Unfortunately, as of this writing, there is no cut-and-dried approach to detecting cybercrime. Today, most cybercrimes are detected by chance. However, recent experience has shown some more or less informal methods by which an individual, but especially managers of large computer networks (which are more susceptible to cybercrime), can detect cybercrime.
Audit the system regularly. Be alert to any irregularities in the system. As of now, it is usually the suspicions of employees or managers that lead to the capturing of a perpetrator. Keep in mind that most computer crime does not derive from distant "hackers," but normally comes from employees or people the operator knows. Most computer crime is done by employees working on large network systems in firms and organizations handling a lot of computerized cash. Obviously, banks, large firms, government offices and universities are vulnerable, and, given the size of the organizations, it can take months to detect with any certainty.
Look for mistakes. Many authorities hold that cybercriminals can get too greedy and begin to get sloppy. Employees who know of this crime often get jittery and turn the perpetrator in. The same has been known to happen with family members of the cybercriminal. The chances of this working are increased if employees know clearly that cybercrime will result in full prosecution.
Make use of government agencies to help detect cybercrime. It happens often that audits by the IRS or investigations by police turn up the existence of cybercrime that had gone undetected for a long time. Things like inventory shortages and irregularities in the distribution of income within the firm can be signals that crime is being committed over the network. Nevertheless, it is usually hunches that uncover computer crime, when it is detected at all. This is a sobering reality, but the truth as of now.