In today’s digital world, people are trading convenience for privacy - which means they’re sharing
more and more
information about themselves. While we can all appreciate one-click checkouts and saved passwords,
that mental
“autopilot” can sometimes steer us wrong. While we were all once cautious of anyone asking for
information about
ourselves, now we assume that’s just the cost of participation - you ask for my favorite book, I
give it to you. You
show me my password has expired, I try to log in with the link you conveniently provided to me. You
send me an email
from my boss, you get my attention and response. But this autopilot is what cybercriminals and
hackers are effortlessly
turning into hundreds of millions of dollars every year from people like you and me all around the
world.
What is Cybercrime?
Cybercrime is construed as using a computer as a weapon, or instrument, to advance or secure
something deemed illegal.
Think stealing identities or intellectual property, committing fraud, or violating privacy laws.
These are just several
examples.
Here are 5 of the top cybercrimes affecting businesses and individuals in 2022:
1.
Phishing Scams
The majority of successful cyberattacks - 91% according to a study by PhishMe - begin when
curiosity, fear, or a sense
of urgency entices someone to enter personal data or click on a link.
Phishing emails mimic messages from someone you know or a business that you trust. They are designed
to trick people
into giving up personal information or clicking on a malicious link that downloads malware.
Thousands of phishing
attacks are launched every day.
What you can do: Stop trusting your emails. They are not always what they seem.
Security awareness
and Phishing training
can empower your team to defend against phishing attacks by showing the telltale signs and teaching
them how to
recognize targeted phishing campaigns and malicious links and encouraging them to stay away from
links and attachments
and go directly to websites by typing the real URL into their browser.
2.
Website Spoofing
The word spoof means to hoax, trick, or deceive. Website spoofing is when a website is designed to
look like a real one
and deceive you into believing it is a legitimate site. This is done to gain your confidence, get
access to your
systems, steal data, steal money, or spread malware.
Website spoofing works by replicating a legitimate website with a big company’s style, branding,
user interface, and
even domain name in an attempt to trick users into entering their usernames and passwords. This is
how the bad guys
capture your data or drop malware onto your computer.
Spoofed websites are generally used in conjunction with an email that links to the illegitimate
website. Website
spoofing resulted in $1.3 billion in losses last year
What you can do: The easiest thing you can do is ignore and delete anything you’re
not anticipating.
Legitimate
companies will have multiple ways to contact you in the event they need to reach you. Save time and
frustration by
applying common sense logic and evaluating the “urgency” of the message. Also, pick up the phone or
go directly to the
trusted domain to inquire.
3.
Ransomware
Ransomware is a modern day, technical twist on a crime that has been around for ages - extortion. At
its core,
ransomware works when criminals steal something of great value and demand payment in exchange for
its return. For most
businesses, this involves the encryption of company data. When ransomware hits, businesses come to a
standstill, and
employees cannot do their jobs.
Without restorable back-up data, the company is generally at the mercy of the attacker who will hold
your data hostage
in exchange for a decryption key you can buy with Bitcoin.
Ransomware has matured into its own category of malware and should be a primary concern for all
organizations. McAfee
reported that new ransomware attacks grew 118% between 2018 and 2019.
What you can do: Back your data up and then do it again… in a separate location.
Frequency and
redundancy are key to
your success. If you only back up your system weekly, or if your backup is infected, you’re in for a
lot of trouble.
4.
Malware
Norton defines malware as “malicious software” specifically designed to gain access to or damage a
computer. In the case
of ransomware, it's designed to hold your data hostage, but that isn’t the only kind. There can be
multiple objectives
for malware - power, influence, money, information - but the result is always the same - a time
consuming, often
expensive recovery effort.
Common types of malware include:
- Viruses that spread, damage functionality, and corrupt files
-
Trojans disguised as legitimate software that quietly create backdoors to let other malware
into
your network
-
Worms that can infect all of the devices connected to a network
-
Ransomware that holds your data hostage
- Botnets - a network of infected devices that work together under the control of an attacker
What you can do:
Be cautious about email attachments, avoid suspicious websites (look at the
spellings carefully),
install and continually update a high-quality antivirus program.
5.
IOT Hacking
The Internet of Things is a brave new world that has opened insights into our daily routines and our
business processes
to the web. Whether we like it or not, all of these internet-connected objects are collecting and
exchanging data. As
you know, data is valuable and for that reason, hackers will look to exploit any devices that
aggregate it.
The more “things” we connect - the juicier the reward becomes for hackers. That’s why it’s important
to remember that
personal passwords and business passwords all belong to humans… with memories that we know are going
to let us down from
time to time.
What you can do: Use a password generator to secure all devices with unique
passwords.
Remember, while you’re working within a business, each person has to take personal responsibility
for ensuring your
cybersecurity. You have to prioritize your risks and think through the scenarios that are likely to
affect you, based on
what you know about your unique infrastructure and team. Don’t wait until it’s too late to take a
proactive approach.
Keep focused on what’s coming and work to bring your team up to speed to create the strongest
defense against
cyberattacks.