#ISC2Congress: Cybercrime Victims Left Depressed and Traumatized

#ISC2Congress: Cybercrime Victims Left Depressed and Traumatized

Victims of cybercrime are suffering emotional trauma which can lead to depression, an expert warned

Sometimes mistakenly perceived as a victimless crime, cyber-criminals are causing their victims emotional, physical and financial trauma, an expert claimed at the (ISC)2 Congress in Orlando, Florida, on September 12, 2016.

Terri Howard works for FEI behavioural health, a company that provides support and services to companies in the aftermath of critical incidents. In the past, she explained, calls were typically about shooting or bombs, but over the last six years, calls have increasingly been from companies that have experienced a data breach or cyber-attack.

“You’d be surprised at the levels of trauma suffered by cybercrime victims,” Howard told her audience. In nine out of ten cases, there is a financial loss to the victim – a loss which gets greater when stolen data is sold. A less understood impact, however, is the emotional trauma experienced by the individuals that have been impacted.

“Victims often feel that there has been an invasion of their privacy,” Howard explained. “People feel victimized, that they’ve suffered a traumatic experience. It is the very same feelings that victims of assault experience. They’re upset, they’re depressed, they feel guilt.”

From a behavioral standpoint, victims can suffer insomnia and eating disorders, Howard said, “and as we’ve seen in the cases of large-scale breaches, a percentage of people go off on workmen’s compensation as a result.”

Interestingly, for some people, the threat of their stolen data being used is as traumatic as the reality of it actually happening, explained Howard. She referred to the Ashley Madison breach, when a man commuted suicide after email threats to expose him. “His name was never actually leaked – this is an example of how the threat of a situation can be as distressful as the actual leaking of information.”

The emotional impact to the victim is more long-lasting in instances when data is actually used and abused, however, counters Howard.

“Cyber is not a victimless crime. It can be moderately distressing at the very least, and severely distressing to others, and it’s important to understand that people do feel victimized.”

Howard gave the following advice for handling victims of cybercrime:

  • Help them to minimise the chance of repeat victimization
  • Listen to how they feel, and don’t be judgmental
  • Stop the activity, report the crime, repair the damage, and prepare for re-victimization.
  • Explain that cyber-attacks often don’t stop at just one incident. 85% of those types of hacks continue when data is used and re-sold. Victims have to understand that activity may happen over a period of time.
  • Understand severity of situation and damage
  • Put fraud alerts out
  • Consider credit freezes
  • Utilise services that support victims of cybercrime; the Identity Theft Victims Assistance Networks, for example

Source: Information Security Magazine