Cybercrime is becoming increasingly commercialised - making the fight against it more important to businesses and governments across the globe.
According to the head of Europol’s Cybercrime Centre, Troels Oerting, there are only around 100 cybercriminal kingpins behind global cybercrime, but despite the small number of cybercriminals, as an industry cybercrime is growing. A recent report by McAfee predicted that the high returns for low risks make cybercrime an attractive proposition for criminals.
There has been a rise of cyberattacks of all types across all industry sectors. According to a report conducted by FireEye, malware attacks doubled in the first half of 2014, with the UK and Germany being the most targeted countries (due to the advanced internet infrastructure and increasing internet based economies). Government, financial services, telecommunications and energy were the most targeted sectors overall.
What does the future hold?
It may be that the actions of some cybercriminals are motivated by political allegiances and cultural factors, rather than financial gain. However the opportunity to make money or steal commercial secrets is likely to be a key factor in the growth of cybercrime. In addition there are likely to be much more invasive forms of activity in the future as technology and knowledge develops. Current and future developments such as big and fast data, the internet of everything, wearable devices and augmented reality (to name but a few) will provide additional scope and opportunity for criminals to attack businesses and government. According to an article by Fox Business over the next 20 years we could be facing:
- “cyber-jacking” – the hi-jacking of planes via their flight management system (the disappearance of the Malaysian Airlines flight in Summer 2014 led to speculation that the cause might be cyber-jacking);
- automotive viruses – malware could be built into car computer systems (in 2014, an F1 racing team’s vehicle became infected with malware); and
- theft of biometric data – as biometric data becomes more valuable, and sensitive than ever.
With the rapid expansion and sophistication of cybercrime, we are likely to see companies spending more time than ever on precautionary measures.
What can be done?
In a recent article Eversheds considered the question of who should be taking the lead in the fight against cybercrime and across the globe public bodies are stepping up their actions. The European Commission has established a European Cybercrime Centre (EC3) at Europol, in an attempt to fight cybercrime. The UK Government has also set up a £860 million Cyber Security Programme with a view to making the UK one of the most secure places to do business in cyberspace.
The key to effective management of cybercrime risk is identifying and understanding the threats, the level of risks involved and putting in place security measures that are appropriate and proportionate to those threats and risks.
According to a guide published by the UK Government, those businesses most effective at safeguarding their own and their clients’ assets will be the ones that continually gather intelligence on the new threats emerging in their industries and sectors, proactively investigate breaches and review their overall risk management plans regularly to take account of these developments.
A recent Government report suggests that basic information risk management can stop up to 80% of the cyber attacks seen today.
The following ten step action plan to help reduce cyber risk is recommended in the report.
- Home and mobile working - Develop a mobile working policy and train staff to adhere to it. Apply the secure baseline build to all devices. Protect data both in transit and at rest.
- User education and awareness - Produce user security policies covering acceptable and secure use of the organisation’s systems. Establish a staff training programme. Maintain user awareness of the cyber risks.
- Incident management - Establish an incident response & disaster recovery capability. Produce and test incident management plans. Provide specialist training to the incident management team. Report criminal incidents to law enforcement.
- Information risk management regime - Establish an effective governance structure and determine your risk appetite, just like you would for any other risk. Maintain the Board’s engagement with cyber risk. Produce supporting information risk management policies.
- Managing user privileges - Establish account management processes and limit the number of privileged accounts. Limit user privileges and monitor user activity. Control access to activity and audit logs.
- Removable media controls - Produce a policy to control all access to removable media. Limit media types and use. Scan all media for malware before importing on to corporate system.
- Monitoring - Establish a monitoring strategy and produce supporting policies. Continuously monitor all ICT systems and networks. Analyse logs for unusual activity that could indicate an attack.
- Secure configuration - Apply security patches and ensure that the secure configuration of all ICT systems is maintained. Create a system inventory and define a baseline build for all ICT devices.
- Malware protection - Produce relevant policy and establish anti-malware defences that are applicable and relevant to all business areas. Scan for malware across the organisation.
- Network security - Protect your networks against external and internal attack. Manage the network perimeter. Filter out unauthorised access and malicious content. Monitor and test security controls.
Prevention is of course better than cure but planning for how to deal with the fallout of an attack is key to ensuring the impact is minimised as far as possible.