Blog

As cybercrime has been on the uptick in the past two years, organizations worldwide should be prioritizing cybersecurity to safeguard the consumers’ digital experience.

As the numbers show, cybercrime has been on the rise globally in the past two years, with the aftermath being just as devastating as the attack itself, and the cleanup costing as much, if not more. Several reports also indicate that executives worldwide expect cybercrime to be the most disruptive economic crime impacting their business, but aren’t being proactive enough to safeguard their companies and consumers.

The Staggering Cost Worldwide

Cybersecurity Ventures, researcher and publisher covering the global cyber economy, predicted in 2016 that cybercrime would cost $6 trillion annually by 2021, worldwide. That’s double, compared to $3 trillion in 2015.

Today, this cost means that cybercrime:

• Represents the biggest transfer of economic wealth in history
• Poses risk to innovation initiatives worldwide
• Became more profitable than all the illegal drug trade globally

Cybercrime costs aren’t just measured in clearcut financial terms and numbers. They also include harder-to-quantify but just as damaging reputational harm, loss of productivity, disruption to day-to-day business processes, intellectual property theft, and data damage and destruction, among other factors.

The devastating consequences on the global economy are seen everywhere. Earlier this month, the Department of Justice, Department of Homeland Security, and the FBI led a major coordinated law enforcement effort to disrupt international business email compromise (BEC) schemes to hijack wire transfers from both individuals and businesses.

Operation WireWire was a six-month sweep that has resulted in dozens of arrests on several continents and a “seizure of nearly $2.4 million and the disruption and recovery of approximately $14 million in fraudulent wire transfers.” In connection to this case, the Internet Crime Complaint Center (IC3), which keeps track of BEC and its cousin, email account compromise (EAC), reported a total loss of $3.7 billion.

Are Businesses Losing the Cybersecurity Battle?

According to a recent Radware report, 69% of companies worldwide experienced a ransomware attack in the past year, up from 14% in 2016. Not only the legal and the financial fallout put those companies at risk but, for the first time, more than half (53%) of the executives at those companies have reported paying a hacker’s ransom.

Other keys findings included:

• Out of 200 executives surveyed worldwide, 66% said they weren’t confident in their network security and thought it could be hacked.
• The ransom payment, plus work loss and response time, could cost an organization more than $900,000 on average.
• In brutal cyberattack aftermath, 41% of organizations faced legal action from customers following a security breach.
• And 34% said they’ve also experienced brand reputation loss.

Business Fraud on the Global Uptick

The consulting company PwC conducted a survey on the global impact of business fraud, calling it a “shadow industry with tentacles in every country, sector and function.” The “PwC’s 2018 Global Economic Crime and Fraud Survey” has reported these troubling findings:

• 49% of organizations worldwide said they’ve experienced economic crime in the past two years, a 63% increase since 2008
• Cybercrime was #2 type of fraud behind asset misappropriation; ahead of business misconduct, bribery and corruption, and fraud committed by the consumer
• Cybercrime was #1 fraud category in the U.S.
• 24% of organizations reported asset misappropriation through a cyberattack
• 21% said they’ve experienced extortion through a cyberattack
• 30% experienced disruption of business processes through a cyberattack
• Cybercrime was reported as the most disruptive and serious type of economic crime to impact the organizations in the next two years
• 41% of executives reported spending at least twice as much on investigations and related cybercrime cleanup as they did on the actual losses
• 54% of organizations have conducted a general fraud or economic-crime risk assessment in the past two years; less than half conducted a cybercrime risk assessment

Types of Cybercrime

Here are the most common types of cybercrime, in alphabetical order:

Botnets. Large networks, controlled remotely and used to attack other computers (DDoS, spamming), or infect other computers and networks with malware.

DDoS attacks. Used to bring down a website by overwhelming it with traffic. Could be used a distraction for hacking, with the purpose of extortion or blackmail.

Drive-By-Downloads. Similar to malvertising, these attacks download malicious code if you click on something on a website you’re visiting. Neither the user nor the infected website may be aware they’ve been compromised.

Exploit Kits. Ready-to-use, illegal hacking tools available for purchase and upgraded like normal software.

Identity theft. One of the most common types of cybercrime. When a person pretends to be some other person, for financial gain, manifesting in a data breach to obtain personal information such as social security number, email address, credit card information, etc.

Malvertising. Malverts can pass for genuine ads but are in facts malicious advertisement that is infected. When users click on the ad they download malicious code.

Phishing/Spam. Common and insidious forms of cybercrime. Spam is unwanted messages and emails sent by spambots; phishing is used to bait a user to give out personal information by responding to a fake offer or proposal (in the form of a loan offer, lottery win announcement, business proposal, etc.).

Potentially Unwanted Programs (PUPs). Form of malware that installs unwanted software in your system — spyware, adware, dialers (such as search agents and toolbars). It’s usually less harmful than other forms of malware but still annoying.

Ransomware. Malware-based attack with the purpose of hacking a computer network and encrypting the files in order to demand ransom in exchange for the key to unlock the encryption.

Remote Administration Tools. Those help control a computer remotely for illegal purposes such as data theft.

Scams. A broad category that includes such online scams as fake tech support phone and website operations that randomly contact users to dupe them into paying for the non-existent tech issues.

Social Engineering. Similar to phishing and identity theft in intent, but involves direct contact with the person being targeted (typically in the form of an email) to gain trust and obtain information cybercriminals could use for personal gain. If they don’t use it themselves they could sell it.

Cybercrime Breakdown by Numbers

The PwC report distinguishes cybercrime as fraud but makes a point that all digital fraud is considered fraud, but not all fraud is digital. Cybercrime falls into two categories:

1. Digital theft. Includes theft of money, intellectual property, and personal information. Involves ransomware, extortion, and other crimes.
2. Digital fraud. Considered more disruptive and has longer-lasting consequences. More difficult to define and combat, digital fraud typically uses the company’s own business processes to attack it.

Here’s the cyberattack breakdown as reported by the surveyed organizations to PwC:

• 36% malware
• 33% phishing
• 13% network scanning
• 10% not sure of technique
• 8% brute force attack
• 7% man-in-the-middle attack
• 3% other techniques

Fortunately, like any human activity, cybercrime seeks to exploit the easiest vulnerabilities first. If your business is proactively defending itself, such as using a secure private network for its business activities, then it has immediately removed itself from the “low-hanging fruit list.”

For more information about how CyberReef can contribute to a robust cybersecurity and data protection plan, please contact the experts at CyberReef today.