There are no two ways about it – cybercrime has been on the rise for years. No doubt you have either been directly associated with a breach, or you know someone who has. This meteoric rise is largely on account of the corresponding rate of growth in the amount of data and digital assets stored online. According to the University of Maryland, malicious hackers are attacking computers and networks at a rate of one attack every 39 seconds- not good. Ransomware now costs the UK economy in the billions – from online fraud, IP theft and espionage to extortion and identity theft.
The reach of these attacks unfortunately bleed into our every day lives, and for those responsible for digital assets, cyber security, information technology, finance, or even the whole businesses, they present a very real threat which should be high on the list of priorities.
Fortunately, it’s not always the case that attacks are becoming more sophisticated; in many cases they’re repeats of attacks already seen five years prior. In fact, some of the most prevalent attack attempts use very basic methods which rely on user error or bad practice more than breaking through complex Firewalls or software systems, in the dramatic fashion you might see on TV.
So, does this mean it requires more, or less effort to thwart most attacks today? The answer isn’t particularly obvious unfortunately. On the one hand, attacks are more frequent and on average will have a higher impact, but on the other hand, the tools, systems, and services to counter these attacks are significantly more powerful, providing better protection to those who employ them. The difference, then, between those at lower risk and those at greater risk, depends largely on the security practices of the organisation.
It’s worth also dispelling a few myths...
Myth 1: Our organisation is low risk because we don’t have valuable data.
If the data is valuable to the organisation, then that value can be leveraged against the owner – this method of extortion commonly emerges in the form of ransomware. What’s more, criminals know that company data is valuable to competitors; it’s no hard task to research competitors and threaten to sell the data onto them.
Myth 2: We’re only a small business or charity, nobody is interested in us.
Smaller organisations nearly always have weaker security, due to a lack of the kind of budgets that larger organisations have access to. As such, they tend to be more vulnerable. Hackers can, and often do, employ tactics designed to take advantage of this on a larger scale, often harvesting vast amounts of data from high numbers of targets. This differs from a targeted attack against a ‘high value’ target where an attacker may spend weeks, months, or even years, preparing and orchestrating an attack.
Myth 3: Cyber security tools and services are expensive.
It can be quite eye opening to see what tools are available from major security vendors to small organisations for very little investment. Microsoft, for example, provide a healthy size slice of their enterprise grade security services to small businesses and charities as part of their 365 services, for a nominal Monthly fee. Often, these services are left switched off – but it only takes a bit of knowhow to enable and use them.
There is no doubt that Cyber Crime is on the rise and is a threat that should be taken seriously by everybody. But the good news is that whilst cybercrime is on the rise, and shows no sign of slowing, the tools and services available to fight cybercrime are becoming increasingly effective at a significantly lower cost.