In today’s digital world, people are trading convenience for privacy - which means they’re sharing more and more information about themselves. While we can all appreciate one-click checkouts and saved passwords, that mental “autopilot” can sometimes steer us wrong. While we were all once cautious of anyone asking for information about ourselves, now we assume that’s just the cost of participation - you ask for my favorite book, I give it to you. You show me my password has expired, I try to log in with the link you conveniently provided to me. You send me an email from my boss, you get my attention and response. But this autopilot is what cybercriminals and hackers are effortlessly turning into hundreds of millions of dollars every year from people like you and me all around the world.
Here are 5 of the top cybercrimes affecting businesses and individuals in 2020:
The majority of successful cyberattacks - 91% according to a study by PhishMe - begin when curiosity, fear, or a sense of urgency entices someone to enter personal data or click on a link.
Phishing emails mimic messages from someone you know or a business that you trust. They are designed to trick people into giving up personal information or clicking on a malicious link that downloads malware. Thousands of phishing attacks are launched every day.
What you can do: Stop trusting your emails. They are not always what they seem. Security awareness and Phishing training can empower your team to defend against phishing attacks by showing the telltale signs and teaching them how to recognize targeted phishing campaigns and malicious links and encouraging them to stay away from links and attachments and go directly to websites by typing the real URL into their browser.
The word spoof means to hoax, trick, or deceive. Website spoofing is when a website is designed to look like a real one and deceive you into believing it is a legitimate site. This is done to gain your confidence, get access to your systems, steal data, steal money, or spread malware.
Website spoofing works by replicating a legitimate website with a big company’s style, branding, user interface, and even domain name in an attempt to trick users into entering their usernames and passwords. This is how the bad guys capture your data or drop malware onto your computer.
Spoofed websites are generally used in conjunction with an email that links to the illegitimate website. Website spoofing resulted in $1.3 billion in losses last year according to the 2019 Thales Access Management Index - cited in this article by Dr. Salvatore Stolfo.
What you can do: The easiest thing you can do is ignore and delete anything you’re not anticipating. Legitimate companies will have multiple ways to contact you in the event they need to reach you. Save time and frustration by applying common sense logic and evaluating the “urgency” of the message. Also, pick up the phone or go directly to the trusted domain to inquire.
Ransomware is a modern day, technical twist on a crime that has been around for ages - extortion. At its core, ransomware works when criminals steal something of great value and demand payment in exchange for its return. For most businesses, this involves the encryption of company data. When ransomware hits, businesses come to a standstill, and employees cannot do their jobs.
Without restorable back-up data, the company is generally at the mercy of the attacker who will hold your data hostage in exchange for a decryption key you can buy with Bitcoin.
Ransomware has matured into its own category of malware and should be a primary concern for all organizations. McAfee reported that new ransomware attacks grew 118% between 2018 and 2019.
What you can do: Back your data up and then do it again… in a separate location. Frequency and redundancy are key to your success. If you only back up your system weekly, or if your backup is infected, you’re in for a lot of trouble.
Norton defines malware as “malicious software” specifically designed to gain access to or damage a computer. In the case of ransomware, it's designed to hold your data hostage, but that isn’t the only kind. There can be multiple objectives for malware - power, influence, money, information - but the result is always the same - a time consuming, often expensive recovery effort.
Common types of malware include:
What you can do: Be cautious about email attachments, avoid suspicious websites (look at the spellings carefully), install and continually update a high-quality antivirus program.
The Internet of Things is a brave new world that has opened insights into our daily routines and our business processes to the web. Whether we like it or not, all of these internet-connected objects are collecting and exchanging data. As you know, data is valuable and for that reason, hackers will look to exploit any devices that aggregate it.
The more “things” we connect - the juicier the reward becomes for hackers. That’s why it’s important to remember that personal passwords and business passwords all belong to humans… with memories that we know are going to let us down from time to time.
What you can do: Use a password generator to secure all devices with unique passwords. Here’s a list of the top 10 password managers you can use to help you keep your devices more secure.
Remember, while you’re working within a business, each person has to take personal responsibility for ensuring your cybersecurity. You have to prioritize your risks and think through the scenarios that are likely to affect you, based on what you know about your unique infrastructure and team. Don’t wait until it’s too late to take a proactive approach. Keep focused on what’s coming and work to bring your team up to speed to create the strongest defense against cyberattacks.
A multilayer approach to prevention is your best defense against sophisticated, carefully targeted attacks. Engaging a Managed Security Service Provider (MSSP) can help you stay ahead of attacks by fast-evolving threats. BlueVoyant provides advanced cyber threat intelligence, managed security services, and proactive professional services to businesses of all sizes.