Now that everyone is working, shopping, banking, dating and more online, cybercriminals have greater opportunities than ever to steal money. According to an FBI Internet Crime Report, cybercrime costs in the U.S. amounted to $6.9 billion in 2021. Apple, Samsung and Twitter are just a few of the large companies that have suffered cybersecurity attacks this year. Read on to find out more about what they target, the techniques they use and what you can do to stop them from stealing from your business.
What do cybercriminals target?
- Commercial data: Research and development projects, trade secrets etc., can be sold for plenty of money on the open market. Company identity: Cybercriminals may change contact and decision-making details at the level of government agencies and then open up trading accounts with retailers or take out bank loans.
- Customer databases. There’s a big value in selling customer databases with personal, financial and health details.
- Customer payment details. Credit card details can be very lucrative for cybercriminals. Banks may use machine learning and AI to pick up unusual transactions, but criminals can quickly extort money and move it offshore.
- Money in the bank. Dual factor authentication and various other security measures can make it difficult for cybercriminals to access business bank accounts. However, they often use sophisticated social engineering attacks to get unsuspecting employees to do things like transfer money into fake accounts.
Business Email Compromise (BEC) attacks are a type of phishing scam that’s increasing all the time. In a BEC attack, cybercriminals impersonate senior executives or company owners. They do this in order to trick employees, who will then transfer money or reveal confidential business information. By using social engineering, attacks aren’t picked up by traditional email security systems. There is more need than ever for businesses to use advanced email security systems.
How do cybercriminals attack businesses?
One of the main ways businesses lose money is when cybercriminals manage to manipulate employees. This is why cyber security training for employees is so important.
Businesses can also suffer losses when cybercriminals gain access to vulnerable cloud networks and computer systems. They need to conduct consistent security audits and always keep systems and software up to date to prevent this.
Another cause of significant revenue loss comes from insider theft. For example, an employee may resign and take confidential information to a new employer. In June of this year, a former Amazon employee was convicted for the role she played in the Capital One Breach. She used her knowledge of cloud server vulnerabilities while working for Amazon Web Services to steal the personal information of over 100 million people. Capital One had to pay out a $190 million class action lawsuit.
Acer became the victim of a ransomware attack in March and cybercriminals demanded a $50,000,000 ransom.
What techniques do cybercriminals use?
- Phishing: A phishing email impersonates a legitimate organization like a bank or retailer in an attempt to steal money or information.
- Malware: Malware gives cybercriminals the opportunity to control and alter computer behavior to their advantage.
- Man-in-the-middle attacks: These attacks often involve impersonating professionals like lawyers to manipulate people.
- Exploiting software vulnerabilities: Cybercriminals can take over computer networks by exploiting vulnerabilities in programs and apps.
- IoT breaches: Criminals can gain access to systems through poorly protected devices, such as security cameras.
- Identity theft: Businesses can also fall prey to identity theft, and they are more lucrative targets than individuals. Creating replica websites and fake profiles and resembling logos are some of the ways attackers harm your business.
- Ransomware attacks: Extortion is a common method hackers use to monetize stolen data. They target businesses with ransomware and encrypt files. They then demand money to restore the files. They either completely block access to the data or threaten to leak sensitive information online unless the demand for ransom is met.
- Distributed Denial of Service: A DDoS attack occurs when cybercriminals make millions of requests to access business websites, computer networks and internet connections. They can’t cope and shut down. “Release fees” are often paid to stop the attacks.
What can businesses do to prevent cybercrime?
As businesses begin to use more sophisticated technology, cybercriminals follow suit. It is difficult to prevent all attacks but regular cyber security training for all employees is one of the best ways to help reduce the risks.
- Give employees a list of checks and balances to prevent phishing. For example, employees must always report to a manager before paying a large invoice.
- Instruct employees to be wary of public Wi-Fi. They should rather use a VPN while out of the office.
- Teach employees to be careful about what they share on social media, as cybercriminals could use the information to impersonate them.
- Train employees on what they need to look out for and when to speak up.
- Monitor performance, test employees regularly and reward those who raise the alarm.
The following measures can also help to reduce the risks.
- Encrypt data: When data is encrypted, hackers can’t decipher it without a key, so it’s useless to them.
- Keep systems and software up to date: Apply any patches the day vendors release them to prevent hackers from exploiting vulnerabilities. Delete any unsupported software.
- Use access control systems. Limiting user access to sensitive information restricts the amount of damage a hacker can do.
- Use antivirus software: The best antivirus and security software can prevent downloading of ransomware and malware to systems.
- Protect IoT devices: Make sure every item connected to a network is secure, including IoT devices, mobile devices, terminals and laptops.
- Backup data regularly: With a backup of data securely stored away, extortion attempts are harder, and it’s easier to get back to business if an attack is successful.
It is easy for businesses to fall victim to cybercrime and lose money. Cybercriminals are creative and they always look for new ways to break into systems. It is hard to anticipate what they will do next. A multi-layered approach to security can help to minimize many of the risks.