Claudiu Popa’s latest book, “The Canadian Cyberfraud Handbook: A Professional Reference” is exactly what the title promises. In light of International Fraud Awareness Week, it’s also the perfect time to pick it up for a read.
It’s a very useful reference piece for a subject that has received enormous attention but still has a gaping hole in terms of critical coverage. There is an enormous amount written that is purely technical in nature. From firewalls to SQL injections, you can find technical guidance on all aspects of security. Likewise, there are a lot of timely news stories about the latest exploits. What we lack, according to Popa, is a deep and dispassionate exploration of all security and cyberfraud in the context of business, the economy, and society.
Popa himself says coverage “by the media and experts” have led to what he terms “simplistic guidance” as “information sources… recycle the same basic tips.” The problem, according to Popa is that “aside from being largely ineffective, this leads to a desensitized public, often in spite of a deep interest in the subject matter.”
Popa’s latest work is not just a text, but it’s a serious attempt to combat this problem. In that goal, he is largely successful. He does indeed give some serious investigation of the topic. It’s certainly not bedside reading – you have to be prepared to dig into the details. Despite that, Popa hasn’t sacrificed readability. If you’ve ever seen Claudiu speak, he has a rather engaging style. That style – clarity and a conversational tone transfer nicely to this book. Despite being largely a reference work, Popa’s voice comes through and he manages, within the limits of a text, to engage and even at times to provoke you. His assertion that the amount of attention to security in the press and by experts may have actually resulted in less attention to security is controversial and to those of us in the technical press, worthy of some reflection.
Popa offers another intriguing line of thought in a section called “what we don’t know about cyberfraud.” He raises a question which has always bothered me. Presumably, it might intrigue others. He notes that “with every breach, security failure, and cyberfraud report, the public is told to brace itself for the crashing waves of fraudulent purchases and fake identities, but these events either don’t get reported or more confusingly, don’t materialize.”
He follows this observation with an intriguing theory related to the real value of stolen personal data. He claims that, while items like stolen credit cards have a value of anywhere between $1 and $8,000 per card, money from the sale of this data isn’t the real end goal of cyberfraud. According to Papa, the short-term funds from these sales are used to “grow and reinvest money into analytics and process.” Those processes, in turn, equip the cyber-criminals to build more and more complete profiles of their potential victims to be eventually used in much more precisely targeted future attacks. Says Popa, “in criminal hands, this may be more valuable than gold.”
To Popa, thoughtful analysis without alarmist language or hype serves his real mission, which he describes as supporting the “race to build societal safeguards.” That indeed may be true, but his matter of fact tone, coupled with observations about the amount of data that is being amassed by cyber-criminals on each and every one of us certainly sent a chill down my spine.
For those who come to this book looking for a reference document, this book does not disappoint. Popa offers his Cybercrime Classification Framework with clear descriptions of each and for those who struggle with definitions, clear examples of each. I’ve rarely found descriptions this clear or examples and explanations that hit the right balance between clarity and brevity. Popa manages to do both. Again, with a mind to readability, he gives some key examples in the main text but leaves the reader with an appendix with the full framework.
Popa ties up the book with some good information on detection and prevention, trends in Canada, Australia, and the United States. As a publisher of Canadian IT information, it’s pleasant to open a book and find the chapter on Canada comes first.
Given the rapid pace and continual change in the area of cybercrime and security, the one thing I found amazing is that anyone would attempt to publish even a paperback book, the assumption being that by the time it is published, it’s already out of date. But for those who are worried about this, the way Popa has attacked the subject will certainly mitigate that issue. Popa seems to strive for the essence of each item rather than claiming to detail each and every item, he himself notes that his framework is not “authoritative” but it is “flexible”. But with 100 clear and concise examples, it’s probably as authoritative as anything else.
It’s hard to believe that Popa has packed so much into a hundred and seventy-seven pages. It’s a great basis for educators who are looking for a meaningful and relevant framework to explore this important and topical subject. It’s also a pretty good read for a textbook and is relevant for executives and even practitioners looking for clear and concise definitions, frameworks and conceptual models.
Perhaps it also addresses the larger need that Popa identified. He has assembled the concepts and the lexicon to enable us to have real, deep and meaningful discussions about a topic that is so important to all of us. If like me, you believe that our necessary and inevitable transition to a digital economy moves at the speed of security, Popa’s book makes a meaningful contribution, not only to education but also to our larger discourse in our business, economic and even social spheres.
I’d be interested in your opinion. Leave me a comment below.