Cybersecurity Is Everybody’s Problem
January 26, 2021
By Hubert Klein and Susannah Prill
At $6 trillion per year, the annual global cost of cybercrime is greater than the gross domestic product of seven of the world’s top 10 economies, surpassing Japan, Germany and the United Kingdom by jaw-dropping margins. Cybercrime’s rate of growth is even more foreboding. Global damages from cybercrime are expected to grow at 15% per year through 2025. More than 50% of cyberattacks target small to medium-sized business, many of which fail within six months of an attack.
These stark conditions are a wakeup call for businesses and individuals who increasingly transact business online. While the risks are increasing, the budgets for combatting cyberattacks have stagnated. Performing an IT security checkup and reviewing insurance policies for cybersecurity coverage should be at the top of everyone’s 2021 to-do list. Furthermore, companies should proactively train staff on cybersecurity risks and common fraud types. The FBI currently lists the following top five cybersecurity risks to businesses:
While financial institutions have made great strides in detecting and deterring existing client ID theft, cyber criminals increasingly rely on “synthetic identity theft” to create fictitious identities that are increasingly realistic and difficult to detect. To create a synthetic identity, the cybercriminal will develop a composite from pieces of legitimate personally identifying information, combining or slightly altering names and addresses from real people, to create bogus customer profiles and open fraudulent accounts. Synthetic identity fraud is the fastest growing financial crime in the U.S.
Business Email Compromise (“BEC”)
BEC typically relies on social engineering to persuade an employee to wire funds to an external organization or individual. A common scheme involves creating a new email address that looks deceptively similar to a legitimate email address, such as that of a CEO or other executive. Have policies in place to confirm transactions over a certain size via telephone or other reliable means.
This is malware that infects computers and mobile devices, locking users out until a ransom is paid. As of April 2020, 73% of small B2B businesses admit to having paid a ransom. Ransoms in 2020 cost businesses, nonprofits and local governments $20 billion, with an average payout of $233,817. Furthermore, ransomware causes downtime and extended business interruptions while compromising and holding hostage one of the company’s most valuable assets—its data. Since the pandemic, researchers found that ransomware attacks grew by 72% as bad actors exploited the public’s appetite for COVID-19-related information by luring targets to download applications from fake websites under the guise of COVID-19 tracking materials. The FBI recommends a multi-level approach to security with respect to ransomware, including regular use of phishing simulations to create awareness, content filtering, DNS security, and installing mechanisms like blocking technology that prevent employees from visiting compromised sites.
Crypto Mining Malware
Also known as crypto jacking, this is malware that exploits a computer network’s processing power to generate income from cryptocurrency mining without permission. Some of these programs are designed to hijack smartphones and are so aggressive that they actually overheat the battery and damage the device. AdGuard estimates that more than 500 million users are mining cryptocurrencies without even knowing.
Advanced Persistent Threats (“APTs”)
APTs are advanced hacks, usually by nation-state actors intending massive harm to large organizations or government agencies. One example is the WannaCry ransomware crypto worm that infected more than 300,000 computers that were running older versions of Microsoft Windows in 2017. Damages were estimated in the billions of dollars globally.
Help Is Out There
The pervasiveness of cybersecurity threats and increasing connectivity of computer networks and mobile devices make cybersecurity everyone’s problem. If in-house resources are not available, consider working with an IT risk and cybersecurity specialist to help prevent threats—before they become an issue. For example, EisnerAmper’s Process, Risk and Technology Solutions group developed a proprietary tool called FiR$T Look that provides clients a checklist of their current IT gaps compared to their peers and the potential financial impacts. As always, training, awareness, cybersecurity risk assessment and management should remain top of mind.