Fighting cybercrime: FBI says over $4.2 billion lost in 2020

The intention of this article is not just to put scary numbers out there. We have enough FUD (fear, uncertainty, and doubt) in the industry. But some alarming numbers are worth sharing.

 

cybercrime hits home

The FBI’s Internet Crime Complaint Center (IC3) has published its annual report (PDF) for 2020, and it revealed that cybercrime victims in the US reported a total loss of $4.2 billion for the year. That’s $700 million more than the reported losses for 2019. As you’d expect by the increase in losses, there was also an uptick in the number of complaints the IC3 received.

 

To provide some sense of scale to that very large number, in 2020, the organization fielded 791,790 complaints — mostly of the phishing, vishing (video phishing), smishing (text phishing) and pharming varieties —a 69% increase compared to 2019, the largest number since the center was founded 20 years ago.

 

According to the report, the IC3 received 28,500 complaints related to COVID-19 last year. Bad actors attacked a number of hospitals and medical facilities, and they also targeted unemployment insurance and other avenues revolving around CARES Act stimulus funds. One of the most common schemes criminals used to dupe people was pretending to be government officials and reaching out to victims via emails, phone calls and social media to gather personal information about them or to ask them for money.

 

 There was also a rise in Business Email Compromise scams, wherein criminals hack or spoof the emails of company executives and then request for wire payments to be sent to fraudulent locations. BEC victims reported losses of over $2.1 billion, which is a huge chunk of the $4.2 billion total.

 

it’s on the rise and it’s expensive

Let’s shift the way we look at this by creating a fictional country named “Scamlandia.” If the entire worldwide cybercrime income was attributed to Scamlandia, only the United States, China, and the aggregated European Union’s GDP would be larger. To expand on this idea, if cybercrime were a tax, it would result in a 4.2% levy on the world’s GDP ($6 trillion to cybercrime / $142 trillion world GDP).

 

Cybersecurity Ventures notes that this sum represents the greatest transfer of economic wealth in history, creates risks of incentives for innovation and investment, and will be more profitable than the global trade of all major illegal drugs combined. This presents a very large problem. The money is not just evaporating; it’s being used to fund activities of which no law-abiding citizen would ever approve if anybody bothered to ask.

 

The efforts of drug cartels to buy and intimidate government officials exemplifies how an illegal business will attempt to decrease losses to create a more efficient operation. By extension, the negative and far-reaching effects of cybercrime should be expected to get much worse if it is allowed to continue. Imagine cybercrime cartels buying elections, manipulating markets and even conducting propaganda campaigns openly to persuade the public of their good intentions, just as the drug cartels once did.

 

While there is no definitive answer to all of these problems, there are ways to frame a solution.

 

FOR THE BOARDROOM

Cybersecurity begins at the top.

 

Every company should have a CISO or cybersecurity expert advising them — because cybercrime is the greatest risk to business continuity that every company faces. The idea is to have someone who will wave the red flag and get everyone else paying attention to the severity of the risk. The value of a business depends largely on how well it guards its data, the strength of its cybersecurity, and its level of cyber resilience.

 

If there’s one takeaway from this report, then let it be this: Don’t let your boardroom be the weakest cybersecurity link.