While cybercrime used to be a somewhat elusive practice, ransomware attacks have steadily been on the rise since 2018. In fact, the total number of cyberattacks from all of 2020 was replicated by the mere third quarter of 2021. This year, it’s been estimated that approximately 90 percent of all businesses will be impacted, in some form or fashion, by ransomware. Even companies lucky enough to evade a direct attack are likely to be affected through a business partner, vendor, or other contact suffering cybercrime directly.
Cybercrime activity totaled more than all other illegal activity combined last year. With the growing trend of financial gain for cyber criminals, it’s easy to see why. It’s easy, profitable, and hard to get caught. In 2018 alone, cybercrime profits totaled $1.5 trillion dollars. “An individual cybercriminal can make upwards of half a million dollars in a year simply by trafficking stolen data,” states Derek Hedrick, Chief Technology Officer/ President of Ameritech Computer Consultants, Inc. Considering 90 percent of cybercrime occurs outside the U.S., that can be a life-altering sum for many.
Sadly, a good portion of cybercrime stems from people in adverse situations. “There are people making a $3,000 cell phone for $2.50 per week. Consider the enticement of being able to create a piece of code that can take in information, steal data, and demand ransom be paid,” continues Hedrick. “Some of these people are just trying to survive.”
The Center for Strategic and International Studies, in partnership with McAfee, concluded in a global report that close to $600 billion—nearly one percent of global GDP, is lost to cybercrime annually.
Cybercrime, as defined by the United States Council of Economic Advisors, is an activity, other than one authorized by or in accordance with U.S. law, that seeks to compromise or impair the confidentiality, integrity, or availability of computers, information or communications systems, networks, physical or virtual infrastructure controlled by computers or information systems, or the information resident thereon.
Hedrick goes a step further, explaining, “Cybercrime is when cybercriminals launch cyberattacks on your business as an entity or you as an individual. Cyberattacks are typically launched to steal money, gain access to financial and sensitive data, weaken integrity or disrupt the operations of a company or an individual. Attacks often result in crimes such as financial fraud, as well as information or identity theft.”
Cybercrime has increased to the point that malicious hackers attack computers and/or networks once every 39 seconds. Roughly 900 phishing attempts per financial institution and 9,000 attempts per technology company are detected each day. Microsoft cloud services are seeing nearly 300 million fraudulent sign-in attempts daily.
“One of the reasons hackers are so successful is that we’re busy. If I get an email that Amazon has made a delivery, which I get every day, it’s not out of the ordinary. So, when I get one that says I got a $4000 package, when I didn’t order a $4000 package, I’m going to click on it,” describes Hedrick. “However, hackers can create a copy of the website and everything, so that when clicked, it redirects to a fake site. Chances are, you will log in because it looks familiar. Now, they have your username and password, and if they’re actively monitoring, can immediately log in to do some redirect of transactions or whatever. It’s instantaneous.”
“I tell people in my seminars all the time, ‘Never ever click on a link in an email. Don’t do it!’ That is the number one way cybercriminals can get into your company—by you inviting them in or clicking on a link. If you take a few minutes more to physically type the website into your browser and log in to view your transactions, you don’t run the risk of having an intrusion into your business or personal accounts.”
Phishing sites are now mimicking major technology players like Amazon, Google, Apple, Facebook, and Yahoo. Lookalike UPS notifications are another common fraud. And insidious phishing sites, like those imitating Dropbox, can even dupe users into uploading files for cybercriminals to access.
Overall, email is the most common method for cybercrime, with social media not far behind. The Valimail Spring 2019 Email Fraud Landscape report indicated a total of over 3.4 billion fake emails sent each day. With around 30 percent of all phishing emails in the U.S. opened daily, it’s costing organizations millions each year. Unfortunately, it doesn’t stop there.
“Be aware that cybercrime is not restricted to the desktop alone; mobile devices have proliferated in recent years, and with them viruses, malware, and phishing scams,” expresses Hedrick. “Because of its open marketplace, the Android platform is home to a variety of malware. In a recent survey, 72 percent of all apps for the operating system were regarded as suspicious, unwanted, or malicious, with trojans making up the majority of threats. Now connect that phone to your computer and guess what happens?”
The most likely cybersecurity threats your business will be exposed to include cyber fraud like phishing; malware attacks such as viruses, worms, trojans, spyware, and rootkits; ransomware attacks; drive-by downloads; hacking; key logging; password decryption; out-of-date, unpatched software, and more.
“A successful cyberattack can cause major damage to your business. It can affect your bottom line, as well as your business’ standing and consumer trust,” state Hedrick.
The impact of a security breach is not just financial, but also reputational and legal, too. For example, in May 2017, Target paid a $18.7 million settlement over a large-scale data breach that took place in 2013. The company reported that the total cost of the breach exceeded $202 million.
Large corporations can pay a hefty price, but chances are they have the resources to survive long-term. In 2018, each cyberattack was estimated to cost the targeted corporation between $100,000 to $1,000,000 to recover. But for small to medium-sized businesses, the damage caused from a cyberattack can prove fatal: 60 percent of businesses fold within six months the attack.
At the end of the day, we are all targets for cybercrime. “With more and more TAB firms going to a digital environment, it’s not a matter of if someone will become a victim of cybercrime but a matter of when,” conveys Hedrick. “That is why we are trying to educate our TAB firms on this topic.”
“The cost of a single intrusion is going to be in hundreds of thousands of dollars for most people. One company I know bought a cybersecurity rider early on, paying $20,000 total. A few years later, an event occurred which would have cost them $350,000 without it. Also, keep in mind a lot of insurance companies are rejecting claims if the company does not have end point detection (EDP) protocols in place. It’s the company’s responsibility to take the proper precautions. An EDP like one we use can detect a ransomware attack on a computer and drop it off the network, immediately isolating the network connection to protect the system.”
Looking to get NEBB Certified? Request your application today.