Cybercrime is becoming increasingly sophisticated – and cybercriminals are increasingly targeting big business. Does that mean that you and I can relax? Sadly not – we need to be more on our guard than ever…
No-one reading these articles over the past 12 months can fail to be aware of cyber-security. This time last year the world – or at least the world’s computers – was recovering from the WannaCry virus, which was swiftly followed by NotPetya as businesses and organisations around the globe were affected. I suspect there are a good many company accounts being published around now with ‘miscellaneous payments to suppliers’ covering a ransomware payment the directors have decided the shareholders and press do not need to know about.
Since then we have covered computer hacking, more ransomware, data breaches and fraud – as cybercrime continues to be a problem for everyone, and as the GDPR regulations bring with them the latest opportunity for fraudsters to carry out phishing expeditions.
GDPR has also brought with it a draconian enforcement regime that can see companies fined up to €20m ( or 4% of turnover). Well, there are plenty of companies whose net profits are not 4% of turnover: GDPR will unquestionably put some companies out of business.
GDPR has also introduced us to a new acronym – CIO. It stands for Chief Information Officer and it is the person in a company or organisation ultimately responsible for looking after your data, and for reporting data breaches as and when they occur.
So what do these CIOs worry about?
Consultants KPMG – along with recruitment company Harvey Nash – have just published their latest survey from 4,000 CIOs, working for businesses with a combined cybersecurity spend of $46bn.
The good news is that cybersecurity is moving up the corporate agenda – and it is being taken more seriously. David Ferbrache, technical director at KPMG, says that the discussion in company boardrooms has become “more mature,” moving from ‘how do we keep ourselves off the front page?’ to ‘what do we really need to do to button down cybersecurity and privacy?’
So far so good – but the survey also found that a worrying number of firms felt unprepared. Only 22% of those surveyed – and the survey was done as recently as April – said they felt adequately prepared for a cyber-attack, with 38% admitting that they would not be GDPR compliant by the deadline. (My – admittedly anecdotal – evidence would suggest that the figure of 38% would be far higher among small businesses. I spoke to no-one who was confident they had ticked all the GDPR boxes by May 25th.)
The CIOs highlighted two main worries in the survey – a skills gap, which takes us right back to the classroom and the UK’s continuing insistence on teaching our children about ox-bow lakes – and organised crime.
It is no longer the amateur hacker…
The KPMG survey found that 77% of CIOs were most worried about organised crime, up from 71% in the previous year – and we appear to have moved on from last year’s ransomware attacks. Now CIOs are worrying about cryptocurrency malware – an infection in your computer system that makes it begin mining for a cryptocurrency such as Bitcoin. The mined currency obviously goes to the hacker, while the company pays the very considerable cost of the mining.
As we wrote recently, there are estimates that Bitcoin mining could use 0.5% of the world’s energy in 2018 with countries like Iceland already seeing mining using as much power as the country’s domestic consumption – so what better than targeting a major company’s power supply?
So can I relax?
Does that mean you and I can breathe a sigh of relief? That as organised crime increasingly turns its attention from drugs and prostitution to cybercrime it will forget about ‘normal people?’ That phishing attacks – which surged after TSB’s infamous meltdown – are going to become a thing of the past?
Sadly not. If anything, they are going to increase. David Ferbrache describes the ‘battleground’ between companies and organised crime as “transnational.” It is, he says,
“Quite industrialised, and increasingly supported by an effective black economy of tools, targeting and attack methods, with a good monetisation and cash out structure as well.”
Simply translated that means that while organised crime may concentrate on big business, smaller criminals will focus on you and me and that they will be able to buy the necessary tools, equipment, programmes and apps on the dark web.
How refreshing then, to know that the companies we all deal with in our daily lives are taking our security so seriously.
Or maybe not…
You may have noticed that the World Cup starts this week. I like sport, and I occasionally like to reinforce my opinion by having a bet. Seduced by their World Cup offers I opened new accounts with two online bookmakers last week. Opening the accounts was simple – it took less than five minutes in both cases – and that allowed for me having to come up with a new password. Why? Because the password I always use – let’s say it is Arsenal66?! – was rejected by both companies. And it was rejected for being too complicated. Fair enough if it was the XuB%6nT54”£gH3Gg6£ beloved of random password generators. But seven letters, two numbers and two characters?
What that means is that it is up to us. If you want to stay safe online – and if you want your money to stay even safer, then you need to get at least the basics right. To quote David Ferbrache again,
“That’s having antivirus software, firewalls, plus good username and password management. Getting those basic things right will stop the vast majority of attacks.”
But not all attacks. It used to be said that the only certainties in life were death and taxes. I think we can add cybercrime to that list. By this time next year, I will have written another article about a massive ransomware attack, a huge data breach at a company millions of us use every day and the first punitive fine will have been handed down under GDPR. All of those will make the headlines: what will not make the headlines is £200 disappearing from your bank account or your electricity bill shooting up because you are unwittingly mining Bitcoin. Make sure it does not happen to you…