Cybercriminals: A case study for decentralised organisations?

A study shows that stereotypes of organised criminals are wide of the mark.

by Adam Gale
Last Updated: 22 Jan 2020

If your mental image of a cybercriminal is Don Corleone keyboard-mashing code in his mother’s basement, you may be in need of an update. 

Research published in the International Journal of Offender Therapy and Comparative Criminology has found that hackers, who are globally responsible for between $445bn and $600bn of economic damage every year, instead correspond to a rather different stereotype.

“It’s not the ‘Tony Soprano mob boss type’ who’s ordering crime against financial institutions,” according to co-author Thomas Holt, a professor at Michigan State University, but rather “loose groups of individuals who come together to do one thing, do it really well… then disappear”.

The researchers reviewed 18 Dutch prosecutions in phishing cases, with evidence coming from wire taps, house searches, stakeouts and undercover policing. They found that hackers generally connected online in order to create teams with the necessary functional skills for their proposed crime, often around a core group.

“If someone has specific expertise in password encryption and another can code in a specific programming language, they work together because they can be more effective - and cause greater disruption - together than alone,” says Holt.

In essence, sophisticated cybercriminal gangs show features of decentralised, networked organisations - where high-powered teams collaborate on a project-by-project basis with, dare we say, the agility one would expect more from Silicon Valley than from the mafia. 

While businesses may be reluctant to take tips on organisational structure or lean project management from a bunch of internet crooks, the research may still come as a wake-up call for those who have underestimated the sophistication of cybercriminals or the financial and reputational threat they pose. 

Recognising that breaches don’t just happen to other people making stupid mistakes is, after all, the first step toward creating solid cybersecurity defences.

Image credit: Mondadori via Getty Images


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Why Rishi Sunak is right on returning to the office - but shouldn’t ...

Opinion: It’s about time leaders end the cycle of out of sight, out of mind....

How to manage up without looking manipulative

MT Asks: Tips for managing your manager without looking like a master manipulator.

How to make imagination a competitive advantage

Blue sky creativity isn't just the realm of lone geniuses and small children. It can...

Is Amazon becoming a 21st century conglomerate?

Why history suggests being too diversified can spell doom for the biggest business.

5 reasons CEO successions fail

Picking the next leader is arguably a board's most important job.

Leadership clinic: Is this the right time for M&A?

Octopus Group co-founder and chief executive Simon Rogerson answers questions on starting up, scaling up...