Cyber Security Accountability Does Pay

Cybercrime in 2015 was nothing short of epic. No one could have anticipated headline news stories such as Sony Pictures Entertainment hacked by a group allegedly sponsored by North Korea; a 15 year old member of a group behind the TalkTalk hack; and the FBI’s advice on ransomware – just pay the ransom!

So what can we expect in 2016?

Expect the typical cyber-criminal to be someone who is sophisticated, intellectual and aggressively innovative.  They are armed with intelligence and the mental capacity to constantly adapt, making them incredibly hard to track and control.

Expect organisations, not individuals, to be the targets of organised cyber-crime. Cyber-criminals are now seeking million dollar pay days. It can also be expected that cyber criminals will convert any stolen funds into crypto-currencies such as Bitcoin.

Expect more integrity and social engineering attacks – hacks with the purpose of gathering information. These hacks arm the hacker with the details required to launch a large and sustained attack in the future. These kind of attacks may go unnoticed initially, but can cause the wrong decisions to be made, including invoices being paid into the wrong accounts (usually those of the hackers).

Expect more malware attacks on portable devices like mobile phones and tablets. Malicious apps are being sold on the Dark Web – apps that mimic the graphic user interface of banking, eCommerce and other popular apps with the intention of tricking the user into providing card details.

Expect more ransomware attacks. The United States of America have seen a huge increase in the number of ransomware attacks in the last 12 months, and the numbers only look set to increase. The Cryptolocker gang grossed over $30 million with a very simple attack within just 100 days, with approximately 40% of Cryptolocker victims ending up paying the ransom. Unlike many other ransomware gangs, Cryptolocker does actually delete your files if you do not pay. You can say goodbye to you customer details, financial plans and other important documents. Thankfully, unlike other ransomware companies, if you do pay they restore your files within 48 hours.

There is also an expected increase in the number of users on the Dark Web, which will result in an increased volume of crime. As access to the Dark Web using a free, specialist browser allows users to mask their location, the likelihood of being caught buying or selling services is near enough impossible.

After all the news in 2015, what are organisations now doing differently?

Well according to recent reports, not much.

A recent study of 1,530 non-executive directors, C-level executives, Chief Information Officers, and Chief Information Security Officers from organisations across the United States, United Kingdom, Germany, Japan, Denmark, Norway, Sweden, and Finland, found that:

  • 91% of organisations that had a high level of vulnerability also had board members that could not interpret a cyber security report;
  • Only 10% of organisations with a high level of vulnerability are regularly updated with information about the types of threats to cybersecurity that are pertinent to their organisation;
  • Only 9% of organisations with a high level of vulnerability have their systems regularly updated in response to new cyber threats.

Events in 2015 have made it very apparent that Cyber-security should be a board level concern.  It threatens both the  financial capital and integrity  of companies, therefore it is worrying that the C-Suite play a small part  in decision making concerning Cyber-security. Hackers are only getting bolder – embarking on harsher attacks, some unrecoverable. For companies that continue to overlook the importance of Cyber-security,the risk is getting bigger and the consequences – less forgiving.

Posted 3 years ago on · Permalink