This post is the result of having read an Ars Technica post commenting on an article in The Scientific Method that reported on a study undertaken by the British banking industry. They were looking at the cost of installing security systems relative to the costs of letting the bank robbers just take the money. Basically, which costs more – security systems or the actual thefts? It turns out that in England the average back robbery nets about $31,000. In the United State the amount is considerably lower, only $4330. So bank robbery, as it turns out, does not pay very well relative to the risks assumed by the perpetrators, and the likelihood of getting caught and jailed is pretty high.
I compared that with three other articles I have read lately, two of which I have already blogged about. The first on is from PC World and looks at the economics of spam Viagra, and basically, against all odds, 91% of orders for spam Viagra are filled by the spammers, albeit with a product that contains little or no active ingredient, for about $20 a pill. This works out to pretty good money, about $3.5 million dollars per year, according to a 2008 article on the same topic. The reason there is no end to spam is that the economic return on investment is so high, relative to the financials costs (low, in the thousands per year) and physical risks (carpal tunnel syndrome vs. being shot at) that our bank robber friends assume.
The there is the case of the two Latvians who ran the Fake Anti-virus scam off of an infected ad they placed with the Minneapolis Star Tribune website about three years ago. This scam netted them about $2 million dollars. Much better than our bank robbers. Bad news for the Latvians – they were scooped up by the FBI and Interpol and are currently doing hard time.
Then there is the more recent case of Georg Avenesov, a Russian citizen of Armenian descent who was clearing $125,000 per month renting out the 30 million computers her had hijacked and turned into zombies.
The basic lesson – stay in school and get some computer skills before you embark on a life of crime. Cybercrime is safer, easier, and pays much, much better. Anyone who is wondering why there is so much mischief on the web needs to understand that the payback is very good. Hence the need for not just security software products, but an over strong security environment wherever your computer is living.
This is why I am going back to school again, to learn how these guys work so I can defend my current and future clients better. So if this is an issue you want to address – you know who to call.
Share
JUN
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com