How to protect your business from cybercrime
25 March 2019
Of the growing number of threats levelled at businesses today, an unparalleled amount of them come from digital origins, meaning it’s vital to know how to protect your business from cybercrime. Cybercrime trends such as crypto-crime, ransomware, information theft and phishing attacks present new challenges to IT security departments every single day, and the safety of organisations’ assets is increasingly coming under threat.
Organisations of all shapes and sizes can be affected by cybercrime. Whether you are a small enterprise with 50 clients or a global conglomerate with millions of customers, hackers and scammers can and will take every opportunity to compromise your IT security and steal confidential information. Avoid the trap of believing that a strong IT solution is the only form of protection you will need – a holistic approach to cybersecurity, including people, processes and technology is crucial to creating a truly cyber-prepared business.
A major cybercrime trend that has been witnessed globally is the meteoric rise of crypto-crime. At the beginning of last year, cryptocurrencies such as Bitcoin inflated into a huge economic bubble, and hundreds of start-up cryptocurrencies began to emerge, eager to profit from the digital gold rush.
This phenomenon presented a shrewd opportunity for robbers, hackers and scammers who exploited the general ignorance surrounding cryptocurrencies, as well as the inherent difficulty of tracking the movements of digital funds to steal millions. Webroot, a global provider of endpoint security and threat intelligence services, documented record levels of mining and crypto-jacking crime in January to July 2018. They noted that its popularity was due to these methods of cybercrime being less resource-intensive and less overtly criminal than using ransomware.
For organisations that deal with crypto-assets, managing this risk can be a huge cause for anxiety. It is therefore imperative that, as well as making sure IT is equipped to mitigate this risk, other steps must be taken. These should include developing knowledge and expertise in employees so they can identify activities that pose a high risk of financial crime. As well as creating strong governance frameworks that are durable enough to keep up to speed with new developments in the world of crypto.
Ransomware is another key area of concern for many businesses. The good news here is that many businesses are becoming savvy to this method of cybercrime and are investing more time and money into creating good data backups and storing them in the cloud. Basic ransomware simply does not hold the same clout as it once did and, as a result, the fear factor that compelled so many businesses to pay up is lost.
However, the bad news is that, rather than going away, it is evolving. Perpetrators of ransomware are now changing tactics. Rather than attempting to canvas millions or even billions of systems, ransomware is becoming much more targeted. Scammers that use ransomware are now taking aim at specific industries that would suffer the most severe levels of disruption should an attack force them to lock down for any period of time. The most at-risk industries are transport, government, healthcare and SMEs. In the case of an airport, even if an attack targets just a handful of machines, the cost of ceasing operations can reach hundreds of millions. When your service stopping completely constitutes a catastrophic event, scammers have reasoned that ransoms are much more likely to be paid.
Thankfully, the risk of being affected by malicious ransomware can be mitigated by implementing some key preventative controls. Businesses can protect themselves by ensuring that they are taking a holistic approach to their defence strategy, incorporating people, processes and technology. This includes making sure updates and patches are up-to-date, running tests to ensure the backup system is effective, checking antivirus protections and training employees on how to recognise and respond to vulnerabilities.
One of the biggest emerging trends in cybercrime witnessed in the last year is a rapid increase in information theft. This has fast become the new criminal focus in the digital underworld as it offers a great deal of new lucrative opportunities to make money from the theft or sale of data. A common attack vector affecting the banking industry right now is the use of banking trojans to steal credit card information, Bitcoins and banking credentials.
This ‘fast-cash’ method of cybercrime is rampant, but the most worrying form of information theft sees data being traded on the Dark Web. The sale of personal information is a multi-billion dollar market and is ruthless in its approach. In February this year, a hacker stole 747 million user records from 24 websites to sell on the dark web.
This is just the tip of the iceberg when it comes to the scale of the problem of data theft. Businesses today must ramp up their efforts to protect against such incursions. This means ensuring that every branch of the business is well-equipped to cope with intrusions, including having the knowledge of how to detect them, effective processes in place to mitigate them, and the appropriate level of IT security to prevent them.
To build a more resilient digital environment for your business, it is important to know how the threat landscape is changing, the dangers it can pose, and how you can take the necessary steps to ensure that your cybersecurity measures stay ahead of the curve.
To learn more about digital risk and how to protect your business from cybercrime, read our white paper 'Internal Audit in the Age of Digital Risk'.