Cybercrime: The Flipside of Technology's Beauty

While technological advancements have undoubtedly contributed to global economic wellbeing and, in many ways, a collectively improved quality of life for global citizens, they have also been accompanied by a curse and scourge of their own.

Cybercrime, simply put, is any form of criminal activity that is constructively accomplished by the use or abuse of technology. Common examples of cybercrime include the unleashing of malware onto networks to cripple them and their constituent nodes, just as an act of sheer malice, hacking into networks and individual computers to steal or alter data, breaking security codes and illegally accessing networks to encrypt data and then demanding a ransom to guarantee the release of the data so captured. Global businesses$/$es and governments need to firmly inculcate into their collective psyche that cybercrime is no longer what tech criminals and miscreants do just for fun. It has evolved into a global industry; for those involved, it is business. In $2011,$ the FBI conducted a survey across $24$ countries and the survey concluded that the cyber underworld as a collective economy in those $24$ countries alone was worth $$388$ Billion. The same year, Russia, which boasts a thriving cyber underworld, had a cybercrime economy of $$1\mathrm{.}9$ billion. These figures are underestimated since most victims of cybercrime do not report incidents of hits for various reasons ranging from avoiding reputational damage to fear of triggering a general lack of confidence in customers, which can damage their bottom line.

Business organisations which experience cybercrime are, therefore, generally left in a decision quandary as to whether to report the incidents, thereby giving stakeholders the impression that their Information Security Protocols are lax or find an internal solution and move on with business and life. Most countries, including South Africa, have tried to craft legislation to help combat and minimise cybercrime. The biggest problem each country has faced in common sense is that technology has razed down physical borders and the significance of territories as legal jurisdictions. Cybercriminals do not only target victims who are in the same territory as them. The ubiquity and power of technology enable them to target anyone anywhere as long as the reward for their effort is appealing enough. This problem almost immediately invalidates the application of legal frameworks across jurisdictions, as there is always a lack of unity in how the law and its nuances are interpreted across different territories and jurisdictions.

Further to this, even if there is a semblance of willingness between parties to carry out a collaborative investigation, the time it takes to put together all the required legal formalities

and logistics across many territories to initiate an inquiry is quite long, which allows criminals time enough to erase any trace of their footprints along the path$/$s or loci of the crime$/$s committed. Time lag issues are not only a characteristic of inter$-$territorial investigations. Even if it is established that the address of the machine which initiated a cybercriminal act is a territorially local one, it still takes long to pool together resources to carry out an investigation, long enough for the criminal$/$s to temper with the "crime scene successfully". For this reason, business organisations employ their own Information Security and cybercrime investigating teams as a self$-$defence mechanism. This may be part of the wider reason why most cybercrime incidents go unreported, as organisations seek a quick resolution to the problem in a way that enables them to rather quickly go back to business than endure the frustration resulting from the red tape associated with official reporting cybercrime incidents.

The ubiquity of technology, compounded by the fact that technology itself has matured fully to the extent that people need little to no training to harness it in crime, means, therefore, that the threshold related to the cost of perpetrating an act of cybercrime is relatively low. The low price is excellent encouragement for criminals, especially cyber$-$extortionists whose initial outlay is negligibly low compared to the possibility of "scoring" a few hundred thousand dollars after locking a company's access to its data before demanding a ransom for its release, for example. Innovation, unfortunately, inadvertently creates a catch$-22$ situation when viewed from the perspective of combating cybercrime. As technology advances, especially with Artificial Intelligence being a significant enabler, the cybercrime industry also harnesses these uber$-$technologies to achieve their nefarious ends. Stealth technologies that can enter networks without detection are on the rise, and even if they are detected, they have built$-$in mechanisms that enable them to mutate and metalorphose to throw off

$-$networ