We live in an online world. As there is very little you cannot do online these days it unfortunately includes being targeted by criminals. The COVID-19 pandemic meant that companies were forced to move to online solutions for many more aspects of their business, providing cybercriminals with even greater opportunities.
The FBI reports that cybercrimes are up 300% since the pandemic began. Cybercriminals use computers and other technology to commit crimes on digital systems by stealing money or information they can use for profit. They will target both companies and individuals, so it is important to be fully aware of the scams.
The American company Cybersecurity Ventures forecast that cybercrime would cost USD 6 trillion globally in 2021, twice as much as it cost in 2015. The move to remote work has meant that the average cost of a data breach has risen by USD 137,000. Never has it been more important for organisations to protect themselves from cybercriminals. And this is only likely to increase in importance.
Cybercrime does not only cost the amount of money that is stolen or the cost of retrieving data, or so on. It can cost far more in penalties and fines if industry guidelines have not been met and the reputational cost can be unlimited.
What motivates cybercriminals?
The first and most obvious answer to what motivates cybercriminals is money. Cybercrime can be used to extort money and divert funds. Stolen data can be sold to third parties as well as held to ransom. The Verizon Business 2020 Data Breach Investigations Report found that “86% of breaches were for money”. Cybercriminals will access company files and information for spying by competitors or politically-motivated purposes. Finally, attacks can be instigated by competitors or rival countries to cause disruption or access information.
Types of cyber attacks
Organisations are at risk of cyberattacks including business email compromise (BEC) and all the methods that cybercriminals use to obtain money and data fraudulently. Over USD 1.86 billion was stolen in the US due to BEC and EAC (email account compromise) according to the FBI’s 2020 Internet Crime Report. Organisations and their employees need to be aware of the methods and means used by cybercriminals to extract money or data from companies. The main techniques used are:
- Phishing and spear phishing: Phishing emails will seem to have come from a legitimate source but are from a cybercriminal. They are intended to extract useful information that can be used to access funds. Spear phishing is more sophisticated as it uses social engineering techniques to customise emails to increase the appearance of authenticity.
- Malware: software can be embedded in emails and used to damage or defraud an organisation. Files and systems can be encrypted or taken over by ransomware and companies will have to pay to regain control of them.
- CEO fraud: cybercriminals will take over the email accounts of senior executives and use them to divert funds using the ‘help’ of unsuspecting employees.
- Identity theft: company information can be used to access or create accounts. For example, fraudsters can change company register information and use it to set up parallel accounts and so on.
Protection from cybercriminals for companies
There are various measures that companies can employ to protect themselves from cybercriminals and it is vital to be properly prepared. Yahoo finally admitted – four years after the event – that 3 billion accounts had been accessed in 2013. The revelation meant that their deal with Verizon went through at a lower price. The US travel services company CWT Global paid more than USD 4.5 million in bitcoin to cybercriminals in 2020. We could cite a long list of examples.
Companies can help themselves by utilising:
- Anti-virus software: this is the first and most obvious line of defence. However, this is not enough on its own.
- Education and training of employees: make sure your employees are aware of the risks and methods of cybercriminals and how they attack.
- Payments and approvals: The fewer people there are who can make payments the harder it is for cybercriminals. However, dual approval should be required for manual payments to avoid internal fraud. Bank account details and amounts should be independently verified.
- Know your business : organisations should obtain and verify certain information about companies they deal with.
- Real-time dData control software: Trustpair software will run an automatic check of payment files to detect suspicious behaviour and ensure you are dealing with the right third party. Vendor master file monitoring provides peace of mind. Automated systems provide a strong line of defence.
To find out more about how our software can help reduce your company’s fraud risk, please contact us now to request a demo.
- Cybercrime is on the rise and companies need to protect themselves
- Cybercriminals employ different methods to extract information and money from companies
- Trustpair software offers tools that reduce the chances of becoming victim to cybercrimes