Cybercrime is the steal of the century. It makes cybercriminals not millions but trillions of pounds every year. It costs businesses big time too, and all sizes and types of organisation can be a victim of cybercrime. Just an example of what we are up against: ransomware is expected to hit a business every 14 seconds in 2019.
But why have we ended up like this? Why can’t we seem to get on top of this digital crimewave?
Here’s are just some of the reasons why cybercrime will continue to challenge everyone, and how we might finally control it, even if we can’t eradicate it.
One of the reasons cybercrime is so successful is the ability for cybercriminals to read a situation. Back in the early 90s, malware was pushed out using floppy disks because that’s what people used. Then, as the internet and email became more common, email became the method used to infect machines; the ILoveYou virus being an infamous example.
In 2017, when cryptocurrency was popular and bitcoin hit big values, cybercriminals brought out specialist malware called crypto-mining bots. This malware type, once installed on a victim’s computer, would turn the PC into a slave to mine cryptocurrency. When the value of Bitcoin dropped, the cybercriminals dropped crypto-mining bots.
The internet has not only allowed cybercriminals to evolve, but it also enabled them to up their game. Malware and phishing ‘kits’ are available for a few pounds, allowing even novices to enter the world of cybercrime.
Cybercrime figures only ever seem to increase year on year. The Breach Level Index, which monitors data breaches, has identified 14.7 billion data records that have been exposed since 2013. This has been due to the ability for cybercriminals to evolve as the business and consumer landscape changes.
Cybercriminals are clever manipulators of human behaviour. Social engineering is where someone tricks a person into doing their bidding. Phishing is the number one way that malware ends up on a computer. The best way to deal with this type of cyber-threat is to understand it.
If a person understands how phishing works, in all of the forms it takes, they will be better able to protect themselves and the company they work for. But like malware and other forms of cyber attacks, phishing evolves.
Phishing fraudsters fit the crime to the situation. If the situation changes, their tactics change.
Social engineering is behind many of the world’s biggest data breaches. Spear phishing, in particular, which closely targets individuals and is often used to steal the credentials of system administrators, was used in the Uber breach.
Another reason for the success of cybercrime is the ability for the cybercriminal to change malware, quickly. Not content with the simple viruses of old, cybercriminals have now created malware that adjusts to the environment it ends up in. For example, some banking trojans, can adjust how they operate by being ‘repackaged’ to avoid detection by anti virus software. This is called polymorphic malware and is one of the most difficult malware packages to detect and prevent.
Fileless malware is becoming popular for this reason as it can remain on a network for months, undetected, allowing it to steal data, including login credentials.
On top of the crafty malware that cybercriminals make use of, and evolving techniques including phishing methods is the unprecedented levels of account exposure.
There have already been an enormous number of accounts and passwords exposed by data breaches, and this continues unabated. Our personal information is up for sale on the dark net, available for a small price. Cybercriminals then use these data to attempt to access other accounts. It is also used to blackmail us.
Phishing emails, such as “sextortion” often use exposed passwords to threaten us into paying a financial ransom.
How Security Awareness Training Can Help
It’s likely that cybercrime will continue to challenge us all. Cybercriminals will change techniques, as and when they need to, avoiding detection. So far, technology has struggled to keep on top of cyber threats.
As our businesses continue to digitise and become more connected through the Internet of Things (IoT), cybercriminals have more ways to enter our networks. Even Artificial Intelligence may end up offering our networks on a platter, as cybercriminals find new ways to exploit our technologies.
Our defence must start with ourselves. One thing is certain, social engineering in some form or another is a component of many cyber-threats. Being aware of the methods used to trick us gives us a strong defence against attacks.
Cybercrime is probably not going to be eradicated anytime soon. But with a combination of security awareness and clever technology, we can at least manage the threats.
Why not sign up for a free demo and find out how our award-winning security awareness training help you your organisation.