I recently presented a talk on Trends in Cyber Crime. Since this is a topic I am asked about regularly, I thought it would be interesting to look back at trends we were seeing just 12 months ago. Unsurprisingly, the picture today is very different.
Cyber-crime then and now
A year ago, our clients were increasingly asking for help in dealing with the exponential rise in internet enabled crime. We were investigating cases of impersonation, stolen credentials, hijacked email and social media accounts to defraud and identity theft, all of which are simple attacks which can be easily monetised.
Twelve months on we are still seeing simple attacks which can be easily monetised, but with some very big differences. Today the stakes are often much higher. Twelve months ago we were seeing attacks netting criminals tens to hundreds of thousands. In contrast, this year, an attack on a large bank would have netted $1Bn alone had it been successful. As it turned out, the attack “only” gained the criminals $81m.
Cyber-crime as a Service
Another big change we are seeing is the massive rise in cyber-crime as a service. Those with the skills to mount an attack are increasingly selling their services to others, enabling even more criminals to target companies and individuals. They are providing the capability, be it malware for sale (with full support and warranty!) or the delivery of malware payloads or DDoS as a service. Indeed, cyber-crime as a service is now a very competitive marketplace and competition is driving down prices.
This means the chances of being a victim of cyber crime are growing rapidly, as more and more criminals have access to cyber skills. This fact is clearly demonstrated by statistics which continue to show attacks against companies increasing year on year, and on-line fraud now accounting for over half of cyber crime (Gartner).
How to mitigate cyber risk?
However, there are simple steps which companies can take to mitigate this risk, including educating staff about the methods cyber criminals might use when targeting their organisation, and how to react if they notice something suspicious.
A UK Government report published earlier this year reported that 90 per cent of large organisations suffered some sort of security breach in 2015, and 81 per cent of those companies stated that the actions of their employees aided the attacker in some way. Whilst many of those employees will have assisted the attackers unwittingly, it does show that a more holistic approach to security is required, one that is designed to integrate people, processes and technology. If you would like to discuss how this might work for your organisation or to discuss trends in cyber-crime and how they might affect you, please contact Kroll.
By Andrew Beckett , Managing Director in Kroll’s Cyber Security and Investigations practice based in London.