Ultra-tight cyber security long has been touted as the best way to protect sensitive information and the world's energy, financial and communications infrastructure, but a new report from England's Cambridge University may turn that school of thinking on its head. The study shows that the billions spent on cyber protection would be better spent on catching criminals, which also would save government money.
"Measuring the Cost of Cybercrime" said on a global scale, too much money has been spent on defense and cleanup instead of retribution for cyber criminals. The cost of crime was calculated by weighing the cost of fraud, money spent on defending against those crimes, and the cost of sorting out the messes after an attack.
"Some police forces believe the problem is too large to tackle," the study’s lead author, Professor Ross Anderson, said in a statement. "In fact, a small number of gangs lie behind many incidents and locking them up would be far more effective than telling the public to fit an anti-phishing toolbar or purchase antivirus software. Cybercrooks impose disproportionate costs on society and we have to become more efficient at fighting cybercrime."
For example, the United Kingdom is estimated to spend around $50 million a year in software patching, and consumers spend about $170 million in antivirus licenses. However, the U.K. and U.S. governments spend just $15 million and $100 million, respectively, to police and nab cyber criminals.
"As for the more direct question of what should be done, our figures suggest that we should spend less in anticipation of cybercrime (on antivirus, firewalls, etc.) and more in response, that is, on the prosaic business of hunting down cyber-criminals and throwing them in jail," the researchers said. "We are extremely inefficient at fighting cybercrime; or to put it another way, cybercrooks are like terrorists or metal thieves in that their activities impose disproportionate costs on society."
The growing threat of cyber crime will require solutions from those who earned a cyber crime degree or online cyber crime degree. On June 25, two British hackers from the LulzSec collective pleaded guilty in a U.K. court to online attacks on the CIA, PBS and News International.
The young men, 20 and 19, reportedly carried out multiple attacks in 2011, stealing data, vandalizing websites and committing denial of service attacks. Two other defendants have pleaded not guilty to the same charges and will stand trial in April 2013.