What is crime theory? Why does it matter to cybersecurity? In particular, what can it teach us about reducing crime and how we rethink what we do as an industry? To get some answers, Enterprise Times talked with Charl van der Walt, Global Head of Security Research at Orange Cyberdefense about crime theory and how it could help cybersecurity.
We started by asking van der Walt what crime theory meant. He replied, “We were interested in the problem of ransomware or cyber extortion, and convinced that it wasn’t a technology problem and wasn’t going to be addressed by technology.
“We started thinking about what other domains might speak to this problem might inform us about the problem. It struck us as obvious that it’s a crime, and that people have been studying crime for a long time. We thought it would be useful to examine whether some of these formal theories of crime could be applied to cybercrime, and if one did do that, what might emerge from an examination from that perspective?”
The conversation very quickly turned to the problem of equating physical laws to virtual laws. It also covered how we deal with crime in the physical arena. What was interesting, is that van der Walt believes we can break down cybercrime and find real-world crimes that are well understood.
We also talked about ransomware and how you criminalise it. For van der Walt, the problem is that we are conflating tools. He said: “Ransomware is a tool, you can’t criminalise a tool, that doesn’t make sense. The crime is fundamentally extortion. And the crime of extortion is the combination of a number of other crimes that have to happen either before or in parallel with the extortion in order for that final act to take place.”
To hear more of what Charl van der Walt had to say, download the podcast
Where can I get it?
You can listen to the podcast by clicking on the player below. Alternatively, click on any of the podcast services below and go to the Enterprise Times podcast page.