As Internet connectivity continues to spread, EU citizens and organisations will be subjected both to a larger volume of cyber attacks, and to attacks from previously underconnected areas of the world. Combatting cybercrime will therefore require new international strategic and operational partnerships. These are some of the findings put forward by the recently released  Europol’s iOCTA report.

According to the new Internet Facilitated Organised Crime (iOCTA) report put forward by Europol, estimates of global corporate losses due to cybercriminal behaviours stands at around 750 billion euro, which is only one part of the total economic value of cybercriminal economy as a whole. The personal data of EU citizens is a valuable illicit commodity that is being traded in a criminal digital underground economy and turned into cash.

This drives a range of new criminal activities, such as phishing, pharming, crimeware distribution and the hacking of corporate databases. As a communication tool, information source, marketplace, recruiting ground and financial service the Internet also facilitates all types of offline organised criminality, and online banking provides Organised Crime groups with the opportunity to move criminal assets faster than ever before, and irrespective of offline geographical barriers.

Furthermore, the widespread adoption of Internet technology in the EU has also prompted an unprecedented expansion in the markets for child abuse images and intellectual property theft, especially for copyrighted audio-visual material and software.

According to the report, Internet Facilitated Organised Crime exhibits unprecedented mobility and dynamism, and operates on a scale which places substantial and increasing demands on law enforcement. The global and often disparate nature of this type of criminality, and the ability of criminal groups to launch mass, automated attacks, requires highly responsive and internationally coordinated control measures: this is particularly the case for cybercrime, where individual offences may only attain significance when viewed from an international perspective.

Europol’s iOCTA findings and recommended actions on cybercrime

• EU Member States already rank amongst the most highly infected countries in the world when it comes to computer viruses and malware. As internet connectivity continues to spread, EU citizens and organisations will be subjected to more cyber attacks, and to attacks from previously underconnected areas of the world. Combating cybercrime will therefore require new international strategic and operational partnerships.
• Active partnership with the private sector is essential, not only to share intelligence and evidence, but also in the development of technical tools and measures for law enforcement to prevent online criminality. The academic community also has an important part to play in the research and development of such measures.
• Because of the global reach and scale of internet facilitated organised crime, its disparate nature, and the unprecedented volumes of data involved, centralised coordination of intelligence gathering, analysis, training, and partnership management is required at an EU level, to ensure that Member States and EU agencies make the most effective use of resources. The establishment of a European Cybercrime Centre, as outlined in the recent Council conclusions on cybercrime and in the EU’s Internal Security Strategy, will be an important and timely step forward.
• Awareness raising on individual and corporate user responsibility are key to combating cybercrime. EU–wide awareness raising and points of contact are required for a range of issues, including illegal downloading, social engineering, payment card security, securing wireless internet connections, and the risks to children. The use of crowdsourcing to gather intelligence on cybercrime from internet users should also be considered.

Brussels has already taken action in order to defend the European Union from attacks against its key information (IT) systems, by presenting two measures which involve a Commission's proposal for a Directive to deal with new cyber crimes, such as large-scale cyber attacks, complemented by a proposal for a Regulation to strengthen and modernise the European Network and Information Security Agency (ENISA).