The 2020 Internet Crime Report from the FBI’s Internet Crime Complaint Center (IC3) has been released and can be viewed here: 2020_IC3Report.pdf. I highly recommend all in SECOPS take a moment to grok the content. I’d like to share a few of my observations.
High Level Takeaways
Reading the report reinforces a few concepts that have not yet made it into the mainstream thought of SECOPS:
- Cybercrime is a component of crime & national security and has little to do with IT.
- The FBI is becoming the definitive data source for cybercrime.
- As cybercrime occurrences grow, citizens and organizations must coordinate with law enforcement to increase deterrence.
- Law Enforcement is becoming increasingly efficient at recovering losses from cybercrime.
Extortion via Ransomware is on the Rise
IC3 reports extortion attempts (including Ransomware) increased to more than 76k complaints in 2020 up from 43k in 2019. One key takeaway is security vendors have a decreasing comprehension of the threat landscape (see: https://therecord.media/hospitals-schools-get-a-crucial-break-from-ransomware-attacks/) while local, state and federal law enforcement are getting better at collecting and sharing crime information. This shift in power dynamic is going to change how organizations and citizens make decisions in protecting their data and networks and how they coordinate with law enforcement.
Cyber “Call the Police” Button
The metrics also indicate private citizens and organizations are increasingly reaching out to law enforcement to help. Cybersecurity vendors that will thrive in the next phase of craft maturity will create features to minimize effort, cost and risk for organizations & citizens to provide tips and evidence to law enforcement. The two-decade “golden-age” of entrusting security vendors to deliver private security to citizens and organizations is on a collision course for old-fashioned reliance on our heroes in blue. Vendors and solution providers not moving into roles of enablement and collaboration have bumpy quarters ahead.
Law Enforcement Coordination is Profitable
In 2020, the FBI recovered 82% of the $462M in financial losses that financial institutions reported to the FBI. Banks and other financial institutions are SECOPS craft leaders in law enforcement coordination. They have developed workflows and normalized vernaculars with law enforcement to deliver symbiotic outcomes. These collaboration efforts are a powerful proof-of-concept in the power of empowering law enforcement with the evidence they need to successfully prosecute criminals to create deterrence and to recover losses.
2021 will be an exciting year of transformation and collaboration. As security vendors, citizens, organizations find sustainable methods to share information that will lead to the arrest of criminals and recovery of losses, it will be increasingly easy to protect data and services and very difficult to execute cybercrime with impunity.