Cybercrime netted a whopping $450 billion in profits last year, with 2 billion records lost or stolen worldwide. Security expert Caleb Barlow calls out the insufficiency of our current strategies to protect our data. His solution? We need to respond to cybercrime with the same collective effort as we apply to a health care crisis, sharing timely information on who is infected and how the disease is spreading. If we’re not sharing, he says, then we’re part of the problem. (

Who is he?

As a vice president at IBM Security, Caleb Barlow has insight into to one of the largest security intelligence operations in the world. His team stands watch protecting the information security of thousands of customers in more than a hundred countries. On a busy day they can process upwards of 35 billion potential security events across their global operations centers. (op. cite.)

Why you should listen:

Barlow has been advising chief information security officers, boards of directors and government officials on security practices, frameworks and strategies for risk mitigation on a global basis. He is a sought-after speaker on the subject of security and regularly appears in both print and broadcast media, including NBC News, CNBC, BBC World Service, NPR, the Wall Street Journal and the Washington Post. His opinions have been solicited by members of Congress, the NSA, and NATO, and he was invited by the President of the UN General Assembly to discuss his views at the United Nations.

Most recently, Barlow is focusing on building a large-scale simulation environment to educate C-level executives on how to better prevent and respond to a cyber attack so they can maintain business resiliency in the face of crisis. (Op. cite.)

Discussion Questions:

  1. last year, 100 million of us, mostly Americans, lost our health insurance data to thieves The United Nations estimates that 80 percent of it is from highly organized and ultra-sophisticated criminal gangs. To date, this represents one of the largest illegal economies in the world, topping out at, now get this, 445 billion dollars. As a social problem this is costing us all. Did you realize the scope of the problem?
  2. Describe the Dyre Wolf. What did it do in both stages?
  3. Cyber criminals work Monday through Friday. They take the weekends off. How do we know this?
  4. A term used to describe the anonymous underbelly of the internet, where thieves can operate with anonymity and without detection is known as….?
  5. Here’s an example of a site you can go to if you want to change your identity. They will sell you a fake ID, fake passports. But note the legally binding terms for purchasing your fake ID. Why would a criminal group publish “legally binding” language on it site?
  6. Why does he suggest using the health care model of an epidemic for cybercrime?

Making Connections:

Speaker’s reading list

1. Spam Nation

Brian Krebs

An excellent view into organized crime and its impact on cyber security. Remember, nation-state activity is only a small portion of what we are all dealing with, 80% of the problem is organized crime.


2.  Tallinn Manual

NATO Cooperative Cyber Defence Centre of Excellence
Tallinn, Estonia

Fascinating analysis of how international law applies to cyber crime. A few chapters into the book and you immediately realize that international law has some catching up to do when it comes to information security.

3.  “IBM X-Force Research: Inside the Dyre Wolf Malware Campaign”

John Kuhn
Security Intelligence, 2015

I mention the Dyre Wolf in the TED talk, here is more information about the gang, their activities and alleged take down.

4.  “Russian Cops Bust Key Members Of World’s Busiest Cybercrime Gang: Sources”

Thomas Fox-Brewster
Forbes, 2016

5.  Ponemon 2016 Cost of a Data Breach Study

The study provides the data to understand potential liabilities in a breach and the cost to remediate.

News story from 2017

Infosecurity magazine story


Where is cybercrime really coming from? with Caleb Barlow


1 Comment

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>