There’s a lot about online crime that’s ambiguous and confusing, but the damage it’s doing is all too clear. Recent research figures released by the FBI and reports from independent cybersecurity experts estimate that the damage bill from cybercrime in 2018 will reach more than US$12 billion dollars.
The accelerating growth of cybercrime makes it one of the most serious threats facing companies, both large and small.
Businesses that fail to secure their online systems properly are leaving themselves open to fraud as well as placing their customer relationships at risk; it’s hard to put your faith in a company that lets its customers data fall into criminal hands.
With the introduction of the EU’s GDPR regulations on May 25 came harsh financial penalties for companies that allow personal information to be hacked or stolen.
GDPR signals the seriousness of the cybercrime threat; that cybercrime against companies is booming. But the level of awareness amongst senior management isn’t keeping pace yet.
The introduction of GDPR means that a lot of businesspeople are thinking about cybersecurity for the first time.
This article is a quick-start guide to help you address the most important issues:
- social engineering
- BEC fraud
- protective strategy
- team education
This is one of the most urgent issues on the business agenda right now.
It’s time for all companies, large and small, to rise to the cybersecurity challenge.
Smaller businesses are targets
"Cybercriminals are becoming more sophisticated and small businesses are particularly vulnerable. Many small businesses have successfully blended their physical and virtual shopfronts to establish sustainable operating models... Cybercriminals now are attacking small businesses very regularly. They know the big guys have really cool systems and they know the little guys haven't.” - Australian Small Business Ombudsman, Kate Carnell.
It’s not just big corporations that are targeted by cybercrime. Cybercriminals perceive smaller companies to be soft targets and unfortunately, in many cases, this is true.
If your small business doesn’t have multi-layered cybersecurity measures in place yet, think about these stats from Ombudsman Carnell’s office:
- cybercrime attacks have increased by 300% since 2015
- 43% of cybercrime targets smaller businesses
- 22% of small businesses hit by cyber-attacks are so badly affected they cannot continue operating
- 60% of small businesses that experience a significant cyber breach go out of business within the following six months
> Read more about small business data protection in the article Ensuring your cash flow security.
Email: the biggest threat vector
Picture this scenario: the CEO of a big logistics company is about to leave work on a Friday afternoon. Just as he’s walking out the door, he gets an email from his PA reminding him to authorise a big money transfer to the tune of $20 million. He’s expecting the message - the payment is the final step in closing a big deal he’s been working on for weeks - so he clicks on the link in his PA’s message and transfers the funds.
A few minutes later the CEO gets a confused phone call from his PA, asking where the money has gone. It turns out the message with the link he’d clicked on was phoney. Scammers have been monitoring the company’s communications on social media and email, looking for the opportunity to make a big score.
The message the CEO got was a fake, sent by the scammers pretending to be his PA. With that one fake email message they were able to steal $20 million.
The story above sounds outrageous, but it’s factual, and social engineering crimes like this are becoming more and more common.
Social engineering attacks use simple tools like phone calls and email so they are easy to execute and can be very lucrative for criminals. Upward of 90% of cybercrime is now instigated via email, making it the leading threat vector.
> You can learn more about social engineering and the way it’s driving the email scam epidemic in the article One email can take down your business.
> Read more about “whaling” a.k.a. CEO fraud in the article Business Owners Hunted.
Prevention is the only strategy that really works in terms of dealing with cybercrime. Simply running an occasional virus scan on your laptop doesn’t cut it anymore - it’s like defending yourself from terrorism by keeping a baseball bat under your bed.
Cybercriminals are constantly switching up their attack methods to maintain the element of surprise.
In one email scam MailGuard intercepted the scammers used over 160 variations of the attack to stay ahead of antivirus updates.
The objective of criminal syndicates is to get their malicious email into company inboxes, because people are much easier to trick than machines. If they can get one person inside a company to open a scam email and click on a link, they can potentially infect the whole company’s computer network with malware.
Companies that rely on one kind of threat protection alone are gambling with their data-security.
All it takes is one person in an office naively clicking on an email link to bring a company to a standstill.
No government would approach national security with just an army, or just a navy, or just a police force. There are multiple overlapping security agencies because that’s what it takes to protect a nation from complex threats. Cybersecurity is no different. No cybersecurity is 100% effective, but adopting a layered defence strategy gives the best protection possible.
> Learn more about the importance of layered protection in this article: Cybersecurity: a Multi-Layered Strategy is Required.
Educate your team
A well-educated team is one of the most powerful security assets a company can have. The best security software in the world won’t be fully effective if employees don’t understand how to recognise and avoid the most common cyber-threats.
Cybercriminals target companies through their employee’s inboxes, so by educating staff in basic cyber-self-defence, a company can make a big improvement in their security.
It’s not necessary for every member of a team to be a cybersecurity expert but everyone should know about the most common threats like email-borne malware and social engineering.
Beating cybercrime starts with awareness. The criminals targeting company inboxes are counting on staff being unprepared for their attacks. Closing the gaps in security means making cybercrime prevention a company-wide goal and making every team member part of the solution.
> For more information about cybersecurity education, read this article: “Educating teams is a cybersecurity must-do.”
> Heard about GDPR but don’t know how it affects your company? Download our easy-to-read info-pack, here.
Hi, I’m Craig McDonald; MailGuard CEO and cybersecurity author.
If you would like to learn more about the complex cybersecurity challenges facing business today, please download my e-book Surviving the Rise of Cybercrime.
I wrote this plain English handbook to explain the most common threats and it provides an essential guide to managing risk.
Rob Sloan, Cybersecurity Research Director of The Wall Street Journal said this about my book:
“Cybercrime is a serious and growing business risk. Building an effective cybersecurity culture within an organisation requires directors and executives to lead by example. Surviving the Rise of Cybercrime is a must-read for directors and executives across business and in government and provides strong foundations for leaders determined to address cyber risk.”
Download your copy of Surviving the Rise of Cybercrime for free, here.