Sunday 20 November 2011

What business can learn from organised crime

by Marc Goodman

Technology is increasingly put to nefarious uses. Consumers and businesses must deal with the results, from small-bore, almost laughable "I'm stranded in England, please send money" email scams to large-scale appropriations of credit card data.

During the 25 years I have spent in law enforcement - as a police officer, a counter-terrorism consultant and, for the past decade, a cyber-risk and intelligence specialist - the most striking trend I have seen is the growing sophistication of global crime syndicates and terrorists (the former are now believed to bring in US$2 trillion (S$2.59 trillion) a year). 

Some of this is not new. Colombian drug cartels, for instance, have been technologically advanced since the days of Miami Vice. But more-recent international crime groups, including the Russian Business Network, South America's Superzonda and the worldwide ShadowCrew, have become especially adept at expropriating legitimate business tactics to create highly efficient global teams and set new best practices in adaptive strategy, supply chain management, the use of incentives, global collaboration and other disciplines.

Here are five lessons companies can learn from the activities of such groups.


Criminal groups have made an art of scanning the environment and quickly deploying technology to capitalise on what they find.

Within hours of last year's Haiti earthquake, for example, scammers were circulating emails urging people to use Western Union to wire money to the British Red Cross. The cause sounded noble - but the British Red Cross does not accept donations by way of Western Union. Ever-adaptive criminals are also creating "Text this number to donate $10" scams after disasters.

Thieves are exploiting long-term technology trends as well. While corporations struggled to monetise their social media followers, criminals quickly figured out that tweets and Facebook updates were invaluable tools for planning home burglaries and that social media data could facilitate identity theft.

The lesson: Watch the headlines, move quickly and try to get out in front of developing trends.


Modern organised crime has abandoned the top-heavy structure of dons, capos and lieutenants made famous in The Godfather. Most of today's gangs, along with Al Qaeda and other terrorist groups, are loosely affiliated cooperative networks - and are as likely to recruit website designers and hackers as they are thugs and enforcers. 

They routinely turn to niche markets for specific expertise. (For instance, Dubai offers the best talent for laundering money.) They are constantly networking to develop sources with the specialised skills they need, much as Hollywood studios scout for talent to cast a given film. 

For example, identity theft specialists know where to find artists who can replicate the holograms on ID and credit cards and they routinely utilise a call centre in Russia whose multilingual employees work 24/7 and are accomplished at making fraudulent calls to banks, during which they might impersonate anyone from a rich Italian housewife to a Brazilian doctor.

The lesson: Do not limit yourself by overreliance on in-house talent. Cultivate e-lancers and other contractors who can provide the precise skills your project demands.


Criminal organisations pay well, both to compensate for the legal risks involved and because their high profit margins allow them to. But they realise that team members usually are not in it just for the money. 

Most enjoy the thrill of breaking the law. Many, particularly hackers, are also motivated by the challenges of sophisticated security systems and the bragging rights they gain when they foil them. Although criminal organisations still employ a fair share of thugs, they are increasingly attracting highly educated people who seek autonomy and intellectual stimulation - not unlike the people who are drawn to the risky, demanding work environment of a start-up.

The lesson: Socially oriented businesses are not the only ones that can use workers' desire for meaning as a motivating force. Find a way to tap into employees' needs for recognition, challenge and belonging.

Exploit the long tail

Until the Internet came along, many criminals pursued a "blockbuster" approach. They were always on the lookout for a single heist - say, a bank robbery - that could provide a huge pay-off. Terrorists still strive for spectacular attacks, seeking to maximise the societal shock and disruption. 

But global criminals have learned that they can reap big profits by executing smaller operations over and over again - a strategy that allows for efficiency gains, continual improvement and reduced risk. If you have ever been the victim of credit card fraud, you probably noticed a flurry of midsized purchases, usually made online. These can be received and forwarded by a "mule" who may not even realise he is part of an illegal scheme. (Syndicates often tell such mules they are part of an import-export operation.) 

The purchases on any one card might not exceed US$1,000. Multiply that amount by thousands of transactions, though, and the pay-off becomes huge. The perpetrators of small but high-volume frauds also constantly conduct experiments aimed at improving results. They may use different subject lines in the same email scam, comparing the response rates and then fine-tuning the language in the next round.

The lesson: A business model that aims for many small transactions instead of a single big hit can result in larger long-term profits and provide numerous opportunities to improve efficiency along the way.

Collaborate across borders

Various radical Islamic splinter groups now work alongside Al Qaeda, even though the entities remain distinct. So, too, with organised crime. The Hong Kong-based triads and the Japanese Yakuza have joined forces to market synthetic drugs, and Colombia's cartels cooperate with Russian and Eastern European mafia to expand the reach of their products. 

Although "going global" has been an important way for businesses to extend market opportunities, the strategy delivers an additional benefit to organised crime. It can create legal obstacles for law enforcement officials, who often are not as adept at cross-border collaboration as the criminals they are tracking.

The lesson: Do not look at competitors simply as rivals. Consider the mutual benefits of partnerships.

Comparing the practices of criminal and terrorist organisations with those of corporations is by definition an imperfect exercise. Despite their sophistication and managerial prowess, crime groups are unconcerned with the human and social costs of their acts; they will remain ruthless no matter how many computer scientists they employ. 

But it is also true that, as organised crime has come to rely more on technology for competitive advantage, its craft has developed a greater resemblance to the activities of law-abiding businesses. In some cases, criminal enterprises are now the ones pushing the frontiers of knowledge and innovation. 

Given the high profitability of global cybercrime networks and the limited threat they face from the legal authorities, legitimate businesses will undoubtedly become targets more frequently. Managers need to pay close attention to the tactics being used against them - and perhaps even learn to profit from some of the global gangsters' insights.

© 2011 Harvard Business Publishing (Distributed by The New York Times Syndicate)
Marc Goodman is a senior adviser to INTERPOL and founder of the Future Crimes Institute.

No comments:

Post a Comment