Cybercrime is nothing new, but increased levels of connectivity, remote working, reliance on technology, and automation means the risk of attack is rising rapidly. In this article, we look at the common types of cybercrime and how you can protect your business against them.
The coronavirus pandemic has made many organisations more vulnerable to cyber-attacks because of:
- relaxed control environments;
- revised processes and procedures; and
- changing employee workforce profiles.
All criminals target vulnerabilities, and this is no different online. Gaps in your defences can be targeted both at a human and system level.
Pandemic aside, the last five years have seen several significant data security breaches at high-profile organisations. Businesses must be better prepared and equipped to identify and respond to digital threats. Even larger corporate organisations that invest significantly in IT security must stay constantly up to date with the evolving cyber threat landscape.
What are the typical methods of cyber-crime?
There are trends and patterns organisations can look for to better prepare for what will likely be an inevitable occurrence for most. Cyber criminals are constantly finding new ways to exploit vulnerabilities, but the most common types of cyber-attack include:
|Social engineering - criminals manipulate people to gain access to confidential and sensitive information.|
|Phishing - criminals send emails pretending to be someone else, often an organisation, to obtain key information or a fund transfer.|
Identity theft - the deliberate and intentional use of someone else’s identity and credentials for gain.
|Spam emails - unsolicited emails which are sent in bulk.|
|Malware - a type of software that is designed to disrupt systems.|
|Ransomware - a type of malware that blocks access to data and systems until payment is made by the organisation or person under-attack.|
|Whaling - targets those in senior positions for financial gain or access to sensitive information.|
|Island hopping - supply chain and third parties are used to target another organisation, usually one that’s bigger or more complex.|
How common is cybercrime?
According to cyber security firm Mimecast, phishing or email scams continue to be the most prevalent type of attack, which means human error and poor awareness are often responsible for security breaches. Cyber security can’t be seen as an issue for the IT department, it is every member of staff’s responsibility – including senior management and executives.
Technology market research company Vanson Bourne and Mimecast conducted a survey and found that:
- 31 per cent saw a loss of data due to lack of resilience and preparedness.
- 60 per cent have experienced an increase in identity/impersonation fraud.
- 52 per cent experienced an enforced stop of operations as a result of an attack.
- 58 per cent have experienced an increase in phishing.
- 30 per cent experienced an increase in identity/impersonation fraud in the first 100 days of the pandemic.
Following the introduction of the General Data Protection Regulation (GDPR), insufficient security protocols and procedures pose a financial risk as well as an operational one. With up to 4 per cent of global annual turnover at risk via security breach penalties, organisations can’t afford to get this wrong.
The Information Commissioner’s Office (ICO) has handed out some significant fines since GDPR came into force. Cathay Pacific was fined £500,000 in March 2020 and British Airways is facing a significant £183 million fine following their recent data breach.
What’s more, in March 2020 the UK government reported that:
- 50 per cent of businesses have reported cyber breaches or attacks in the last 12 months.
- 19 per cent of businesses who have reported cyber breaches or attacks in the last 12 months have suffered a material loss of assets.
- 37 per cent of businesses have board members with a cyber security brief.
- 69 per cent of businesses are backing up their data on cloud servers.
- 54 per cent of businesses are actively looking for guidance on identifying and managing cyber risks.
All this tells us that online risk is very real, and the high number of successful attacks is cause for concern for any business. Experiencing an attack is one thing, it is an entirely different matter when there are material, financial, or reputational damages to deal with.