Cybercrimes, when they occur, are almost unrivaled in generating attention and even fear. Whether in the form of assaults on individual bank accounts or coordinated efforts to skew a presidential election, most people agree that protecting our data should be a top national priority. Nonetheless, there is a broad gap between knowing what to protect and understanding how to protect it.
“Unfortunately, even though we’ve seen academics, politicians and government officials talk about cybercrime as being such a great threat, there are very few criminological studies that look at different kinds of cybercrime,” said Associate Professor Marie-Helen Maras of John Jay’s Department of Security, Fire and Emergency Management, who also teaches in the digital forensics and cybersecurity program.
Maras said that existing studies concentrate on just a few cybercrimes and criminological theories; what is currently lacking is a comprehensive examination of cybercrime through the lens of criminology. Her latest book, Cybercriminology (Oxford University Press, 2016), does just that.
“I think there’s a misconception that in order to be a researcher in cybercrime, you need to have the same technical knowledge, skills and abilities that you would need to perform in a computer science program. That’s incorrect,” Maras said. “We must understand the perpetrators to anticipate their next move. As security professionals, if we understand the environment where they operate, we can determine appropriate countermeasures.”
By using traditional criminological techniques to study non-traditional crimes, Maras hopes to break down the barrier of understanding when it comes to cybercrime and show that these concepts are accessible to a general audience. She does this through simple language and concrete examples.
“There’s currently a deficit in our national capacity to deal with cybercriminals,” she said. “From an educational perspective, we’ve always had computer science degrees, we have programmers, but that’s not what we need. We need individuals from all disciplines to have some cyber-related training, experience, and knowledge.”
Sociology, psychology, public administration, criminal justice, law, economics, political science, and security are a few of the fields that Maras believes should be incorporating cybercrime into their curriculums.
Maras is an advocate for mandatory cybersecurity standards across the private sector. This idea has been floated before but never adopted because private companies have resisted any increased governmental regulation. An executive order issued in 2013 tasked the National Institute of Standards and Technology with creating principles, policies and guidelines aimed at developing a cybersecurity framework with the potential to minimize threats. However, adoption of the framework was voluntary, thus limiting its impact.
According to Maras, this is a problem largely because when a private company is hacked, the liability falls on the individual, not the company. “If someone steals my identity, who has to take all of the actions to clear my name?” She shared an anecdote about a woman whose identity was stolen and who was later billed by a hospital for a leg amputation. The woman walked to the hospital to prove that she had, in fact, two fully functional and intact legs, yet the hospital and her insurance company continued to bill her for nearly two years.
Individuals often become victims of identity theft through no fault of their own because of third-party data breaches. “One of the major conclusions from Cybercriminology is that we not only need to educate consumers about the need to request greater protection of their data by third parties, we need a radical reform in our education system from the bottom up to teach the next generation about cybercrime, cybersecurity, and safe Internet practices.”
In the classroom, Maras does not hold back when it comes to teaching her students that they are all vulnerable to cyberattacks. They even started using the hashtag #MarasMadeMeParanoid. But according to Maras, a little paranoia is just what people need.