With the advent of cyberspace, access to information and connections among users has completely changed, which significantly affects the work, communication practices and behavior of society. The changing working methods, the use of cyberspace to perform various activities and the transfer of data into cyberspace also contribute to the migration of different types of crimes to cyberspace². While known types of crime are migrating into this new environment, new types of crime related to cyberspace are also appearing. The most recent forms of crime to energe are associated with online social networks, as “the amount of personal information that individuals share and publish on the Internet is growing rapidly, especially due to the increasing popularity of online social networks” [DIM 10, p. 395], and with financial fraud committed both in cyberspace and in real space [IOC 11, DIO 11].

In modern work habits, where a permanent link to cyberspace is necessary, most abuse is “allowed” due to the ignorance or indifference of people who use computers connected to the Internet, for they mostly deal with information resources unconscientiously [MCC 05]. A greater deal of knowledge and experience, a higher level of awareness and a better protection of computers with elementary programs and security tools contribute to lowering the risk. People who spend more time working seriously with a computer and are aware of the safety and value of stored data also devote more time to protect such data, and consequently feel less threatened even though they are more exposed. “The security of the increasingly important information systems in our societies covers many aspects, of which the fight against cybercrime is a core element. Without an agreed definition of cybercrime, the terms ‘cybercrime’, ‘computer crime’, ‘computer-related crime’ or ‘high-tech crime’ are often used interchangeably” [ECO 07],

According to certain estimates (e.g. [SEC 10]), the financial benefit of cybercrime is enormous. However, some experts do not agree with such claims, since Anderson et al. [AND 12] believe that the benefit is decent, but rarely comparable to the high incomes of traditional crime. However, if we consider that in mid-2012, there were already 2.4 billion Internet users, or 34.3% of the world population [INT 12], and if only a small percentage of them were naive and abused, cybercrime³ has enough room for further development.

Because of the expected financial benefits, the amount of funds for the committing of cybercrime is growing steadily, since profits are also increasing. In light of the economic problems faced by the developing world, the issue is ever growing. Criminals obtain money and valuable data from people who believe in making a quick and easy profit using various tricks, since there are always plenty of naive victims. Despite a greater awareness among users, there are more and more victims. The techniques used for the committing of crime in cyberspace are becoming increasingly sophisticated as cybercriminals collaborate with a growing number of educated people who cannot get appropriate employment or adequate payment for their work. This has created several large organized groups that dominate cyberspace and as Professor Ross Anderson, who participated in the preparation of a general model for calculating the costs of cybercrime, states: “A small number of gangs lie behind many incidents and locking them up would be far more effective than telling the public to fit an antiphishing toolbar or purchase antivirus software” [AND 12].

Because a large number of users have very limited knowledge of how the technology works and the potential dangers of cyberspace, and are, at the same time, naive enough and wish to earn or progress quickly, the testing ground for cybercriminals is practically endless. Most cyberspace users are thus threatened by attacks and subsequent abuse. To reduce and raise awareness of safety risks, we have a possibility to use a variety of methods and techniques for ensuring information security, which aim to reduce the threat and the number of realized attacks through preventive efforts. In terms of information security, we are constantly searching for a balance between security and functionality. A large degree of safety and security causes a number of problems within the organization itself, because employees are unable to access the desired resources they need for conducting their business quickly and easily, while on the other hand, a large degree of flexibility facilitates unauthorized access to confidential sources of the company by potential internal attackers.

Large and economically powerful countries, such as the United States, China and Australia, or certain major European countries (Germany, France and the United Kingdom) can afford specific services and/or police departments to prosecute cybercrime. Smaller and economically weaker countries, such as Slovenia or Bosnia and Herzegovina and others, which alongside limited economic capacities also have a limited (small) number of experts in the field of information technology (IT) and information security and cannot afford a specific police department, consequently have to cooperate and establish links with other countries [FBI 11], On January 1, 2013, EUROPOL founded the EC3 – European Cybercrime Centre [EC3 13], in order to assist countries in combating cybercrime and to improve mutual cooperation between countries within the EU. This center is responsible for the protection of European citizens using cyberspace. Due to the nature of cyberattacks, in which an attacker from Russia, China, Australia, Brazil or in fact from anywhere in the world can attack a company in the United States, Slovenia, Bosnia and Herzegovina or Germany by using their regular computer connected to the Internet, international cooperation between investigative and law-enforcement authorities (FBI, EUROPOL, NATO and state institutions) and information sharing is thus even more important.

Cyberattacks are extremely fast and can affect thousands or even millions of electronic devices⁴ within moments anywhere in the world. Individuals and companies need to be careful because all of their knowledge, information about consumers and customers, plans and products that are kept as trade secrets can pass into the hands of competitors, domestic or foreign intelligence services, and other villains in a split second.

In addition to external attacks on information and organizations’ information systems, employees of the organization also have a lot of opportunities for accessing classified information, which expands the possibilities of abuse both by people who are authorized and have access to confidential information, as well as employees who do not have such powers. Internal attacks in organizations are more difficult to detect than attacks from outside, and it is even harder to respond to them. A wrong response can impair mutual relations and arouse distrust among employees. A theft or transmission of confidential information from a company can, in case there is an internal attacker, be understood as a deliberate abuse of information and communication systems, authorized and unauthorized users or as a human error. Employees are not only dangerous because of their malicious thoughts and actions directed against the company, but also because of their ignorance and negligence, which is why IT specialists often claim that the most secure computer is the computer that is not included in the network and not used by anyone. This, of course, makes no sense because such a system is useless in the modern world and cannot meet the needs of work-related activities. By using various methods of social engineering⁵, a potential attacker convinces an individual within the company to do something that allows him/her to access the data [MIT 11], To avoid the security measures of the company, an attacker has to convince the user to entrust him/her with the data, which he/she can use to log into the attacked system. Successful attackers usually have good communication skills, are charming, friendly and able to quickly establish a trusting relationship. For this reason, people remain the weakest link in the security chain and are often ignored when preparing security policies and procedures. To avoid threats by attackers using social engineering, we need to invest in preventive measures, such as in-house education, and improve training for users. Employees, contract workers and all others who have access to organizational systems and services must be fully informed of the importance of security and the steps they need to take in order to keep the information and communication system safe. All employees and other users associated with the information system of a certain organization need to be aware of the general information security policy and understand their role in providing security for the organization.

The process of updating services also changes the information security policy, and hence information security⁶ as such. In doing so, organizations must be careful to keep employees informed about changes and potential threats. Information and security policy should clearly define what happens if someone in the company intentionally or accidentally breaches the rules on information and security. The consequences must be clear and convincing in order to point out the gravity and their potential for realization. The security strategy determined by people responsible for security within the company is usually sacrificed on account of questions about how to persuade the executives and users of the company to implement it. If the heads of the information security departments had adequate resources to ensure an appropriate level of information security, they could prevent the realization of threats. It often happens that organizations, which have never been a victim of an information incident⁷, encounter great difficulties when justifying investments or obtaining management support for projects that would ensure an appropriate security level. The real information security problem solving is provided only by a comprehensive security strategy of the organization rather than by solving their individual parts. Cybercrime perpetrators are becoming more experienced every day and use a number of techniques that are relatively unknown, which forces defense to always be one step behind the attackers. In particular, the integrity, care and handling of information security as an unfinished process can be the only defense against information and security incidents.

With the penetration of information and communication technologies (ICTs) to almost all areas of human activity and with the increasing number of IT users, IT is becoming ever more common and the most popular target for criminals. Attacks are becoming more numerous, more sophisticated and they inflict more damage.

The regulation of cyberspace within criminal law lags behind technological development [ZAV 08], and there are also problems related to cooperation between the countries in the fight against cybercrime, which is highly international. Therefore, the initiatives undertaken by EUROPOL, the FBI, NATO and similar organizations contribute to the prevention, prosecution and reduction of threats posed by cybercrime, and provide greater safety for users.

Crimes in cyberspace are characterized by the fact that the damage caused is unclear and it is difficult to determine its financial consequences. Contemporary approaches to measuring the cost of cybercrime [AND 12] demonstrate methods for the realistic assessment of damage. However, in the overall treatment of cybercrime, there are still problems related to the corroboration of attacks, the cause of damage and the identification of perpetrators, which is why many such acts remain unreported, unpursued and the perpetrators remain at large [WAL 08].

Despite the general view that cybercrime emerged in recent years with the increasing use of the Internet, it has to be pointed out that it was already present in the past. It developed together with cyberspace and ICT. Its scope extended in parallel with the development of technology. In the past, the main motive of perpetrators was to prove that no system is completely secure, because each of them has critical points that perpetrators are able to detect and abuse the possibility of intrusion. Initially, the main motive of cybercrime perpetrators was amusement, curiosity, etc., while today they operate primarily for profit or money they obtain from data and identity thefts, the majority of attacks directly enable the gain of financial resources, especially from online fraud. It could, therefore, be said that most crimes committed in cyberspace today are financially conditioned. Perpetrators committing fraud are collecting financial assets of uninformed or careless users by acquiring confidential information and then blackmailing them, or by stealing money from their bank accounts. An increase in white-collar cybercrime, i.e. offenses related to various types of sophisticated cyberfrauds, carried out by organized groups of cyberattackers [IOC 11] is also observed. Although the white-collar crime is usually associated with the executive management of organizations, cyberspace in this segment joins people from various fields who use different cheating techniques in cyberspace [O’CO 11]. In doing so, they, for example, misuse intercepted information or information on credit cards obtained by hacking, use different methods of phishing, installing malware, etc., in order to obtain unlawful proceeds or to launder the money of innocent victims by misusing the information obtained.

Many ways of attacking ICT are thus developed, and all attacks have negative consequences and cause damage to targets or victims. There are many programs developed to combat this type of attack, but cybercrime perpetrators are already so skillful that no user protection program can stop them. In the future, the number of attacks will only increase, and new technologies and methods for committing cybercrime will be developed [UNO 10]. One has to be aware of the fact that information systems⁸, networks and communication devices are becoming increasingly connected. These kinds of connections consequently increase the number of opportunities for entry into, manipulation, obstruction, destruction and theft of the data stored in a system or transmitted between interconnected systems. Today’s society is highly dependent on networks, data flows and the electronic automation of several work-related operations, which is why it is extremely vulnerable. Global vulnerability of the “networked” society can be observed in cases of data theft, online fraud, the spreading of malware and inoperative systems, as well as in the amount of estimated loss, which is measured in millions [IC3 10a, PON 12]. Electronic devices which interconnect and transfer data to or through the Internet are just an additional tool for the perpetrators, an accessory to commit criminal offenses in cyberspace. The Internet gives them a global dimension, enables them to stay anonymous and communicate directly and safely, opens the way to knowledge, generates a large number of victims and gives a plethora of opportunities and assistance for carrying out illegal transactions.

The prosecution of criminal offenses in cyberspace is problematic as it is always necessary to adapt the methods of detection, investigation and guaranteeing proof. Apart from that, people even decide not to report many cybercrime offenses. Often they do so because they completely overlook the offenses or believe that they are to blame for the abuse. Organizations that have been abused often believe that in order to protect their reputation and confidence in their operations it is futile to report cyberattacks, their potential damage or consequences. Thus, they additionally contribute to the growth of cybercrime, since the perpetrators do not feel themselves to be at risk.

The phrase cybercrime denotes various types of crimes, among which the majority are indeed criminal; however, this phrase also encompasses certain acts committed in cyberspace, which in some cases are not (yet) punishable under the national penal law or international legal acts. Or as Wall [WAL 09] states, in defining the extent of cybercrime, an explanation of what exactly constitutes a “cybercrime” is missing, since the offenses are set out in criminal codes regardless of the “space” in which they are carried out, the way in which they are committed and how they occur. Users of cyberspace often expect adjusted regulations in response to cybercrime, but this is unreasonable, as many actions are already defined in the criminal laws of individual countries. These also allow the prosecution of offenses committed in cyberspace, such as child pornography, stealing money from bank accounts, fraud and abuse.

However, for a comprehensive understanding of cybercrime it is necessary to understand a complex contrast: among hundreds of thousands of attacks which are reported every year by the cyber or information-security branches, the number of prosecutions is still relatively low [...