When it comes to cybercrime, who would be the better crime fighter, Batman or Superman? I started pondering this question recently after taking a break from studying a depressingly tall pile of cybercrime surveys and stumbling across a trailer on YouTube for Batman v Superman: Dawn of Justice (I was actually looking for a Supertramp song, Crime of the Century, but that’s a different blog post).
I have to admit that, when the Batman v Superman movie was announced at the 2013 San Diego Comic-Con International, I was a little underwhelmed. It’s not that I’m not a fan of comics. I still have two Detective Comics that I bought in 1971 (numbers 414 and 416). My reaction was more to do with the huge discrepancy between a super hero who has super-human powers (Superman) and one that is merely a very fit bloke with lots of brains and massive financial resources.
The point is, you may start wishing for some sort of a super hero if you read too many accounts of criminals abusing information and communication technology for selfish means (I’ve provided links to a handful of cybercrime studies below, in case you want to test this theory). If only there were a crime fighter who could take out these faceless scumbags who are spoiling so much potentially awesome technology for the rest of us. In other words it would be great if we could at least get to the dawn of justice in cyberspace.
But which superhero? At first it seems like Superman would have the edge. Apart from his amazing world-turning abilities, he has already battled a misguided computer genius and won (Gus Gorman in Superman III). Unfortunately, not only did that movie not do as well at the box office as Superman I and II, but also Superman only defeated the physical manifestations of Gorman’s programming abilities. Today’s cybercriminals steal hundreds of millions of dollars worth of data a year in ways that are hard to see, even with X-ray vision. The payout for the crooks who stole that payment card data from Target in 2013? It was more than all the loot from all the bank robberies in America that year (note that “loot” is the term used by the FBI in its statistics). And apparently nobody saw them do it.
Now think about the Bat Cave. According to the 7,000-word Wikipedia entry on the Bruce Wayne’s lair, its centerpiece is a supercomputer of the highest order, one with global surveillance capabilities, connected to a series of communication satellites. See where I’m going with this? Physically, Batman is certainly more than a match for the criminals who commit cybercrimes. And he has a big technological advantage over Superman when it comes to finding them. I’m inclined to give this round to the Dark Knight.
Of course, if you’re a serious comic buff you will know that the two 1971 DC comics that I own both feature Batman; but I really did try to think of what super powers Superman could bring to bear on the cybercrime problem, I just came up short. If you disagree, feel free to tell me, in a comment below, or in person during this year’s Comic-Con. You should be able to find me at Petco Park, where ESET will be hanging out as Nerdist’s Official Cybersecurity Partner. In fact, ESET is offering comic lovers a chance to win two round-trip tickets to Comic-Con, and a whole lot more. You can find all the details on the Comic-Con International 2015 Contest page.
And for those who are wondering which cybercrime surveys I’ve been reading, I’ve listed some samples below. Just be careful how you read them: they are not necessarily based on representative samples (always check the sections of the report titled “methodology” and “demographics” before acting on the information, and if there are no sections like that, proceed with caution).
- The Ponemon Institute Library – many good reports here, methodology usually well-explained.
- The 2015 Verizon Databreach Investigation Report – a lot of good information, but remember: limited to reported breaches/incidents.
- The 2015 ISACA and RSA Conference Survey direct PDF link: State of Cybersecurity: Implications for 2015 – I like this one.
- The Cisco 2015 Annual Security Report – worth reading but the charts can be hard to interpret, demographic base not always clear, and some terms not defined.
- The 2015 (ISC)2 Global Information Security Workforce Study – Fascinating report based on responses from an impressive demographic of 13,930 information security professionals.
- The PwC Global State of Information Security Survey 2015 – is not the full survey, just “key findings” and actually pulls numbers from many sources to paint a picture PwC calls “Managing cyber risks in an interconnected world”.
- The 2014 US State of Cybercrime Survey – this is the step-grandchild of the CERT e-Crime Watch Surveys we saw in the 2000s, but now owned by PwC, so despite CERT and Secret Service participation you only get what PwC thinks are the key findings.
- Special Eurobarometer 423 – surveying cybercrime from a citizen and victim perspective, based on representative samples from each of 28 EU countries, a good example of what governments should be doing to get a handle on cybercrime (this link is direct to the 170-page PDF file, which includes the data tables).
- Cybercrime against Businesses, 2005 – I included this because it represents the first and last time the US government performed a full-scale study of this type, essentially leaving American companies in the dark about cybercrime, apart from reports on cybercrime written by other companies (download PDF here).
So, anyone know how to contact Bruce Wayne? Maybe see if his organization could at least perform a comprehensive cross-sectional survey of cybercrime in America, complete with data tables for further analysis? At least that would be a start.
In the meantime, try some escapism and check out the Comic-Con International 2015 Contest page (warning: contains high octane video).
by Stephen Cobb, ESET