Why Cyber Crime is More Damaging Than You Think

Petko Karamotchev

2 Oct 2022

Cybersecurity, Social Engineering

In a series of articles, we would like to help you understand cybersecurity, even if you are not a techie. We don’t believe that most CEO’s realise the level of risk which is growing. 

Traditional security solutions are failing to control advanced malware and yet we are less secure today. A cybercriminal can be someone within your organisation. So what can you do to prevent these threats?

Understanding the risks

In a global survey ran by KPMG, nearly a third of the CEOs identified that cybersecurity is the issue with the biggest impact on their company. Only half (49%) of them said they are fully prepared for a cyber event. 

If we speculate with the figures, we can say that one of ten managers are somehow prepared for a cyber event. Directors and manages (even CTOs) are lacking the skills to identify the latest cybersecurity threats. Even American Democrats, NHS, SONY Pictures, and many other governments failed to see the threat. 

The Internet is generally much more ‘open’ than ‘secure’ and ‘private’. And security is not an embedded and essential part of it. This means that unless protected ‘by default’, everything you do online can be monitored and read by others. 

Managers tend to neglect the risks maybe because they have other problems to deal with or maybe because they keep their fingers crossed that it won’t happen to them. But security breaches can affect nearly every part of an organization. Company strategies to prevent these cybercrimes should be top priority – from protecting intellectual property to finding new ways to educate employees.

Mind the human factor

IBM found that 60% of all attacks were carried out by insiders. Healthcare, manufacturing and financial services are the top three industries under attack, due to their personal data, intellectual property and physical inventory, and financial assets. 

Industries and sectors have different assets and technology infrastructures but what all businesses have in common is that they are working with people and anyone can be a potential insider threat. Access and activities are coming from trusted systems and this is how they bypass many detection technologies. 

Digital Guardian asked 47 data security managers: What's more of a threat to a company's data security: insiders or outsiders? All of them said that the biggest threat is absolutely from insiders because they are far more likely to access sensitive information without evidence. 

The cases vary from copied files before taking a job with a competitor, through used unauthorized services or devices to save time or enabled mobile working, through published private data on public servers, to stolen data or intelligence, and its sharing with competitors. 

Know your people, test them, and train them well.

A small mistake into a disaster

Your IT guys have the biggest responsibility. Their full access to company infrastructure can turn a small lack of concentration into a disaster. 

In a digital world where information is both King and expensive, the need to protect data in a secure way is of supreme importance. 

Whether driven by materialism or a desire for revenge, insiders use their positions of trust to target the core of their organization – the sensitive information. 

Client data, corporate secrets, and contracts are among the data that is most stolen. One of the reasons why we created TrueDataShare is to help you deal with these insider threats and protect your data from malicious employees.

Real life Mr. Robot hacks

For the outsiders, hacking is a challenge, a test, a game. Breaking into a company’s system with implemented security measures is a barrier that has been set to be broken. Some of these hackers (such as Anonymous) believe that the society needs to be saved from the corporations or the government. 

Remember that Mr. Robot TV Show? Elliott (the main character) is planning on using a Raspberry Pi to hack the storage with tape backups where 70% of the consumer debt in the world is recorded, including loans of billions of dollars. He also erased all customer’s data of the company he is working at and even hacked the FBI. 

We know it sounds like a random IMDb scenario, but the most valuable lesson from the show is that the cybercrimes are real and can happen to you.

Modern hackers don’t want to steal your Twitter account and post fake photos to your followers, this is so last decade. 

2017’s cybercrime goals are related to your client’s information, intellectual property, and employee data. 

The truth is that cyber threats and attacks are becoming more common, sophisticated, and damaging. Only a few are insured. That’s why it’s so important to have different layers of security. Anti-virus solutions, network behaviour analysis, and log monitoring the basic solutions that are available but they might not be helpful anymore.

Take the small steps first

A little effort can have a significant outcome when it comes to cybersecurity. Many attacks can be avoided if we pay more attention to few basic aspects such as educating and building awareness in your employees or securing computers, digital assets, and networking. As tech experts, we can suggest few more tips. 

Antivirus programs and firewalls are fundamental security measures but not enough to save your business day. You need to be sure that your operating system is upgraded to the latest version, which is equipped with the most powerful protection.

Backing up your information regularly might work, but it will be even better if you also restrict access to sensitive information so that you control who can retrieve it. Virtual data rooms can help you do this without IT knowledge.

The modern age problems can’t be solved by old methods. Your developers best bet can’t protect your business from cyber crimes. Good code doesn’t mean secure data and that’s why you as a CEO need to consider hiring qualified experts in the field of cybersecurity. Having a specialist team on board means that security gets the needed attention it requires. You need to take action to make sure your organization won’t be the next one cybercrime victim.

As they say, the devil is in the detail. 

blog comments powered by Disqus