The Internet has made the world a smaller place which we all agree is a positive thing for the business world and the population as a whole, but a negative side effect of this is that our super connected world has made life easier for criminals.
Old school criminals ran a greater risk of being caught in the act or being tracked down and caught, whereas the widespread adoption of e-commerce and online transactions has meant that modern day fraudsters can hack from anywhere in the world whilst enjoying relative anonymity and not having to worry about local laws. Welcome to Cybercrime.
Cybercrime is defined as any crime that involves a computer and a network, therefore any criminal exploitation of the internet is cybercrime. The most common cybercrimes include Computer or Network Hacking, identity or intellectual property theft, cyber stalking, theft of telecommunications service, malicious software attacks and email scams or phishing.
Due to the global reach and size of the Internet, cybercrime carries a low risk of detection and with all these recourses available, the perpetrators can net very quick benefits. Cybercrime has quickly become a threat to governments, companies and individuals on a global scale.
To put some figures to this, according to the Information Breaches Security Survey – a staggering 81% of large businesses and 60% of small firms suffered some kind of security breach within the UK in 2014. Clearly irrespective of size or sector, organisations should not assume that they are not potential targets. Consider also that many companies will be reluctant to report that they have been victim of a cybercrime primarily for fear of reputational damage which indicates that figures could be even higher than those reported. It is easy to see why chief executives may shy away from reporting an attack when you consider the fact that almost four in five investors would be discouraged from investing in a company that had been hacked in a cyber-attack for fear that compromised information would lower its’ value.
An interesting twist on the aim of cybercrime is Centre for Economics and Business Research ( CEBR ) assertion that in 70% of cases, the primary victim is not the intended target but that fraudsters attack the business in order to extract information on their customers and suppliers in order to generate a real attack. So it’s not necessarily your business that fraudsters are after, but potentially what you’ve got stored away – credit card details of your clients for example. So if businesses do not make adequate security provision they are not only putting their own assets at risk, but also the assets of their stakeholder organisations.
Action Fraud, UK’s national fraud and internet crime reporting centre agree that we’re all at risk and goes as far as to warn on its website that no business is too small to be targeted and that the revenue, reputation and long-term health of a business could be at risk unless action is taken. They go on to advise that the top three sectors affected by data breaches are the Public Sector, the Information Sector and the Financial Services Sector; whereas Manufacturing, the Public Sector and Professional Services are most vulnerable to cyberespionage.
This all sounds rather concerning, but statistics can do that, let us put this into terms that we can all understand.
June this year saw The Centre for Economics and Business Research Ltd (CEBR) publish the findings of a research report “The business and economic consequences of cybersecurity”. The report which was prepared for Cloud based security company Veracode – It found that cyber-attacks cost UK firms a shocking £34 billion in revenue losses and subsequent increased IT spend.
Not a typo.
The reasons why an individual or group of individuals undertake cybercrime activities may be for many reasons; such as for profit, protest or simply for the fun and challenge that a high profile hack can achieve. Amongst these reasons, profitability has to be the main reason that a business’ assets are targeted online – these range from premium rate phone line scams, through user payment details and on to the theft of sensitive documents for corporate identity theft.
Cyber crime is a clear and present danger, we all need to be aware of the risks and take the appropriate precautions – it’s not just ourselves and our businesses we’re duty bound to protect, but those of our suppliers and customers alike.
This being said, we should not fear the Internet, and whilst there is new technology there will be conflict for Chief Executives and Information Security Officers. Companies in the Internet age need to balance risk in a measured fashion in order to avoid stifling innovation. It is a question of finding the right suppliers and taking the appropriate steps to secure your network to ensure that fear of cyber attacks doesn’t prevent you from embracing new technologies.