Podcast: Can Cybercriminals be Stopped?

Have been seeing increasingly dangerous threats to our technologies:

Can Cybercriminals Be Stopped?
Cybersecurity expert and journalist Kate Fazzini exposes the true nature of cybercriminals in her new book.

Cybercriminals aren’t all young hackers living in dark basements armed with their laptops and quaffing energy drinks. The new generation of cybercriminals have organizations that function much like startups, with CEOs and recruiters, and customer service agents. In her new book, Kate Fazzini, a cybersecurity professional and CNBC journalist, reveals the true nature of these cybercriminals beyond the headlines. She recently joined the Knowledge@Wharton radio show on SiriusXM, to talk about her book, Kingdom of Lies: Unnerving Adventures in the World of Cybercrime. (Listen to the podcast at the top of this page.)

An edited transcript of the conversation follows.

Knowledge@Wharton: Are top-level executives devoting enough resources to cybersecurity within their own companies?

Kate Fazzini: Except for the really large companies — the Fortune 20, Fortune 30 companies — we’re not even close yet. For most companies, the top cybersecurity official is reporting up through a technology organization that then probably reports up through one or two other people to the highest levels of the organization and the board.

That’s very problematic because the technology executive has a bit of a conflict of interest. They’re the ones who are doing the [software] applications for the company. They are the ones who are making the purchases. They want the budget that they’ve allocated to go through, and they don’t want a security person stopping them from doing what they want to do. For most companies, that’s a very old-fashioned way of doing things, and that cybersecurity person still doesn’t have the visibility at the highest C-level that they need to have.

Knowledge@Wharton: We hear stories about hackers in Russia, China and Eastern Europe. How much of this activity is happening inside the United States?

Fazzini: As much as we like to say that we aren’t able to catch these criminals, we have a much more robust law enforcement capability of catching these criminals. What makes us different in the United States is that the people who are doing cybercrime in this country, especially if it involves hands-on activities like going to an ATM or something like that, they’re much deeper underground than they are overseas.

That’s partially because in a lot of Eastern European nations, law enforcement just looks the other way on a lot of these crimes. In countries like Russia and in some Asian countries — not so much China — they will actually recruit criminals who show that they have a really good way of doing certain cyber activities. … That is not something that we do in the United States at all. You will never see the NSA (National Security Agency) recruiting a significant cybercriminal into their organization.  ....  "