What is cybercrime?
Cybercrime is in most cases an attempt to break into your or your company’s computer or computer network. Its almost a certainty that you have come across a cybercriminal before. A familiar one would be within your personal e-mail which looks like a poorly constructed paragraph and an attempt to replicate a company’s logo to steal your credit card details. This is called “Phishing”, the name being appropriate as the email is the bait, the fake link being the hook and you are the fish.
But phishing as I said above can easily be spotted in most cases. But some cybercriminals are organized, using advanced techniques and are highly technical and skilled. These ‘hackers‘ usually target people rather than a random email message and usually, the target is a company or a person in a company who can give them access once they take over their computer.
Types of Cybercrime
Cybercrime comes in many forms, some common such as Phishing described above and some much rarer but scarier.
Firstly, we will talk about Malware. Malware is a common attack which yes can start out as a phishing attack. Although Malware is a common term when talking about cybercrime, it is a name for a collective of several other attacks.
Types of Malware
- Virus – This is probably the most common type of Malware. You will of heard about it several times before reading this blog. It is a piece of malicious code that attaches itself to the victim’s clean code. It then waits for an unsuspecting person to activate it. Like a biological virus, this can spread very quickly damaging the core functionality of systems.
- Spyware – Appropriately named this attack is a spy which hides in the background of a computer. It will collect information without the user knowing. Including, passwords and other data the user does not want anyone else to know.
- Trojans – Named after the Trojan Horse which Greek soldiers used to enter Troy and win the war. This virus does exactly that but in a computer posing as something else. Once the user lets it in it will create a backdoor for cybercriminals to use. They then inject different types of Malware into the network.
- Ransomware – This attack, to some companies, is the most frightening. It can lock down whole systems with strong encryption. Just as the word “ransom” suggest it usually comes with a note stating it has locked down your data. Usually, the only way to get out of Ransomware is to pay a fee to the attackers. This is a risk as you’re trusting them to let your data go.
DDoS stands for Distributed Denial-of-service and has one primary objective, to completely bring your system or network offline. These types of hacks are prominent in the online gaming community to bring down gaming servers. One famous example was the direct attack on Sony PlayStation in 2016 which had the sole purpose of bringing the networks platform offline for a sustained period. The attack led to losses of around $2.7 million.
On the other hand, there are still DDoS attacks that target companies outside of the gaming industry. Volume-based attacks are DDoS attacks that use massive amounts of spam traffic to overwhelm a website or server. Imagine if your website went down for a long period of time, it could become awfully expensive. Your website is an online store and if people cannot access it, you are not going to be making many sales. These attacks are usually not a one-off either, once you have got your website up and running it could be taken down again very quickly.
Cybercrime during Covid-19
Although cybercrime has been gradually increasing through the years before the pandemic the new situation of how companies operate during Covid-19 has created a vulnerability in which can be exploited by cybercriminals.
Now that we know what types of hacks are out there and what cybercrime is we can see just how these are being used during Covid-19.
Criminals quickly exploited the pandemic by targeting vulnerable people using the Phishing technique. Putting out fake news and online scams to try and sell items or get people to click on fake links can lead to malware with the promise of information or even a product that could prevent and cure COVID-19.
Businesses during COVID-19 and Cybercrime
- 60% of companies have experienced an increase in identity fraud.
- 31% have experienced data loss due to a lack of resilience.
- 58% have experienced an increase in phishing.
Furthermore, in March 2020 the UK government found that over 50% of businesses have reported cyber breaches or attacks within 12 months and a further 54% are looking for guidance on identifying and managing cyber risks.
During this time companies will have had to adapt to many challenges. Three of the most important and common challenges faced within organisations are:
- The use of Covid-19 as a lure to cybercriminals phishing, leading to malware attacks.
- Employees working from home leading to a change in preventative and detective protocols.
- Security teams having to manage incidents in uncharted territory, including lockdown.
CovidLock was just one of the Ransomware attacks created to extort money from people. The way the hack worked was that an unsuspected user would download an app that went under many names. The app in question creates a fake heatmap of people who are diagnosed with coronavirus. You can see why this could be attractive to people to download early in the pandemic.
The criminals use the phishing method to lure you in and download the app. Once downloaded and the user activates the app the device running it would be locked down. You’ll then receive an on-screen message. This will highlight what has happened and how to fix it. Usually, on the lines of “Your phone is encrypted: You have 48 hours to pay 100$ in bitcoins or everything will be erased”. They will send you an online address for you to make the payment and you will (hopefully) receive a code that allows you to disarm the encryption and retrieve your data.
How to protect your company from Cybercrime
Protecting your system from Cybercrime is a daunting task and not an easy one. The best way to protect your data is to invest in a powerful firewall. These protect you from emerging malware and viruses.
Make sure you and your employee have strong passwords using as many different characters, numbers and symbols as possible. Keeping your software updated is also crucial as criminal’s technology becomes stronger so should yours. You do not want to be left vulnerable because of out-of-date software.
You can also invest in a VPN that will encrypt all traffic leaving your devices. This is useful because if you were to be hacked, you would not be able to intercept anything but encrypted data. This is particularly important when using public Wi-Fi.
Most importantly you should educate yourself and staff on how to protect your computer and thus protecting your business data. You can do this by numerous articles online or by talking to your IT department who can give you a demonstration on how they are protecting your system.
Outsourcing your IT to an IT specialist is the best way to protect your business. No matter how large a company is they will always have some form of outsourced IT such as spam filters on E-mail and hosted desktops.
Hosted desktops are incredibly resilient, these usually come from separate companies who take looking after your data seriously. They are usually protected with high-end firewalls and encrypted in high-end Tier 2 and 3 data centres which are almost impossible to bypass. You also get the added benefit of your data being available on any device, and if these devices become compromised your data would still be protected as you are streaming a separate protected computer rather than having it on the device you are using.
If you have concerns on how your data could be better protected or need any more information on the right way to keep your company safe, we can help, contact us for a free consultation.
Billy Hume | Digital Marketing Executive