Author: Gary Hibberd

Date: 24th June

 

To many, it would appear that Cybercrime is a distant thing; Something you hear about on the NEWS but doesn’t affect you.

But in truth, it is on the increase, and it highly likely that you’ll be affected directly or indirectly over the coming years.

But why is Cybercrime on the rise?

 

Where there’s FUD, there’s money

It was once said that “where’s there’s mud, there’s money”, meaning that anyone doing things that others weren’t willing to do (i.e. works in mud), would be paid handsomely.

But today, the axiom is used by Cybercriminals who understand that where there is Fear, Uncertainty and Doubt, they can make money. 

At current count, there are approximately 7.5 billion people on this planet, and 4.5 billion of them are using the internet. And let’s be honest; most don’t understand how the internet works or how it operates. But why should they? There are approximately 1.4 Billion cars being driven around the world, but not many people know how the combustion engine works!

But if these numbers seem big, they pale into insignificance when you compare them to the number of devices that we use, which are connected to the ‘Internet of Things’ (IoT). That number currently stands at around 26.66 billion devices. That’s approximately 3 devices for every man, woman and child on this planet.

Cybercriminals know that there are a lot of people sharing data online at an alarming rate, and more than this; Many are spending money via these devices.

 

Show me the money; The cost of Cybercrime

If we consider just one aspect of Cybercrime, Ransomware we will begin to see why Cybercrime is so attractive to criminals. Ransomware is where a computer is infected with a virus which encrypts all the data upon it (and often all computers attached to it). Once this happens, the victim cannot access their files.

The Cybercriminal doesn’t care what these files are. They will happily attack hospitals, law enforcement, schools, individuals, small businesses and large enterprises. Quite often, the target isn’t selected; they are merely caught in the net.

According to the “AON 2020 Cyber Security Risk Report,” the financial impact of Ransomware in 2021 will reach $20 Billion (around £15 Billion). 

Remembering this is just ONE approach taken by Cybercriminals, it is easy to see why committing Cybercrime is so attractive.

 

Crossing state lines

Committing a traditional crime, such as bank robbery, fraud etc. often required the criminal to visit the victim and carry out their crime. But with our increasingly interconnected universe, a Cybercriminal can be sitting in the USA, attacking a company based in Switzerland, with customers located in the UK, Germany, Russia, etc. 

In this situation; Who is investigating the crime? Where did the crime take place? The USA? The UK? Switzerland? International laws on Cybercrime are staggeringly confusing, and law enforcement just isn’t equipped or funded to fight these crimes (yet), and Governments need to invest more heavily in this area.

Cybercriminals know this. They also know that quite often victims will either be too embarrassed to inform law enforcement, or won’t know that they should. In my experience, when I speak to those affected by Ransomware, or mandate fraud, the order of calls they make are;

1. IT Service provider

2. Bank

3. Insurer

4. Police / Action Fraud

5. Cybersecurity provider

The order is frustratingly logical; Something wrong with IT, call the IT service provider, who explains what’s happened, so the bank is called to try and recoup lost money, followed by a call to the insurer to see if the loss is covered. The insurer explains they can’t do anything without a crime reference number. Finally, the police are called, who will help (or not).  Finally, the affected company decides to improve security and calls the Cybersecurity provider.

Of course, this only describes one kind of Cybercrime. Scamming, mandate fraud, blackmail, IP theft, harassment, hacktivism, DDoS attacks are all approaches taken by the Cybercriminals. Usually, with the intent of gaining money, but could quite easily be with the intent to disrupt your services (e.g. to gain competitor advantage, hacktivism etc.).

 

Why Cybercrime is increasing

Cybercrime is increasing because criminals go where people are. Pickpockets don’t hang out in empty streets. They go to festivals and large busy cities. They know people are distracted and not paying attention. That’s why they have turned their attention to our digital universe. We are there, so they are there too.

Cybercrime is increasing because it makes money, and as Cybercriminals have reported; “It’s easier to steal $1,000 from 1 Million people than $10 Million from one place. No one is likely to come looking for you.”

Cybercrime is increasing because we are increasingly putting devices into our homes, and handing them to our children with very little thought about the privacy and security limitations. ‘Ease of use’ is always a consideration when making purchasing decisions. It’s rare that questions are asked about the security and privacy aspects of the device (although I’m pleased to say I feel there is a change occurring here).

 

Prevention is better than cure

It is often stated in Cybersecurity that it’s not a matter of ‘if’, but a question of ‘when’ you will become a victim of Cybercrime.

But not all is lost.  Most Cybercrime is opportunistic. They take advantage of our distraction, as we’re busy living our lives. They count on our being unaware of the dangers, and on being unprepared. So there are simple things we can do to thwart their efforts.

– Talk to people in your business about Cybercrime and what the impact would be on you

– Talk about what Cybercriminals could do to get into your business (think like a ‘crim’!)

– Keep an eye on your accounts and finances – They call it ‘check and balance’ for a reason

– Remember; If it looks too good to be true – it probably is

– Be sceptical when asked to change bank details or make money transfers. Always check that you’re talking to a legitimate person

– Remember that Cybersecurity is part of Information Security; So think of it in terms of People, Premises, Processes, and Providers – not just PCs

There are so many other things we can do to protect ourselves, and I’m sure I’ll cover these in other blogs. But for now, think of Cybercriminals as you would common Burglars. 

They are looking for an easy target. For the business that hasn’t thought about security; No locks. No gates. No alarms. No training.

Cybercrime is increasing because we’ve made it easy for them. Let’s take back control

Other resources

Case studies

Our cyber consulting team works with clients from public sector bodies and global businesses to SMEs and start-ups. Read our success stories here. Learn more >

Video

See what our team have been discussing around current issues in regulation and data security, and recommended processes and policies that will benefit your business. Learn more >

Whitepapers

In our collection of whitepapers, Cyberfort’s cyber consulting experts explore issues from cyber threat intelligence to incident planning and data security. Read our whitepapers to help make informed decisions for the benefit of your business.Learn more >