Technology & Innovation

Decoding the global economy of cybercrime

May 28, 2019


May 28, 2019

Ryan Kalember
Contributor, The Economist Intelligence Unit

With more than 15 years of experience in the information security industry, Mr Kalember currently leads cybersecurity strategy for Proofpoint and is a sought-out expert for leadership and commentary on breaches and best practices. His global team of security experts and marketers ensures that Proofpoint’s customers have consistent insight into today’s advanced attacks and how to protect their people, data, and brands.

Under Mr Kalember’s leadership, Proofpoint has established a comprehensive GTM strategy conveying Proofpoint’s uniqueness in the market, enabling customers worldwide to clearly understand how Proofpoint technology helps them stop sophisticated attacks, embrace new communication platforms, and disrupt information loss—all delivered from the cloud.

Mr Kalember joined Proofpoint from WatchDox where he served as both chief product officer and chief marketing officer and was responsible for successfully building and leading the product and marketing teams through the company’s acquisition by BlackBerry. Prior to WatchDox, he was instrumental in running solutions across Hewlett-Packard’s portfolio of security products. He has also held a variety of leadership positions at ArcSight and VeriSign, working as a security practitioner across the US, EMEA, and Latin America.

Mr. Kalember is a member of the National Cyber Security Alliance board and Cybersecurity Technical Advisory Board. He has provided cybersecurity counsel to the National Governors Association and global government delegations including Jordan, North Macedonia, Peru, and Spain, and his expertise has been featured on, Bloomberg, Bloomberg Radio, CNBC, Forbes, Fortune, NBC Nightly News, USA Today, and WIRED. He received his bachelor's degree from Stanford University, where he studied fault tolerance, cryptography, and authentication algorithms.

Conservative estimates show cyber-criminal revenue worldwide of at least US$1.5trn to date— equal to the entire GDP of Russia.

To put that into perspective, if cybercrime was a country, it would have the 13th highest GDP in the world.1

As the walls between the criminal and legitimate worlds are blurring, we are no longer simply dealing with “hackers in hoodies”. Today, cybercrime revenue often exceeds that of legitimate companies—especially at the small to medium-sized enterprise (SME) level. In fact, revenue generation in the cybercrime economy takes place at a variety of levels, from large “multinational” operations that can make profits of close to US$1bn to smaller “SME-style” operations where profits of US$30,000-US$50,000 are the norm.2

Tracing the root of cyber-criminal revenue

In reality, the scale and reach of this issue is an inevitability that has been developing ever since the conception of the internet. Of course, this is a classic case of criminals being criminals, but it has just as much to do with the techno-utopianism of the people who were involved with connecting every person and computer on the planet, and the unanticipated consequences of this. The internet itself was designed without the assumption that anything would be hostile on it. And with everything connected using the same networking protocol, every cyber-criminal on earth is now your neighbour in a way that they weren’t previously. It’s concerning to imagine a criminal physically close-by, but the reality is actually far graver. A business’s physical security is targeted relatively infrequently by criminals, and even then there are security guards or even police in place to defend against malicious outsiders. In the cyber world, your defences are subject to constant attacks, and the only human standing in the way is an ordinary employee.

Cyber-criminals: a new breed of entrepreneurs

The problem today is also that cyber-criminals are true businesspeople, and the majority of organisations don’t see the threat in this way. To be able to defend against these attacks we need to understand the scale of what we’re facing. Yes, the threat has been developing over many years, and it has been a long time coming. However, in recent years we have seen these cyber-criminal enterprises scale and globalise faster than any legitimate business could ever hope to, and it warrants a deep investigation.

Cyber-criminals follow the money, and in many ways, they have grown and scaled by adopting similar structures and following the same economic models as the legitimate business world. The criminal underworld has evolved towards all the hallmarks of a capitalist economy that Adam Smith would have identified 300 years ago. Cyber-criminals are keen to innovate their offering and move with the times, like any successful business. They can find their niche in the market, capitalise on trends, and spend time gaining a deep understanding of how a target business works in order to exploit weaknesses for financial gain.

Endeavour to create a niche

As for the structure of this economy, whether internally within an organisation or in relation to the wider market, it all comes down to specialisation. Within the wider market, just as we have seen a resurgence of boutique specialist retailers, service providers or technology companies, many cyber-criminal organisations tend to focus on doing one thing well, and creating an underground service market around that offering. It may be a Ukrainian gang that has become known for a particularly effective piece of malware, or providing a botnet for rent to the highest bidder, for example. The price of malware on the darknet markets has gone right down and almost become commoditised, so cyber-criminals need to find ways to differentiate to find continued success.

This brings us on to a slightly different but equally fascinating vertical structure within some of the largest and most successful cyber-criminal organisations. These more closely resemble the big multinationals of the legitimate business world, and will have a business-unit like structure with departments for everything from researching human targets on social media, crafting phishing emails, a social engineering call centre, graphic designers and an entire recruitment department. We’ve seen examples of these in Nigeria becoming staggeringly successful in infiltrating email accounts and making significant financial gains in social engineering-based wire transfer fraud, a far cry from the rudimentary Nigerian prince spam scams synonymous with the region. This is a classic example of the labour specialisation and the division of labour and capital that has allowed these organisations to grow. Combining this with the level of connectedness and democratised access to technology in today’s world, and it’s easy to see how cybercrime has developed so rapidly into its own global economy.

How does global cybercriminal economy function?

Cyber-criminals have taken a keen interest in the business processes of legitimate organisations to help their operations scale, but also to be able to find the core weakness to exploit.

Today’s most effective and damaging cyber threats are not the overly sophisticated so-called zero-day exploits cooked up by some beautiful mind in a bedroom somewhere—if that’s all you needed to take down a company or a country, we wouldn’t be where we are now. Even the least technologically advanced cyber-criminal organisations can be brutally effective at extorting money from big organisations with technical defences in place. Why? Because they know to target people, be it through social engineering or perfectly timed phishing emails, as it is the path of least resistance. The professionalisation and human focused-direction of cybercrime has resulted in a stark asymmetry between how attackers think about attacking, and how legitimate organisations think about defending themselves.

Cyber-security is still thought of as a technical discipline, with the focus being on protecting the outer perimeter of an organisation of the technology on the network within, rather than protecting the actual people who are being targeted and attacked by cyber-criminals. What is concerning is the extent to which legitimate organisations are on the back foot in this asymmetry of understanding—not to mention the shocking FBI figure that over US$12bn has been stolen by cyber-criminals through people-centric email compromise scams in 2018 alone.3

To defend against today’s threats, organisations need to have visibility and understanding into who within their business is being targeted, and how. Only then can the appropriate people-centric security measures be put in place to protect them and the business. By truly understanding the enemy and the threats, businesses that implement the right defences can not only protect their reputations, but play a crucial role in disrupting the global tide of criminality.


The views and opinions expressed in this article are those of the authors and do not necessarily reflect the views of The Economist Intelligence Unit Limited (EIU) or any other member of The Economist Group. The Economist Group (including the EIU) cannot accept any responsibility or liability for reliance by any person on this article or any of the information, opinions or conclusions set out in the article.

Receive forward-looking perspectives from our editors - Subscribe now for our Weekly Digest