Supply Chain Defense
What is Cybercrime? Types and Prevention
What is Cybercrime?
Cybercrime is construed as using a computer as a weapon, or instrument, to advance or secure something deemed illegal. Think stealing identities or intellectual property, committing fraud, or violating privacy laws. These are just several examples.
Here are 5 of the top cybercrimes affecting businesses and individuals in 2023:
1. Phishing Scams
2. Website Spoofing
5. IOT Hacking
Follow along below to understand what threat actors use to steal data, their types of tools, and how to go about protecting yourself. In the end, the goal is to feel safe instead of sorry — even if it means taking an extra minute or two to embrace extra safety measures.
The majority of successful cyber attacks - 91% according to a study by PhishMe - begin when curiosity, fear, or a sense of urgency entices someone to enter personal data or click on a link.
Phishing emails mimic messages from someone you know or a business that you trust. They are designed to trick people into giving up personal information or clicking on a malicious link that downloads malware. Thousands of phishing attacks are launched every day.
BlueVoyant also offers tips and advice on what to look for, how to recognize phishing, and how to protect your digital brand presence.
What you can do: Stop trusting your emails. They are not always what they seem. Security awareness and phishing training can empower your team to defend against phishing attacks. Training can show the telltale signs and teach how to recognize targeted phishing campaigns, as well as malicious links, and encourage users to stay away from links and attachments. One simple way is to go to websites by typing the real URL into their browser.
The word spoof means to hoax, trick, or deceive. Website spoofing is when a website is designed to look like a real one and deceive you into believing it is a legitimate site. This is done to gain your confidence, get access to your systems, steal data, steal money, or spread malware.
Website spoofing works by replicating a legitimate website with a big company’s style, branding, user interface, and even domain name in an attempt to trick users into entering their usernames and passwords. This is how the bad guys capture your data or drop malware onto your computer.
Spoofed websites are generally used in conjunction with an email that links to the illegitimate website. As of last August, spoofing and phishing may have cost businesses as much as $354 million.
What you can do: The easiest thing you can do is ignore and delete anything you’re not anticipating. Legitimate companies will have multiple ways to contact you in the event they need to reach you. Save time and frustration by applying common sense logic and evaluating the “urgency” of the message. Also, pick up the phone or go directly to the trusted domain to inquire.
Ransomware is a modern day, technical twist on a crime that has been around for ages - extortion. At its core, ransomware works when criminals steal something of great value and demand payment in exchange for its return. For most businesses, this involves the encryption of company data. When ransomware hits, businesses come to a standstill, and employees cannot do their jobs.
Without restorable backup data, the company is generally at the mercy of the attacker who will hold your data hostage in exchange for a decryption key you can buy with Bitcoin.
Ransomware has matured into its own category of malware and should be a primary concern for all organizations. According to new research, ransomware breaches have increased by 13% – more than the last five years combined.
What you can do: Back your data up and then do it again — in a separate location. Frequency and redundancy are key to your success. If you only back up your system weekly, or if your backup is infected, you’re in for a lot of trouble.
Norton defines malware as “malicious software” specifically designed to gain access to or damage a computer. In the case of ransomware, it's designed to hold your data hostage, but that isn’t the only kind. There can be multiple objectives for malware - power, influence, money, information - but the result is always the same - a time consuming, often expensive recovery effort.
Common types of malware include:
- Viruses that spread, damage functionality, and corrupt files
- Trojans disguised as legitimate software that quietly create backdoors to let other malware into your network
- Worms that can infect all of the devices connected to a network
- Ransomware that holds your data hostage
- Botnets - a network of infected devices that work together under the control of an attacker
What you can do: Be cautious about email attachments, avoid suspicious websites (look at the spellings carefully), install and continually update a high-quality antivirus program.
The Internet of Things is a brave new world that has opened insights into our daily routines and our business processes to the web. Whether we like it or not, all of these internet-connected objects are collecting and exchanging data. As you know, data is valuable and for that reason, hackers will look to exploit any devices that aggregate it.
The more “things” we connect - the juicier the reward becomes for hackers. That’s why it’s important to remember that personal passwords and business passwords all belong to humans… with memories that we know are going to let us down from time to time.
What you can do: Use a password generator to secure all devices with unique passwords. Here’s a list of the top 10 password managers you can use to help you keep your devices more secure.
Remember, while you’re working within a business, each person has to take personal responsibility for ensuring your cybersecurity. You have to prioritize your risks and think through the scenarios that are likely to affect you, based on what you know about your unique infrastructure and team. Don’t wait until it’s too late to take a proactive approach. Keep focused on what’s coming and work to bring your team up to speed to create the strongest defense against cyberattacks.
How to Prevent Cybercrime
Stay Up to Date
It goes without saying but having the most up-to-date security software provides better protection against hackers, malware, viruses, and more. This is only one piece of the actions you can take, but an important one.
Be Smart with Devices
That computer, smart phone, tablet, and social media site you can’t get enough of are also avenues for bad actors to steal data. It’s not a complete doomsday scenario. Each device or site normally has security settings in the form of pins, passwords, and control over who sees your content. Brush up on security features and use them to your advantage. And, finally, be smart. Don’t share passwords, codes or pins with anyone.
Don’t Go Public If You Can
That free WIFI stores, restaurants, and other public places offer may be free, but it can come with collateral fallout. In other words, free may come with a cost if you’re not careful.
Keep this in mind: if it’s free to you, it’s also free to threat actors. Be careful entering any personal information, using apps with passwords or entering login information, because hackers can see what you’re doing. The best advice is to steer clear of public WIFI, or simply don’t enter any data that can be compromised.
Simple and Easy
When not using a computer, smart phone, tablet or any other device that has connectivity, simply lock or log off when you’re not using them. Visions of bad actors conjure up faceless hackers who live in the ether but be aware that they also exist in the flesh. Leave that laptop unlocked, step away for even a few minutes, and anyone can walk up and gain instant access.
Follow an adage as old as the hills: if it’s too good to be true, then it probably is. The same applies when you come across a link, text, email, online advertising or website that looks inviting, yet suspicious. Be vigilant about any types of these — including credit card company phone calls — requesting personal information. If they immediately request personal data, or information, be weary.
Sure, businesses are trying to capture personal information for marketing and third-party services, but it’s best to steer away from entering data like birthdates, social security numbers, and any other information tied to your identity. It leaves a digital footprint that hackers love.
A multilayer approach to prevention is your best defense against sophisticated, carefully targeted attacks. Engaging a Managed Security Service Provider (MSSP) can help you stay ahead of attacks by fast-evolving threats. BlueVoyant provides advanced cyber threat intelligence, managed security services, and proactive professional services to businesses of all sizes.