybercriminals present an extremely complex problem, as they have broad motives, potentially including theft of trade secrets, intellectual property, or classified government information. They may attack from a vigilante perspective because a target supports a cause they don’t like. Or their motives may be financial. Cybercriminal behavior goes well beyond ransom to identity theft, Social Security theft, and fraudulent claims in health insurance, unemployment insurance, and government grants. Cybercriminals also instigate destructive attacks on infrastructure, such as water, electricity, and fuel.

These attacks are integrally related to the substantial benefits brought to us by recent technological advances. Our digitally rich environment now enables us to connect across the globe. We can reach corporate and government networks from anywhere in the world. And we can access and control unprecedented amounts of information—medical files, research, company products, acquisitions, federal and local agencies, technology, personnel, banking and finance, photos, social media, and more. Add to that the vast array of internet of things (IoT) technology, encompassing not only personal tools like Ring doorbells, alarm systems, smartphones, and cars, but also larger-scale things like power plants that control generation of electricity, water distribution systems that serve millions of people, traffic light control in major cities, and implanted medical technologies. These innovations can provide improved and more inclusive service, tremendous convenience, increased safety, and remote maintenance, among many other benefits.

This interconnection, however, also poses significant and continuously evolving challenges. Cyberattacks have emerged as a powerful mechanism that is used by all levels of bad actors, from nation-states—as we are seeing with Russia and Ukraine—and well-funded global criminal cartels, to low-level criminals using video games to launder microtransactions. Cyberattacks are used by hacktivists who want to get their message across—commandeering websites or even posing as both sides of a debate to create civil unrest. Terrorists launch cyberattacks to impact critical infrastructure. Criminals steal money and private information and engage in ransomware efforts. And nation-states initiate cyberattacks to access trade secrets and protected information, steal technology, challenge our democracy, or just cause chaos by disabling networks and technology systems. Thus, the life-changing innovations that connect us and improve our lives also make us exponentially more vulnerable, providing an expanded attack surface on which cybercriminals are prepared to act.

Cybercrime is big business. Its rapidly expanding scope was estimated at $8 trillion in 2023,¹ making it the world’s third-largest economy, behind the US and Russia. Today, you don’t just have to worry about one person accessing your information. You need to be concerned with what they are going to do with that data. For example, will they try to sell it and to whom? There are countless websites on the deep and dark webs that provide data and identities for a fee. Many of these organizations are funded by nation states to serve their interests, and yet are also allowed to work independently, without regulation or supervision. Many cybercrime companies have HR departments, and their employees get benefits and paid vacations.

Bottom line, cybercrime is a means to achieve a goal, such as financial gain, terrorism, or money laundering. And it’s a very inexpensive and effective way to do so. Therefore, to achieve its own goals, any successful business must implement and maintain a strong, agile cybersecurity program that incorporates governance, policy, strategy, risk management, and threat intelligence and addresses regulatory and contractual requirements.

Preventing and deterring fraud and cyberattacks requires a multi-pronged approach. A strong, secure identity access management program is the first step in any potent cybersecurity approach. Ensuring that your organization has implemented a multi-factor authentication process and restricted access to ensure only the appropriate individuals can obtain necessary information, and that you monitor to detect any anomalous behavior, will help to deter and prevent identity fraud.

Given that data is the most important asset of businesses today, data protection is the second critical way to guarantee your organization meets its business objectives and aligns with contractual and regulatory requirements. Securing access sets the foundation, but there are several other vital aspects of data protection. Are you monitoring your data to make sure only authorized people have access to it? Who are your third parties? What do you share with them? Do your contracts with third parties require them to protect the data as vigorously as you protect it? Effective data protection—both internally and for your third parties—goes a long way toward preventing fraud and digital crime.

Bad actors know cyberattacks can provide the deepest and cheapest access to your valuable information. So in today’s complex digital world, a holistic awareness of the cybercrime landscape is key. And every organization needs to deploy a robust business resilience program that incorporates cybersecurity governance, risk management, architecture, and compliance. Understanding the cyber risks to your environment and protecting your assets, data, and people are now simply the cost of doing business. Not only are regulatory bodies expecting this rigor, your organization’s continuity and success depend upon it.

^1. Morgan, Steve. 2022. “Cybercrime to Cost the World 8 Trillion Annually in 2023.” Cybercrime Magazine. October 13, 2022. https://cybersecurityventures.com/cybercrime-to-cost-the-world-8-trillion-annually-in-2023/.