How worried should business executives and SME business owners be about cybercrime?
It seems like there is a cybersecurity scare every day in the mainstream media. Every time I open the Google news feature on my smartphone, there is at least one report of yet another security breach or malware threat.
Just this week the BBC published a report explaining “why remote working leaves us vulnerable to cyber-attacks” and mainstream media in the US is all President Biden’s push to “fortify” cybersecurity on critical infrastructure in the US.
Statistics indicate that 64% of companies worldwide experience at least one form of cyber attack a day. Note that an attack is not a breach. More importantly, most “attacks” are harmless. Globally, 30,000 websites are breached.
That’s not to say cyber attacks should be taken lightly. For businesses, a data breach can be a disaster. In accordance with data privacy legislation, businesses are obligated to report a data breach to all parties that might be affected. Subsequently, a brand’s reputation is damaged and sales drop.
In addition, firms that fail to implement adequate cybersecurity defences will be handed a penalty. The General Data Protection Regulations (GDPR) for example, will land businesses with fines of two or four per cent of their annual turnover or up to 20m euro.
It is estimated that some 30 billion data records were stolen online during the global pandemic. With organisations forced to deploy a remote workforce, cybercriminals ceased on the opportunity to exploit gateways in vulnerable devices and software.
Hackers Using Sophisticated Programming Language
Like most technologies that are wrapped up in the digital revolution, malicious software continues to evolve. Cybersecurity experts are increasingly finding new programming languages designed to avoid detection.
Cybersecurity defences largely rely on identifying code that has been used by hackers previously. When signature language is detected, anti-malware tools can isolate the malicious code and destroy it.
For the most part, cybersecurity software is highly effective. A 2019 comparative study found that the top 10 most efficient antivirus products capture 90% to 98% of malicious codes.
Yet high-profile attacks are reported on a weekly basis. Companies that you would expect to avoid data breaches are getting hacked. What’s going on?
Despite the repeated warnings, 80% of IT professionals say their company lacks sufficient protection against cyber attacks.
So should companies really be that worried about cybercrime?
Ransomware Attacks up 300%
A recent report published by the Institute for Security and Technology reveals the number of ransomware victims increased by 300% between 2019 and 2020.
Other statistics tell a different story.
Ransomware has been around for almost three decades. It first emerged in the 1980s and has risen to prominence in the last half-decade or so – since mainstream media started reporting about it.
The technology should not be downplayed of course. Together with phishing, ransomware is the most popular hiking technique among cybercriminals.
Ransomware allows malicious actors to take control of a computer system. It’s like they kidnap your files then demand that you pay a ransom in return for your files.
Cybercrime can be a lucrative business. The average ransomware payout is estimated to be around $200,000. Moreover, hackers see how well the software works for other hackers and adopt the technology – which incidentally, can be purchased as a software as a service (SAAS).
New Pegasus Spyware Attacks
If you haven’t already heard of Pegasus spyware, it’s probably a topic you should get yourself clued up about. Developed by a private contractor that goes by the name of NSO Group, Pegasus helps government agencies spy on the rest of us. And according to WhatsApp, one another.
WhatsApp CEO, Will Cathcart recently grassed on the NSO Group and accused government officials of using NSO’s Pegasus software to target high ranking national security officials across the world in 2019.
But the spyware is not only be used to monitor political correspondence. An international group of ‘rogue’ reporters has revealed how governments are using Pegasus to access the devices of activists, business executives, journalists, lawyers and anyone else they might be interested in.
The software is the most powerful spying tool in history. The program can infect a phone and retrieve any data stored on the hard drive; photos, videos, private messages, social media updates, passwords and audio recordings.
Reports also reveal the spyware can hack into a smartphone with a single text message. “Zero-click” attacks are no match for next-generation cybersecurity controls.
The influx of reports in the mainstream media is scary. They’re supposed to be. Too many businesses are neglecting cybersecurity measures and are leaving consumer data exposed.
Yet it appears the biggest threat to consumer privacy comes from government security agencies.
How Bad is Cybercrime Really?
Government agencies aside, cybercrime is blown out of proportion. That’s not to say you should be nonchalant about cybersecurity defences. On the contrary, cybersecurity should be a top priority for businesses of all sizes.
However, provided you have adequate defences including firewalls, anti-virus protection, two-way authentication and patch management updates for software, most malicious actors will not be able to breach your business network.
There is one potential issue, however; your staff. Over 90% of data breaches are the result of human error. The growth of hybrid models and Bring-Your-Own-Device policies can make businesses even more vulnerable.
The solution is to train your employees about the threats posed by cybercriminals. Your staff should be aware of the techniques malicious actors use, how to identify attacks and the protocols to follow for reporting suspicious incidents.
The increasing number of reports highlighting vicarious online activity should be something business executives sit up and take notice of.
On the other hand, cybercrime shouldn’t be something that keeps you up at night either. Providing you take appropriate action to ensure sensitive data you collect and store on your business network is protected, there is less risk of suffering a data breach.