Cybersecurity is a growing problem for firms, big and small, around the world. With the costs of online criminality expected to reach $6 trillion (according to Cybersecurity Ventures) through 2021, the revenue generated by cybercrime and cyberattack makes it, by comparison, the world’s third-largest economy behind the USA and China.
Estimated reading time: 6 minutes
Even more depressingly, online crime shows no signs of slowing, with forecasts suggesting it could grow year on year by 15%, eventually, according to Cybersecurity Ventures, reaching an astonishing $10.5 trillion by 2025 – more even than the total money generated by the trade of illegal drugs globally.
What is a cyberattack?
Broadly speaking a cyberattack is any action taken by a hacker (or, more commonly, groups of hackers) to infiltrate digital networks with the malicious intention of stealing/locking down data, compromising systems or fabricating information. The cybercriminals typically take control of computers or networks to exploit owners or disrupt operations. Cyberattacks can take many different forms – although the intention remains generally the same.
The growing sophistication of cybercrime
With so much money up for grabs, it should come as little wonder that cybercriminals are employing increasingly sophisticated methods to attack firms ranging from ransomware to phishing and malware (more detail later).
However, as companies invest more and more in protecting themselves (cybersecurity spending is expected to exceed $150 billion this year alone), online criminals are even starting to use Artificial Intelligence (AI) to find backdoors and weak points in networks.
The risks to smaller businesses
Unfortunately, there is a misconceived notion among many Small to Medium-sized Enterprises (SMEs) that their firms simply are not big enough or do not generate enough revenue to be the target of a cyberattack. Actually, quite the opposite true and online criminals are increasingly turning their attention to SMEs, primarily because of their lax approach to security. Indeed, in 2019, research found that one in three of all data breaches occurred in smaller companies while the average cost of a security incident for SMEs in 2020 totaled $7.68 million. Despite these worrying figures, a recent survey found that 60% believe their firm will remain immune while 43% have zero security defense plan.
The most common forms of cyberattack in 2021
It could be argued 2020 was a year like no other and the lockdowns and isolation caused by the emergence and spread of the Coronavirus brought with them an explosion in online crime. Even now, midway through 2021 and with the promise of vaccine rollouts and the hope of a return to relative normality, these worrying trends show no signs of abating. Indeed, online crime today is a bigger danger than at any other point in the history of the web.
As with so many other aspects of life, prevention is the best cure and the most effective defense against falling victim to cybercrime is first and foremost education. If you know the risks and the tell-tale signs of an attack, you will be in a much better position to prevent it.
Phishing attacks are a form of social engineering where the hacker plays on the inherent human tendency to trust and the primary reason these attacks are so successful is that they are virtually impossible to defend against, no matter how sophisticated your security system is.
In a phishing attack, the hacker will assume the identity of a trusted person or entity, known to the victim, to create trust. The attacker carries out this masquerade typically via an email designed to look exactly like it has come from the trusted source.
Phishing attacks commonly aim to exploit private data like usernames or passwords to gain access to accounts. Other common forms of attack attempt to persuade users to wire money or simply try to get credit card details. Often attackers redirect the victim to a similarly fake site, branded to look identical to the real version to persuade users to part with sensitive data.
While phishing attacks are often just counted as one category, actually there are another two common types of subcategory:
Spear phishing: In a spear phishing attack, the hacker will often go to great lengths to research the target and his/her associates. They will then assume the identity of a seemingly trustworthy individual known to the target (e.g. work colleague or trusted associate like a bank manager), often to request money or gain access to information the user would never normally willingly release.
Whale phishing: In recent months there has been an alarming growth in whale phishing attacks. Whale phishing is essentially an extension of phishing and spear phishing but this time directed at people in authority or power. This type of attack can be directed against CEOs or executives to exploit private and sensitive information.
Your best shot at protecting against a phishing attack is to educate your staff to recognize the warning signs of phishing emails.
Many would argue ransomware attacks are the most nefarious of all forms of cyberattack. In a ransomware attack, the hacker will infiltrate a user’s computer or company network and effectively lock down the data until they receive a payment (hence the reason for the name ransomware). If the money is not received by a stipulated time, the hacker will effectively flick the switch and delete the files. Ransomware is one of the fastest-growing forms of attack, particularly in the healthcare and defense sectors (although, in truth) no firm or industry is immune).
It is also worth noting most security experts suggest against paying the ransom payments as there is zero guarantee that the hacker will release the files – indeed, many do not.
From a hacker’s point of view, sometimes the best attacks are the simplest and, despite growing awareness among most users of the importance of using secure credentials, password attacks remain surprisingly common. If you or your staff use easy-to-guess passwords or passwords shared across multiple accounts, you are leaving your firm wide open to attack.
To protect your company against a password attack, you should insist that everyone who has access to your network uses more complex, alphanumeric passwords that they change regularly (around once a month should be enough). You should also ensure employees do not use the same password across multiple services – for example, using the same password for work accounts, Gmail and social media. Even just taking these simple precautions could save your firm from falling victim to a malicious attack.
Other common forms of attack
Unfortunately, the risks to companies do not stop there and there are several other forms of attack used by hackers including (but not limited to) drive-by attacks, malware, trojan horses, man-in-the-middle (MITM), distributed denial of service (DDoS), DNS tunneling, brute force, SQL injection and cross-site scripting attacks. In truth, if you want to guarantee the online security of your firm, you should partner with a skilled cybersecurity provider.
What are your thoughts on cybercrime? Please share your thoughts on any of the social media pages listed below. You can also comment on our MeWe page by joining the MeWe social network.