- Do you sufficiently protect the access data to your systems?
- Do you raise your staff’s awareness for the risks of social engineering?
- Do you have a functioning backup method for restoring data?
The global threat that cybercrime poses is steadily growing and seems hardly containable. The ever-changing hacking methods present an enormous challenge to private people for protecting their data, but that applies even more so to businesses. Institutions and businesses try to counteract these increasing attacks using technical means, organizational measures and human resources. Cybercriminals have identified the biggest existing weakness in the systems and have changed their strategy accordingly: They are now taking aim at people. So, it is now up to businesses to change their strategy as well.
In the latest statistics published by the FBI, they inform the public about damages of 2.3 billion dollars suffered in 2016 through email scams in the United States. The main scenario was the so-called CEO scam. Strangers pretending to be the boss of a business demand from their employees to transfer money using fake emails. This kind of fraud that takes advantage of the weak point “people”, has already found its way to Germany. The most high-profile victim of cybercrime in Germany, the automotive supplier Leoni, suffered 40 million euros of damages in 2016.
The increased use of ransomware, which encrypts files on infected computers and does not decrypt and release the data until payment has been made (mainly in Bitcoins) has also left its marks. The most recent examples of such ransomware are Locky followed by WannaCry.
Another approach that uses the “people” weakness as well is to spy on them to get access details of important accounts, the so-called Phishing method. The hackers know the optimum times for their attacks, and send their emails increasingly between Tuesdays and Thursdays.
The money looted by cybercriminals, by the way, usually ends up on bank accounts in foreign countries; mainly in Hong Kong and China. It is quite pointless to hope for the police or the prosecuting attorneys to pursue these criminals and crack such cases. In addition to the lack of human resources that the investigative authorities struggle with at home, it is rather difficult to conduct investigations in foreign countries. The state of Bavaria has currently no more than 65 so-called cybercops!
For that reason, security measures ought to focus on email and the “people” factor as weaknesses and the means of crime that they have become. To help those involved to understand the hazards and the various forms of so-called hacks, they should be offered trainings to raise their awareness to that end. Carrying out trainings at regular intervals is the only way to make sure that awareness for risks is fostered in a sustained manner.
Urheberrecht Bild: (c) adimas – Fotolia.com