Cyber fraud is something we all think we are prepared for until it actually happens. As cloud becomes the primary location for data storage and organisations prepare for their transition to the metaverse, the possibility of succumbing to a cyberattack has never been greater.
That said, an organisation open to understanding its flaws and putting in place key preparedness measures can significantly limit the impact of any of any attack. So what does that involve?
Cyber fraud happens when online hackers commit actions targeted at compromising personal, financial or other valuable types information stored online. The most common types of cyber fraud fall into four categories:
Despite films like 'The Matrix' and the 'Girl with the Dragon Tattoo' invoking images of hackers sitting in a dark room, filled with screens and lines of code, the biggest cyber threat to modern businesses in 2022 is the least technologically advanced – phishing attacks.
Phishing attacks come in various shapes and sizes, with Fortinet identifying up to 19 sub-categories of attack! Don't worry, we're not going to go through each of them here. But what makes them so successful, and what is the actual biggest cyber threat, is a single common component – you! Or more specifically, the fact that you're a human.
Phishing attacks are so effective because they exploit the 'human element' of a business's operations, leveraging natural curiosity, impulsiveness, ambition and empathy. Although we may think "I'll never fall for that", it's important to remember that these cybercriminal organisations have become experts in manipulating the human element and anyone can fall victim, even some of the biggest names.
The human element goes far beyond phishing attacks and extends to mis-delivery and misconfiguration, or to put it another way – 'humans being humans' and making mistakes. Verizon's 2020 Data Breach Report ranked mis-delivery and misconfiguration as the most common causes of breach at the time. Some headline examples include:
Researchers and analysts predict that 99 percent of data breaches will be user-driven, so the question becomes, what can we do?
Perry Carpenter – cybersecurity veteran, author and chief evangelist-security officer for KnowBe4 explains that the biggest challenge concerns the fact that "workers may be aware of the threats and risks, how they work and what they need to do to avoid them, but still fail to take the necessary actions to keep the company safe." As the UK's ICO recently commented on a similar theme when fining Interserve Group £4.4m for cybersecurity failings which compromised employee data: "the biggest cyber risk businesses face is not from hackers but from complacency within their company".
With this being the case, the most effective plan of attack is a multipronged strategy that engages employees and bridges the technical element of cybersecurity with the human element inherent in all members of the organisation.
It's important to remember that tackling cyber threats and in particular the 'human element', is not a tick box exercise, but something that organisations need to think about in the long term.
The amount of budget you dedicate and the preventative steps you take, will ultimately depend on the size of your business, your resources, type of users and amount of personal data you hold.
One thing everyone can do right now is dig out and review your breach preparedness plan, ensure that the key contacts are up to date and the plan makes sense for the business as currently constructed. And if you don’t have a plan in place, it's time to consider putting this together, a great place to start is our Global Data Hub and if you want some more information or want to enquire about the breach preparedness services we offer, we are only an email away – just don't start the email by asking for my mother's maiden name.
We look forward to hearing from you.
Jo Joyce looks at the main considerations when facing a ransomware attack.
1 / 7 观点
Laura Singleton looks at what cyber insurance covers, what it usually excludes, and at how to get the best product for your business.
3 / 7 观点
Michael Yates and Andi Terziu look at the lessons from recent data breach litigation.
4 / 7 观点
Paul Voigt looks at the incoming NIS2 Directive and how it differs from the NIS Directive.
5 / 7 观点
Matt Quezada looks at what the UK's PSTI Act means for the security of the Internet of Things.
6 / 7 观点
Paul Voigt looks at the EU's plans to protect the security of digital products.
7 / 7 观点
返回