Why are Criminals Faster at Digital Transformation than Legacy Companies
Photo by Clint Patterson on Unsplash

Why are Criminals Faster at Digital Transformation than Legacy Companies

For a while I have been pondering the acceleration of digital adoption among criminals. The sad fact is that offline crime has been moving online not only in what might be considered white collar crimes but drugs, child pornography and the like. I’m looking at this phenomenon purely from a tech POV and do not find any of this funny nor condone it. These guys are not tech geniuses and bad boys. Simply bad. Yet, the speed of adaptation of criminals vs. legitimate ventures to new environments is curious and fascinating in a dark way. These guys should not be better than ‘us’. 

This article focuses on ‘hackers’ and how they implement and leverage digital transformation

(Accidental) Early Investment in Education

No alt text provided for this image

There are a few ‘super’ gangs that dominate the ‘industry’ most coming from Eastern Europe. These are the likes of Megecart and Goznym. During the Soviet period and after Lenin, the Soviet system invested heavily in STEM (Science, Technology, Engineering and Mathematics). Yet with little support for application of this know-how, highly trained people had little opportunity for legitimate (and lucrative) applications of their skill. As an article in the New York Times puts it: “With limited opportunities, many highly capable Eastern Europeans are carving out careers in cybercrime, leading to the creation of what is effectively a criminal Silicon Valley.” (1)

Early Adoption of a Digital Business Model

No alt text provided for this image

As soon as digitalization became an apparent opportunity, many ‘financial’ types of criminals jumped at the opportunity. Why risk offline bank robberies when you can simply go online and minimize risk. Cybercriminals developed small groups of cartels that basically offered “Cybercrime-as-a-Service” (CaaS). This had been going on for many years, well ahead of the momentum of digital transformation among legacy organizations. In 2016, it was predicted that roughly 100-200 individuals operated what are basically marketplaces for ‘services’. Some examples of services that could be purchased by less tech savvy (but motivated) criminals are: 

  • The CaaS vendor would install malware on PC’s and then charge the individual criminal customers for access to those PC’s (pay as you go model)
  • The ‘service’ invented a subscription model for malware and ransomware toolkits 
  • Knowing the value of a satisfied buyer and customer lifetime value, CaaS cartels started launching customer service centers (chat, pretty sure)

As one reported cited: “Based on online advertisements, CaaS business appears to be so lucrative and booming that hacker gangs can't keep their crews staffed.“ (2) Legacy organization on the other hand have been slow in adopting new business models or even exploring new revenue streams, preferring to exploit the core business for short term returns.

Early Adoption of Digital Channels (3)

No alt text provided for this image

Mobile First Culture: In 2018 mobile was the source of 7 out of 10 fraudulent transactions, up sevenfold since 2015 (well before many legacy organizations had effective apps). Cybercriminal networks are of course developing their own apps for more efficient and effective operations.

Social Commerce: Cybercrime-as-a-Service jumped quickly onto the potential of social commerce using Instagram, WhatApp and Facebook for promotions and sales. Legacy organizations are still struggling with more basic e-commerce strategies whether their own web shops or market places. 

Agility as a Way of Working

Starting with HR: Recruitment practices include online job applications, Skype interviews and having to perform hacking cases before being offered a job. Some practices include a probation period where performance is tracked and measured by the number of successful designated hacks. (4) I am pretty sure that the talent pool is growing while legacy organizations have problems attracting digitally savvy employees. 

Agility as a Practice and Relevant Tools: SCRUM, Jira, Asana and Slack are just a few of the basic tools that are being used by the ‘service providers’. Keeping on one’s toes and quickly adjusting to bugs and market situations, including the possibility of being tracked and busted (and therefore maintaining a market advantage) are key to business success. These methodologies are often questioned and sometimes sabotaged in classic firms. 

Cross Industry Inspiration & Learning

Unlike many organizations that suffer from tunnel vision, looking to developments in their own industries, cybercrime ‘vendors’ look to Facebook,  Amazon and Uber for best practices and use cases.. These data-driven platforms have not only proved to be the inspiration for the underground CaaS model, but are also valuable channels in their own right. (5)

In Conclusion

As I mentioned, none of this is funny. It’s just interesting. Cybercrime was a $3 trn business in 2015 is projected to double by 2021.

But what is interesting, is how quickly the ‘industry’:

  • Pivoted to digital
  • Proved adept at business model innovation
  • Had the foresight to see the value of new channels as part of the business model while many legacy organizations saw them as ad channels for a long time
  • Adopted agile methodology without missing a beat, because it worked in terms of efficiency, speed and the classic build-measure-learn-repeat
  • Cultivated talent
  • Had the foresight to look outside for best practices to adopt

When operating outside of accepted norms, people get creative, shedding constraints. If the underbelly of society can evolve and thrive, generate new revenue streams and ways of working, so can we all, for a better good and a better outcome.

Sources:

  1. https://www.nytimes.com/2019/11/29/opinion/the-criminal-silicon-valley-is-thriving.html
  2. https://www.bankinfosecurity.com/cybercrime-as-a-service-economy-stronger-than-ever-a-9396
  3. https://iaonline.theiia.org/2019/Pages/Crime's-Digital-Transformation.aspx
  4. https://www.databreachtoday.com/blogs/cybercrime-recruiters-want-you-p-2069
  5. https://www.infosecurity-magazine.com/magazine-features/evolution-cybercrime-service/








Greg Hoyos

Award-winning copywriter and published author. Columbia Pacific U, Wharton Business School Executive Edu. Experience on Microsoft, P & G, Colgate, Sara Lee, Nestle and others.

4y

Thoughtful. The law of unexpected consequences.

To view or add a comment, sign in

Insights from the community

Others also viewed

Explore topics