Download - Strategic Management of Cybercrime Making Crime Pay A/Prof Paul A. Watters Research Director ICSL
![Page 1: Strategic Management of Cybercrime Making Crime Pay A/Prof Paul A. Watters Research Director ICSL](https://reader036.vdocuments.us/reader036/viewer/2022062321/56649eb15503460f94bb7065/html5/thumbnails/1.jpg)
Strategic Management of Cybercrime Making Crime Pay
A/Prof Paul A. WattersResearch Director ICSL
![Page 2: Strategic Management of Cybercrime Making Crime Pay A/Prof Paul A. Watters Research Director ICSL](https://reader036.vdocuments.us/reader036/viewer/2022062321/56649eb15503460f94bb7065/html5/thumbnails/2.jpg)
Overview
Use business planning activities to interpret current cybercrime tactics within a strategic context
Understand the key drivers for management in cybercrime organisations
Predict how new threats to cybercrime might change or curtail future organisational planning
![Page 3: Strategic Management of Cybercrime Making Crime Pay A/Prof Paul A. Watters Research Director ICSL](https://reader036.vdocuments.us/reader036/viewer/2022062321/56649eb15503460f94bb7065/html5/thumbnails/3.jpg)
Business Planning
Cybercrime organisations are like any other business What cash return is sought by their
investors? ROI
What are the (non-cash) critical success factors?
Risk management – threat of arrest, seizure of capital
![Page 4: Strategic Management of Cybercrime Making Crime Pay A/Prof Paul A. Watters Research Director ICSL](https://reader036.vdocuments.us/reader036/viewer/2022062321/56649eb15503460f94bb7065/html5/thumbnails/4.jpg)
Business Planning
How do we know they operate like a business?
![Page 5: Strategic Management of Cybercrime Making Crime Pay A/Prof Paul A. Watters Research Director ICSL](https://reader036.vdocuments.us/reader036/viewer/2022062321/56649eb15503460f94bb7065/html5/thumbnails/5.jpg)
Business Analysis Steps
1. What do we do?2. To whom do we do it?3. How do we do it?4. How can we beat or avoid
competition?
![Page 6: Strategic Management of Cybercrime Making Crime Pay A/Prof Paul A. Watters Research Director ICSL](https://reader036.vdocuments.us/reader036/viewer/2022062321/56649eb15503460f94bb7065/html5/thumbnails/6.jpg)
What do we do?
Goal is to maximise revenue through fraud Identify most vulnerable targets
The unemployed or desperate Identity schemes which maximise return but
minimise risk Low or nil cost to operate, minimal risk of
detection or arrest Scheme proceeds laundered through
legitimate businesses Cheque cashing fraud, mules
![Page 7: Strategic Management of Cybercrime Making Crime Pay A/Prof Paul A. Watters Research Director ICSL](https://reader036.vdocuments.us/reader036/viewer/2022062321/56649eb15503460f94bb7065/html5/thumbnails/7.jpg)
To whom do we do it?
Identify asset-rich countries with sophisticated banking systems Must have easy means to “cash out” Attack launched from countries with no
extradition treaty with target Local “protection” from government,
police, legitimate business as cover etc Individual loss < minimum thresholds
for investigation (no loss aggregation)
![Page 8: Strategic Management of Cybercrime Making Crime Pay A/Prof Paul A. Watters Research Director ICSL](https://reader036.vdocuments.us/reader036/viewer/2022062321/56649eb15503460f94bb7065/html5/thumbnails/8.jpg)
How do we do it?
Example: Implied Obligation?
![Page 9: Strategic Management of Cybercrime Making Crime Pay A/Prof Paul A. Watters Research Director ICSL](https://reader036.vdocuments.us/reader036/viewer/2022062321/56649eb15503460f94bb7065/html5/thumbnails/9.jpg)
How do we do it?
![Page 10: Strategic Management of Cybercrime Making Crime Pay A/Prof Paul A. Watters Research Director ICSL](https://reader036.vdocuments.us/reader036/viewer/2022062321/56649eb15503460f94bb7065/html5/thumbnails/10.jpg)
How can we beat or avoid competition?
Principle of specialisation Writing kits or running attacks? Diversified industrial – very 1970’s
Strategic HR Hiring the best talent
Partnerships Strategic outsourcing where it makes sense
Trade organisations Sharing knowledge, intelligence and expertise
freely
![Page 11: Strategic Management of Cybercrime Making Crime Pay A/Prof Paul A. Watters Research Director ICSL](https://reader036.vdocuments.us/reader036/viewer/2022062321/56649eb15503460f94bb7065/html5/thumbnails/11.jpg)
Strategy from tactical data?
Key challenge to measure the threat landscape Mapping of campaigns to identifiable
groups Estimate of potential impact
Quantitative – dollars lost Qualitative – harm to reputation,
confidence in banking
![Page 12: Strategic Management of Cybercrime Making Crime Pay A/Prof Paul A. Watters Research Director ICSL](https://reader036.vdocuments.us/reader036/viewer/2022062321/56649eb15503460f94bb7065/html5/thumbnails/12.jpg)
Phishing Campaigns Australian Data
Volume
![Page 13: Strategic Management of Cybercrime Making Crime Pay A/Prof Paul A. Watters Research Director ICSL](https://reader036.vdocuments.us/reader036/viewer/2022062321/56649eb15503460f94bb7065/html5/thumbnails/13.jpg)
Optimised threat management
Can we use data mining to optimise response to threats? Best allocation of resources to different
types of threat Existing kits = takedowns, resource
management New kits = forensic investigation, focused
intelligence discovery/updates
![Page 14: Strategic Management of Cybercrime Making Crime Pay A/Prof Paul A. Watters Research Director ICSL](https://reader036.vdocuments.us/reader036/viewer/2022062321/56649eb15503460f94bb7065/html5/thumbnails/14.jpg)
An Example: New Threats
Frequency
S
FTW
TM
S
01020304050607080
1 2 3 4 5 6 7
Frequency
![Page 15: Strategic Management of Cybercrime Making Crime Pay A/Prof Paul A. Watters Research Director ICSL](https://reader036.vdocuments.us/reader036/viewer/2022062321/56649eb15503460f94bb7065/html5/thumbnails/15.jpg)
An Example: New Threats
Exp smoothing a=0.2
0
5
10
15
20
25
30
0 20 40 60 80 100 120 140 160 180
Exp smoothing a=0.2
Time
Volu
me o
f new
att
ack
s
![Page 16: Strategic Management of Cybercrime Making Crime Pay A/Prof Paul A. Watters Research Director ICSL](https://reader036.vdocuments.us/reader036/viewer/2022062321/56649eb15503460f94bb7065/html5/thumbnails/16.jpg)
No Simple AnswersOnly 5% of variation in new case volume over time accounted for by linear model!
![Page 17: Strategic Management of Cybercrime Making Crime Pay A/Prof Paul A. Watters Research Director ICSL](https://reader036.vdocuments.us/reader036/viewer/2022062321/56649eb15503460f94bb7065/html5/thumbnails/17.jpg)
Profiling – Know Your Enemy
![Page 18: Strategic Management of Cybercrime Making Crime Pay A/Prof Paul A. Watters Research Director ICSL](https://reader036.vdocuments.us/reader036/viewer/2022062321/56649eb15503460f94bb7065/html5/thumbnails/18.jpg)
Summary
Cybercriminals operate as businesses Analysing cybercrime data helps us
interpret the threat landscape Understanding of current activity levels Prediction of future types of activity Reveals the drivers and business planning
choices undertaken by criminal groups Simple techniques only achieve so much
More sophisticated algorithms needed to improve predictability