Internet users are increasing year over year, and many of these are relatively unsophisticated, the type that are ripe for exploitation.
Also, in recent years, the barrier to entry for exploiting machines and creating botnets has decreased dramatically. Whereas it previously took experts days or weeks to exploit an unknown vulnerability, cyber criminals can now purchase an advanced malware capability for as little as $300 on the open market (Danchev, 2008). This could also fuel demand for botnets and malware.
Economic theory predicts that the global recession will probably increase the amount of cyber crime as the recession deepens. This could result from a variety of causes: an increase in attacks on more vulnerable and desperate people from those with cyber skills joining the cyber criminal ranks for needed income; and a decreased focus on and investment in computer security as a result of fewer resources.
It is acknowledged that given that the wealth of US households has shrunk by almost $1.4 trillion, so the total amount of money available to steal has decreased. It is also acknowledged that correlation and causation are extremely difficult to prove conclusively. One could argue that cyber crime has been increasing anyway because of the low barrier of entry, promise of e‐gold riches, and virtually no risk of being caught and prosecuted. This is regardless of the state of the worldwide economy.
However, looking at the sophistication of workforce of the emerging markets, one can reasonably conclude that because the economic fortunes of these countries has been greatly reduced with less hope of improvement of their situation, cyber crime opportunities and workers will probably increase.
I believe that further research into the links between cyber crime, economics, and the recession is warranted and should be explored further. I also believe that a good understanding of the profit motives behind most modern cyber attacks will provide security practitioners with a more well‐rounded perspective on the threats they are struggling against daily.
The important takeaway is for policy makers and information security professionals to acknowledge that often the policies and technologies are not effective in defending IT assets, and there are other invisible hands at play. By studying the link between economics and information security, we can obtain a clearer picture of the motivation for and prevention of cyber crime.
Anderson, Ross. The Economics of Information Security. 2000. http://www.cl.cam.ac.uk/~rja14/Papers/econ_science.pdf.