Cybercrime continues to grow and evolve, taking new forms and new directions to adapt to fraud prevention measures and new technologies. An ever-present threat, its impact is felt globally across multiple industries - including security printing.
Security Printers caught up with keynote speaker Dr Mary Aiken, Cyberpsychologist and Academic Advisor to Europol's European Cybercrime Centre (EC3), ahead of her talk 'Cyber: the criminal frontier', to discuss identity theft and payment fraud, as well as her research on the psychological make-up and modus operandi of cybercriminals.
Interview with keynote speaker Dr Mary Aiken
Could you define cyberpsychology in just a few words?
Cyberpsychology is the study of the impact of technology on human behaviour, it’s about twenty years old as a discipline - some say that Cyberpsychology is the new psychology.
Much of your research has centered on forensic aspects of cyberpsychology. Which areas are especially vulnerable to cybercrimes?
Card-not-present (CNP) fraud is dominating fraud related to non-cash payments, and this impacts the retail sector heavily. Airline ticket fraud continues to have an impact globally and is linked to other criminal activity such as human trafficking. Europol’s latest Internet Organised Crime Threat Assessment report has highlighted Darknet markets as a key facilitators and enablers of cybercrime, providing access to compromised financial data to commit various types of payment fraud, firearms, counterfeit documents to facilitate fraud, trafficking in human beings, and illegal immigration.
Are cybercrimes mostly affecting individuals or corporations, especially in the context of our industry: identity and finance?
Forbes recently predicted that cybercrime will cost businesses approximately $6 trillion per year on average through 2021. The cost of cybercrime to enterprise is also increasing, in 2017 Accenture reported that organisations are spending nearly 23 percent more than the previous year, the average annualised cost of cybersecurity was $11.7 million per business.
In terms of the individual identity theft is also soaring an estimated 15.4 million consumers were hit with some kind of ID theft in 2016, up from 13.1 million the year before. Recent events such as the massive 2017 Equifax hack further compound the problem with data belonging to over 143 million people compromised, from a forensic risk perspective victims of the Equifax breach have a heightened risk of becoming a victim of identity theft.
What is the difference between a cybercriminal and a conventional one? Does such a criminal fit into the pattern normally associated with criminality, or is this a new type of criminal?
I am often asked to quantify traditional crime versus cybercrime – but technology is now ubiquitous; with a camera on practically every street corner, connectivity everywhere and devices in the hands of some five billion users it would be hard to commit a crime that did not have some cyber component, we are moving towards an era where all crime could be considered as involving cybercrime. The same holds for traditional criminals, they are also increasingly engaging in cyber criminality along with a new generation who practice their criminal activities almost exclusively in cyberspace.
What does a cybercriminal look like - what are his/her characteristics?
Malicious hacking costs companies up to $600 billion annually, a recent study published on Frontiers in Human Neuroscience now found a positive association between an individual's drive to build and understand systems -- called 'systemizing' -- and hacking skills and expertise, other studies have focused on human motivation to engage in criminal hacking which ranged from profit to revenge, and "just for fun" to political idealism.
What does a typical victim of cybercrime look like?
There is no such thing as a typical victim of cybercrime - in an age of ubiquitous technology we are moving towards a point where everyone is potentially what we describe in forensics as a "high-risk victim" – from the teenager in their bedroom at home to the CEO of the company.
What is the most challenging aspect of your work as a researcher in such a different environment as the web?
The most challenging aspect of my work is dealing with child vulnerability in cyber contexts – there is no shallow end of the swimming pool online for kids. We are seeing increases in anxiety, depression, low self-esteem, insomnia, eating disorders and 'sextortion' attempts associated with young people’s use of the Internet – they say it takes a village to raise a child – this is also true in cyberspace.
Where did the idea of the Hollywood television show CSI: Cyber come from? Is this show inspired by your research only? Is Avery Ryan’s life in the show similar to yours?
The CBS show CSI: Cyber was inspired by my work as a cyberpsychologist, in the real world I work as an academic advisor to police organisations such as Europol, in the show they made my character (played by Patricia Arquette) a police officer – apart from that, the show was pretty authentic.
What was one of the most interesting projects you worked on?
The show CSI: Cyber was a fascinating project – creating an hour of Hollywood style TV drama every week was very demanding but immensely rewarding, at one point the show aired in 170 countries worldwide, for me as an educator it was a fantastic platform to educate and inform concerning cybersecurity and safety.