James Hawdon believes cybersecurity isn’t just about computers.
When most people discuss ways to stop cybercrime, they focus on the technological realm. That includes antivirus programs, firewalls, password authentication, and other countermeasures that are built into computer systems to protect them from attacks — methods law enforcement agents call “target hardening.”
But Hawdon’s work in combating cybercrime doesn’t involve designing programs or firewalls. As director of the Center for Peace Studies and Violence Prevention and a professor of sociology at Virginia Tech, he believes researchers must also look at the human side of the problem. What motivates someone to commit digital crime? What types of environments increase the likelihood of these crimes?
“If you don’t take that social element into consideration, we’re always one step behind,” he said. “We’re chasing the next way that people find to hack into your system, rather than trying to design environments that are safer.”
But to understand the social factors at play in cybercrime, researchers first need a clear picture of where and how cybercrime is occurring. That’s what Hawdon and his team of criminologists in the Virginia Tech Department of Sociology are hoping to find with their new project, “Cybercrime in Virginia: Impacts on Industry and Citizens (CIVIIC).”
Working with Hawdon on the project are Katalin Parti and Thomas Dearden, both assistant professors who specialize in criminology. The team will conduct a survey of individuals and 400 businesses to determine how cybercrime has affected citizens of Virginia.
A grant from the Commonwealth Cyber Initiative, a Virginia-funded collaborative effort that supports cybersecurity research at universities across the commonwealth, is funding the project.
Hawdon, Parti, and Dearden have been collaborating on cybercrime research since the assistant professors joined the Department of Sociology in 2019. This project is the latest in a series of cybercrime surveys they have fielded, with support from the Virginia Tech Institute for Society, Culture, and Environment. They said that, for criminologists, cybercrime is an especially pressing topic, and one that is still under-researched. Even though traditional forms of crime have been decreasing since the 1990s, online crime has only increased as computers have become a more and more essential part of everyday life.
“We live in a global society where ransomware attacks are normal,” Parti said. “It’s hitting the population, not to mention industries, on a daily basis.”
According to Parti, despite the ubiquity of online crime, researchers and policymakers are still lacking in essential data about the extent to which cybercrime occurs. The FBI and other federal organizations gather nationwide statistics on crime from local police departments. It is difficult to collect accurate data on cybercrime in the same way, however. Victims of a cyber attack rarely report the crime to local authorities, and even when they do, police departments often have neither the tools nor jurisdiction to deal with the problem, especially since these attacks often occur across geographic borders.
Previous cybercrime surveys have involved small or demographically limited samples. The researchers’ survey, which encompasses a representative sample of the entire state population, will be one of the first of its kind.
To gather the data, the researchers have designed two surveys, one for individuals and one for businesses. Respondents will answer questions about what kind of cybercrime they have experienced, how much it has cost them, what kind of prevention measures were in place beforehand, and what they’ve done since to strengthen their security against future attacks.
The team will conduct the surveys in collaboration with the Social Science Research Center at Old Dominion University and its director, Tancy Vandecar-Burdin, and the Survey and Evaluation Research Laboratory at Virginia Commonwealth University. Both centers are dedicated to running community surveys and other social-data collection methods. Randy Gainey from Old Dominion University and Jay Albanese from Virginia Commonwealth University are also collaborating on the project.
“They have a diverse set of ideas,” Dearden said about his colleagues at the other universities. “We’re really translating a lot of different expertise to create a much better project than we could have with just our small Virginia Tech team.”
Hawdon, Dearden, and Parti hope the data collected through their survey will lead to more informed discussions about cybercrime. They plan to make their data publicly available and encourage people to use it to further their research efforts on cybercrime. By making people more aware of the risks of cybercrime, the collaborators believe, the project will empower Virginians to protect themselves and their businesses against future attacks.
“We can try to make our community safe by building walls and gates, or we can try to make stronger communities,” Hawdon said. “I’m hopeful that one day we can live in a virtual world that isn’t a gated community.”
The team members hope their project will lead to a larger national survey on cybercrime, similar to the National Crime Victimization Survey, which the Bureau of Justice Statistics fields every year. They also hope that eventually, comprehensive cybercrime data will be available on the same scale as data about traditional crime.
Parti noted that the goals of the project align perfectly with Virginia Tech’s motto of Ut Prosim (That I May Serve).
“We’re not just doing research for its own sake,” she said. “We’re trying to do something meaningful to serve the community.”
– Mary Crawford