I read through the Ponemon Institute: 2012 Cost of Cyber Crime Study that was released last October.  The results are quite staggering:

Cyber crimes continue to be costly. We found that the average annualized cost of cyber crime for 56 organizations in our study is $8.9 million per year, with a range of $1.4 million to $46 million. In 2011, the average annualized cost was $8.4 million. This represents an increase in cost of 6 percent or $500,000 from the results of our cyber cost study published last year.

$8.9 million per year is the average.  That’s a lot of money.

The percentage annualized cyber crime cost by attack type is shown in the following graph.  There is a lot of bad stuff going on out there!

Cyberwarzone.com is a “portal for information on cyberspace related issues. Cyberwarzone collects information about ongoing events in the cyberspace world. The goal is to provide information on cyberwarfare, cybercrime and cyberterrorism.”

The site was founded and is maintained by a 21-year old digital forensics student, Reza Rafati.

Two associated sites are

• Worldwidenews.cyberwarzone.com. This projects “grabs” feeds from around the world and puts them on a list or a GEO-TAG enabled map. (GEO-tagging allows people to see where the news was published).
• Network portal for Cyber warfare security experts. This site is a news and collaboration site for information security experts.

Michael Barrett, Andy Steingruebl, Bill Smith of Paypal have collaborated on an excellent white paper entitled, “Combating Cybercrime – Principles, Policies, and Program.”  I highly recommend it to you.

Rather than attempt an analysis at this time, please let me share a segment of an introductory paragraph …

What is possible, and perhaps even likely should current trends continue, is the perception by Internet users that the Internet is unsafe and therefore unsuitable for everyday use. Should this perception become widespread, crowd psychology could take hold and as with the recent world financial crisis, result in a loss of faith in “the system”. Certainly there were very tangible and real issues behind the financial crisis, but the long-lasting impact has proven to be the perceptual shift resulting in the Great Recession.

… and a portion of their conclusion:

The authors believe that cybercrime, and other cyber issues are the one area that could cause this type of loss of faith in the safety of the Internet In this white paper, the authors lay out an entire framework of practical actions that could be taken to reduce the impact of cybercrime, and substantially make the Internet safer. Even if only some of these recommendations are implemented, it will make a significant improvement in Internet safety. While we’re hesitant to name any of these initiatives as being more important than any other, we are occasionally asked “list the three things you want us to do”. In general, we list:

• Increase investment in cybercrime law enforcement.
• Start the Internet NTSB.
• Fix the Cybercrime Convention.

Just doing those three things would make a big difference, albeit it would be – to paraphrase the punchline of many a joke – merely “a good start”. We expect this paper to be a first step in a multi-stakeholder and iterative process and approach to making substantial progress against cybercrime. We welcome feedback on our proposals.

In between these bookends lies a thought-provoking analysis of the basic problems, the challenges and roadblocks that complicate potential solutions, and a decisive call to action to bring about a coordinated ecosystem change.  The authors propose ten underlying principles and a series of specific recommendations, ranging from international law enforcement to forcing unsafe devices off the Internet.

I believe this document will help foster and accelerate interactions among the appropriate business, government and user communities to make signifiant progress.  We all have a stake in this.  This document will help us understand the issues and get involved.

According to a CNNMoney.com article today,

“An international cybercrime ring was broken up Thursday by federal and state officials who say the alleged hackers used phony e-mails to obtain personal passwords and empty more than $3 million from U.S. bank accounts.

“The U.S. Attorney’s Office charged 37 individuals for allegedly using a malicious computer program called Zeus Trojan to hack into the bank accounts of U.S. businesses and municipal entities.”

Isn’t it interesting that this sophisticated cybercrime tool was named for Zeus, the Greek "Father of Gods and men" and the Trojan Horse, which allowed Greeks to surreptitiously enter the city of troy and end the Trojan War?

It is as if God and the Greeks have ganged up on the rest of us!

I’m sure God and the Greeks aren’t really conspiring against us, but the Zeus Trojan case underlines the tragic reality that bad guys are  becoming extremely sophisticated in their attacks, and that the cost to us all is rapidly increasing.