While the Center for Strategic & International Studies and McAfee estimated the annual cost to the global economy from cybercrime at $375 billion conservatively and $575 billion maximally as of June 2014, at least one expert stands by cost figures that are many times those numbers.\u201cU.S. companies and the U.S. economy lose approximately $500 billion each year to theft of trade secrets and innovation. This includes all forms of economic espionage where cybercrime plays a major factor. When you factor the 10-year life of the investment in innovation, the total value of the theft reaches $5 trillion or one-third of the U.S. GDP - each year,\u201d says T. Casey Fleming, CEO, BLACKOPS Partners Corporation, a Washington, D.C.-based Information Security Advisor to senior executives & boards of the Fortune 500, U.S. government agencies, and universities.[ Annual cost of cybercrime hits near $400 billion ]While the enterprise can\u2019t stop cybercrime it can become a hard target. To that end, CSO maps the cybercrime economy with its major components, incentives, and seats of power, finalizing with the means for enterprises to avoid victimization by keeping cyber goons from absconding with their digital goods.Cybercrime entitiesCybercrime entities include countries such as India, France, Sweden, North Korea, Syria, Russia, and China as well as smaller groups inside eastern-block countries. \u201cOrganized crime includes the offshoots of the Russian Business Network, who have a very clear understanding of the financial payment supply chain,\u201d says Bob West, CISO Emeritus Fifth Third Bank & Bank One, now Chief Trust Officer, CipherCloud.Cyber spying by public and private concerns is also a piece in the cybercrime economy puzzle. \u201cCybercrime targets include U.S. companies in the Fortune 500 & 100, small- to medium- businesses, universities, thank tanks, and government agencies,\u201d says West.Cybercrime incentives\u201cThe hyper-connected world, the adoption of digital banking, the connection of operational technologies to the Internet, and a surge in mobility have greatly increased the attack surface available to digital criminals, which has led to a gold rush mentality in criminal fraternities,\u201d says Colin McKinty, vice president of Cyber Security Strategy, Americas, BAE Systems Applied Intelligence.The ready availability of free cybercrime applications invites participation in the cybercrime economy by just about anyone. \u201cThis creates a services-based cybercrime economy, meaning that even those with limited personal expertise can still achieve significant results,\u201d says McKinty.The enterprise needs to attack the economics that drive and sustain cybercrime by making it too costly in terms of resources and time for cybercrime to be profitable.Colin McKinty, Vice President of Cyber Security Strategy, Americas, BAE Systems Applied Intelligence\u00a0In addition to a growing attack surface and increasing numbers of free tools, the cybercrime economy thrives due to the profit motives of the thieves who grab an organization\u2019s enticing personal identifiable information and intellectual property. \u201cCybercrime feeds on human weakness and on weak security controls, which are the result of enterprises choosing convenience over security. There are many people in large companies who don\u2019t understand what they need to do to protect information as part of their daily routine,\u201d says West.To safeguard data, executives and employees must first know what is most precious. Then, learn good general security habits as well as the specific measures for protecting each type of data in so far as using those measures lies within duties and responsibilities you will face in your position.Seats of power\u201cCybercrime is a multifaceted, decentralized, global phenomenon,\u201d says McKinty. Still, there are stealthy leaders behind the attacks that criminal hackers carry out.The nefarious heads of these hacker groups include Russians in seats of power and Chinese communists inside the People\u2019s Liberation Army. Members of various criminal syndicates globally work with little or no outside guidance or prompting.[ Interview with a Mob CIO ]People who want to avoid muggings don\u2019t walk dark alleys alone at night in the wrong part of town. People who want to stay safe travel in groups, take extra measures (carrying pepper spray), and have a game plan, such as run, dial 911, or scream, \u201cfire!\u201d to attract attention and help. Enterprises must be aware of how the information highway as the world itself has changed, and not for the better. They must do the \u2018must dos\u2019 of cyber safety: offer the least amount of privileges necessary to any one person or entity; trust no one; and segregate networks.\u201cRequiring the use of a reference model that includes governance, such as the NIST Cyber Security Framework ISO 27000, is a good starting point for comprehensively protecting critical infrastructure and the data it carries,\u201d says West.Perimeter defenses alone are insufficient. Use methods instead that locate attacks in progress based on anomalous behavior that you measure against a baseline. \u201cCompanies such as Cyveillance, FireEye, and CrowdStrike offer useful technologies,\u201d says Fleming.Methods and tools that remove incentives are very important. \u201cThe enterprise needs to attack the economics that drive and sustain cybercrime by making it too costly in terms of resources and time for cybercrime to be profitable,\u201d says McKinty. Use risk assessments tailored and targeted to cybercrimes. Make cybercrime too expensive a proposition for attackers by using two- and three- factor authentication, long, strong passwords, and stronger (higher-bit) encryption than your competitors (so you\u2019re no longer the lowest hanging fruit). \u201cThe enterprise should also find and fix its weakest links in the security chain,\u201d says McKinty.\u201cThe CEO must be an information security change agent,\u201d says Fleming. Reward people who discover and help to close your vulnerabilities. \u201cStage annual assessments by unbiased, experienced, intelligence-based outside firms,\u201d says Fleming.Non-technical options for pushing back against cybercrime are largely limited to trade sanctions against nation-states and prosecution of bad actors within the U.S. \u201cThe FBI will prosecute any U.S. firm acting in retaliation. The answer is for companies to redefine their information security strategy from perimeter security to data-centric security,\u201d says Fleming.Unite to fight\u201cIn the battle against cybercrime, shared knowledge is a crucial power for slowing digital criminals down,\u201d says McKinty. No enterprise should fight armies of cyber-villains, botnets, and nation-states alone. By broadly sharing threat intelligence, tools, and techniques with the global business and law enforcement communities, enterprises plug into a much stronger force for defending their data.