With advances in technology and the internet, the nature of crime has changed, affecting businesses, governments, and individuals. Law enforcement faces the challenge of keeping up with the greater sophistication of cyber criminals. To that end, Statistics Canada on June 25 hosted an online panel to discuss how to better understand, measure, and combat cybersecurity threats.
RCMP assistant commissioner Jeff Adam briefly summarized how crime has evolved. A hundred years ago, it would typically take place in the same town, but over the decades its scope has expanded. Now with cybercrime, law enforcement has to figure out where the offence took place and where the offender is located relative to where the crime occurred.
And people and businesses are still learning about what constitutes cybercrime. “If I could turn off the internet, which crimes would continue and which ones would not?” asked Adam.
One out of five Canadian businesses have been impacted by cybercrime, but only 10 percent get reported. Cybersecurity has developed into a $206 billion world market.
“Cybercrime and cybersecurity remain a policy puzzle,” said Benoît Dupont, a criminology professor at the Université de Montréal. “An effective national cybersecurity policy will need to consolidate very disparate sources of data to measure cybersecurity outcomes from different angles.”
He explained that another challenge is hiring, training, and retaining special investigators and forensic experts to prosecute the international nature of cybercrime. Cyber criminals leverage their anonymity and use a decentralized structure to build networks of skilled offenders.
Dupont also says internet service providers could be a good source of data to provide reliable statistics on the level of infection of electronic devices.
“That’s one example, where countries have used their internet service providers and telecommunications regulators to work together with statistical agencies and law enforcement to help people clean up their machines and, in the end, benefit from a cleaner ecosystem,” Dupont said.
But varying laws around the world make detection and enforcement problematic.
Case in point is child sexual abuse, where offending sites may reside on servers in other countries but Canadians still have access to it.
“We’ve sadly approached child sexual abuse material and all online crimes in fact more from a geocentric standpoint, and certainly in our space that has not helped us,” said Signy Arnason, associate executive director of the Canadian Centre for Child Protection.
Dupont said one issue with transformative technologies that can bring tremendous benefits is that they are “often developed and adopted so quickly that convenience takes precedence over safety considerations.”
Lack of regulation in this rapidly developing field means cybersecurity is rarely baked into the design of products. The competitive nature to gain market share can mean security is lost in the shuffle, explained Dupont.
On June 26, Health Canada published guidance on requirements for cybersecurity precautions to be implemented in medical devices to protect patient safety. Many such devices run using the internet, and cybersecurity experts have demonstrated that they can be tampered with—though Health Canada says there are no reports or evidence showing that direct patient harm has occurred in real-world situations. Safeguards required will include passwords as many devices are already being run on secure networks.
“It will now be required that all medical device manufacturers consider cybersecurity for their products,” according to a Health Canada press release.
Policy-makers have to think outside the box and adopt new strategies to keep up with the growing threat of cybercrime.
“I think the main constraint at this stage is probably our imagination,” Dupont said, “and there is a lot we can do to improve the metrics we need to provide better preventative and mitigating policies to limit the negative impact of cybercrime.”
Follow Rahul on Twitter @RV_ETBiz