Millions of businesses receive attempts to defraud them. Every day, thousands of sinister Internet crooks hide behind their dark web systems to orchestrate crimes on the Internet. Some of these criminals have such intelligent and sophisticated tactics and systems, that their corrupt work is often camouflaged beyond detection, with unwitting victims being drawn in, robbed, abused and threatened. Nowadays, 8 out of 10 UK businesses are exposed to cyber-crime. This 80% penetration level is worthy of your consideration and action, and this article is designed to help you better understand, prepare and hopefully avoid cyber-crime.
The Size Of The Problem
Cyber-crime around the world has seen a dramatic increase in scale and complexity. This unenviable part of modern business society can impose a crippling impact on essential services, businesses and private individuals. According to one report, the ultimate impact of cyber-crime costs the UK £24 billion per year, and is a serious threat to our national security.
Carbon Black reports that up to 88% of UK companies have suffered breaches in the last 12 months. That is lower than Germany (92%), France (94%), and Italy (90%). According to Hiscox, one small business in the UK is successfully hacked every 19 seconds. Around 65,000 attempts to hack small to medium-sized businesses (SMBs) occur in the UK every day, of which approximately 4,500 are successful. That equates to around 1.6 million of the 5.7 million SMBs in the UK per year. Cisco estimates 53% of SMBs suffered a security breach globally in 2018.
Something known as ransomware also saw a 195% increase in the first half of 2019; with the average cost of a serious scale data breach reaching £3.14 million. We share more on this in Section 6 of the article.
What Are The Most Common Types Of Cyber-crime?
Cyber-crime typically involves the use of a computer and an encrypted network that is able to initiate attacks on individual computers, websites and networks. Cyber-crime is a serious criminal act and the punishment handed out to offenders is quite rightly becoming firmer. However, the caveat to that is that some of the more sophisticated cyber-criminals are very difficult, and sometimes impossible, to catch.
Below are some of the more common types of cyber-crime:
Fraud is the term used to describe a cyber-crime that sets out to deceive a person into handing over important data or information. Fraud can be perpetrated by altering, destroying, stealing or suppressing information to secure unlawful or unfair gain.
Hacking involves breaking into and gaining control over certain functions within a system, network or website. Many hackers have a mission of accessing and exposing important data and information, and breaching privacy. Many hackers are politically motivated and sometimes have terrorism as their backdrop motivation. These types of hackers target and attack corporate and government accounts. There are different types of hacking methods and procedures, but the criminals that commit these attacks are often highly qualified, sometimes self-taught but always intelligent and skilled.
3. Identity Theft
Identify theft is a specific type of fraud. This usually sees cyber-criminals stealing personal data. This often includes passwords, information, bank account details, credit card and debit card details, National Insurance numbers, and other personal and sensitive information.
Identity theft allows criminals to steal money. According to a report in The Independent Newspaper, there were almost 200,000 identity theft cases in the UK in 2019 and almost 90,000 of these involved plastic card fraud.
Scamming can take place in a variety of ways. Via clever Internet promotions, scamming can be initiated by offering computer repairs, network troubleshooting and the extension of IT support services. A common method is to force a pop-up to appear on a computer screen. These official looking pop-ups lead the computer user to believe they have a virus. Some of these instances are so convincing that computer users take the bait, click through to a website page and ending up paying out serious money for services and software they do not need. Any illegal plans to make money in this way falls under the term scamming.
5. Computer Viruses
Criminals use viruses to gain unauthorised access to computer systems. They do this to violate a persons or businesses privacy, and to steal important data.
Powerful and malicious programmes send viruses, malware and what is known as Trojans, to infect and destroy computers, networks, and systems.
Viruses can also spread through removable devices, the Internet and Smartphones. Research from Check Point on cyber-attacks in the first half of 2019 revealed that those targeting Smartphones and other mobile devices have risen by 50% compared with 2018. Gone are the days when the spread of a virus was purely aimed at a Windows-based computer.
Ransomware has become one of the most destructive malware-based attack tactics. This malicious software enters your computer network to encrypt files and information through what is known as public-key encryption. The net impact is that businesses are locked out of and unable to use their own file systems.
A high-profile example of a ransomware attack that hit companies worldwide was the spring of 2017 WannaCry outbreak. This attacked over 200,000 computers in over 150 countries. This attack was calculated to have cost the UK £92 million, but the global costs were estimated at an astounding £6 billion. According to COO online, the average remediation cost of a successful ransomware attack to UK enterprises is £675,000, higher than the global average of £610,000. 32% of UK companies have Cyber-security Insurance that doesn’t cover ransomware.
7. DDoS Attack
DDoS or the Distributed Denial of Service attack is one of the most common methods of attacking and hacking websites. A DDoS attack temporarily or completely interrupts servers and networks that are successfully running. The malicious software serves to compromise certain functions to make the website unavailable for users.
Botnets are controlled by remote attackers called “bot herders” and they attempt to attack computers by sending email click bait (spam) with malware. Botnets are usually targeted at businesses and governments, as they specifically attack the information technology infrastructure. There are botnet removal tools available on the web to detect and block botnets from entering your system, but you should choose your solution carefully.
Spamming uses electronic messaging systems (these are usually email, but there has been a growth in spam sent via the likes of Facebook Messenger and WhatsApp), to send messages that host malware that link to fake websites and other malicious programs.
Email spamming is heavily used by cyber-criminals. Unsolicited bulk messages (that also contravene GDPR legislation) are sent from unfamiliar organisations, or from a company who pretend to be a well-known brand.
Some of the emails are very official looking but the give-away is usually that the senders email address can easily be identified as not belonging to the bonafide brand. This is one of many tips that you or your staff can look out for to prevent attacks and unsavoury outcomes.
The spam messages usually offer deals, promotions, and other attractive components to deceive users.
Phishers act like a legitimate company or organisation. They use “email spoofing” to extract confidential information such as credit card numbers, National Insurance numbers, passwords etc. The crooks behind these schemes send out thousands of phishing emails carrying links to fake websites. As an example, some of the emails may contain threat alerts and say your bank account has been compromised. The objective is for you to click through to their systems, encouraging you to log in to your account but in a manner that they can oversee. The crooks can then sometimes access your bank accounts. Users will believe these are legitimate messages, thus they enter their personal information and are quickly abused.
11. Social Engineering
Social engineering is a method that sees cyber-criminals making direct contact with you through phone calls, emails, or even in person. These are very professional sounding people. They typically know a fair bit about you and act like a legitimate company. They use formal and psychological tactics to earn your trust until you unwittingly provide important information and personal data. They then use this information to steal from you.
Malvertising is the method of bombarding websites with advertisements that carry malicious codes. Users often click on these advertisements, believing them to be legitimate. Once the user clicks on these types of ads, they are redirected to fake websites or a file carrying viruses and malware will automatically be downloaded onto the user’s computer, rendering it as unusable.
13. Cyber Stalking
Cyber stalking sees crooks following a person online. The stalker will virtually follow the victim and track all of their activities. Most of the victims of cyber stalking are women and children being followed by men and paedophiles. The Office for National Statistics website provides an interesting breakdown of cyber stalking in the UK.
14. Software Piracy
The Internet is filled with what are called torrents and other pirate programmes. These illegally duplicate original content, including songs, books, movies, albums and software and share it for online viewing or download. Software piracy is a crime as it translates to copyright infringement.
Due to software piracy, artists, authors and publishers encounter a huge reduction in their income because their products are illegally reproduced.
Software piracy causes billions in lost sales. Many countries around the world have a problem in this area. This report breaks down the cost of the challenge in different parts of the world.
15. Cyber Bullying
Cyber bullying is one of the most aggressive crimes committed in the virtual world. This is a form of bullying carried over to the Internet. Governments around the world are becoming increasingly aware of this issue, and are beginning to introduce legislation to address the problem. Here is an example of the Welsh government’s attempts to address cyber bullying.
How To Protect Your Business From Debilitating Cyber-crime Attacks
Now we have listed the types of cyber-crime you and your business may be exposed to, let’s take a look at the types of protection you can put in place. Essentially this protection falls under the headings of:
- Choosing and installing adequate protective software
- Delivering cyber-crime avoidance training to your staff
- Taking out protective insurance policies
Cyber-crime Prevention Software
There are multiple types of software protection that you can run on computers, websites, networks and Smartphones. These are designed to stop malware, to warn you of malicious websites and to filter out SPAM.
This website provides a comprehensive list of some of the software solutions out there. However, you are best served talking to a cyber-crime prevention professional, allowing them to evaluate your systems and seeing what the safest and most compatible solutions are for your technical operating systems. A professional in cyber-crime prevention will be able to fully evaluate your assets and advise you of the best protection for your unique business.
Nowadays, it is imperative that you train your staff on how to avoid being a target to scammers, and what to look out for when using email and the Internet. Basic cyber-crime prevention courses can be sourced for as little as £1,000. This money would be among the most intelligent business investment that your company could make.
Despite the best cyber protection software, systems and incredibly well-trained staff, some of the biggest companies still fall victim to intelligent cyber-crime attacks. When this happens, it can be business debilitating and the cost can run into millions. Insurance to protect your business from cyber-crime is often very cost effective and should now be regarded as a business essential. Cover can be obtained for as little as £10 per month.
44% of UK consumers claim they will stop spending with a business temporarily after a security breach, and 41% claim they will never return to a business post-breach. The message and conclusion is clear; don’t take a chance on cyber-security. Protect your customers, your staff and your business profits. Ensure you have a cyber-security contingency plan in place for your business.
To discuss your insurance requirements, please contact us or telephone one of our friendly staff on 01246 575 625 (Clowne) or 01773 748 627 (Ripley). One of our qualified team will walk you through the best cyber insurance options for your business.