The invention of the internet has brought great things to the world, like great websites hosted on awesome domain names, all the products under the sun being available on ecommerce sites, and social media bringing people from every part of the globe closer together. But the more businesses and individuals have come to rely on the internet to conduct transactions, the greater the risk that data will fall into the wrong hands. This can be down to carelessness or misconfiguration of systems, but increasingly there’s the possibility of malicious activity or cyber crime, with attempts to steal data or hold organisations to ransom. So, what exactly is this kind of crime, and what is its impact on businesses?
From hacking to crime
In the early days of computer hacking, it was often seen as a nuisance, but relatively harmless. Web pages would be defaced or data accessed essentially to prove the skill of the hacker and nothing more. However, as more and more personal data and financial information has been stored online, a new generation of cyber criminals has recognised that this represents a lucrative opportunity and a much easier way to get rich than robbing a bank.
It’s no surprise then that some of the highest-profile data breaches have taken place in the last decade. Internet service Yahoo reported breaches affecting the data of more than a billion people in 2016. The company has been widely criticised for being slow in publicising the breaches which took place up to two years earlier.
Contrast this with professional social network LinkedIn which was breached in 2012 exposing usernames and passwords from millions of accounts. In this case, however, the company responded quickly, notifying users and advising them as to how to secure their accounts.
What happens to data stolen in this kind of attack? In most cases, it’s put up for sale on the dark web so that it can be exploited by other criminals. An identity here can sell for as little as £10 [1], more if a range of financial information is included.
But there are other ways in which cyber criminals can make money. One of these is extortion, so-called ransomware locks up files on a business computer by encrypting them and asks the business to pay a ransom to get them back. Another cyber crime that has become prevalent in recent years is crypto mining, where malware is installed on a computer to mine crypto currencies such as Bitcoin, effectively stealing processing time.
As new technologies such as Internet of Things devices become more commonplace, cyber criminals will find more ways of exploiting them to attack networks and their underlying data centres or cloud services.
What it means for business
The problem with anything that is stolen and placed up for sale on the dark web is that it has a very long shelf life. Email and password combinations can be around for years after they were first stolen. This means that although people may have changed their passwords, their email addresses, phone numbers, and other details are still available to scammers, leaving them open to phishing and other attacks.
Plus, of course, some people are lazy; they often use the same password across a number of sites so that if one login ID is compromised, others can be put at risk. If it’s your business that has exposed the data, even inadvertently, then your customers are being put at risk and that, in turn, can harm the reputation of your business. It can lose you money too; increasing numbers of people say that they would stop dealing with a business following a breach or cyber attack in which their data was exposed. [2]
There are other risks to businesses as well. The loss of intellectual property to cyber crime could lead to serious damage to your business, resulting in ideas having to be scrapped or even ending up in the hands of competitors. For companies involved in infrastructure, cyber attacks can also bring about serious disruption to the wider public, not just to users of the system.
Of course, there’s the regulatory angle too. Since the introduction of the General Data Protection Regulation (GDPR) last year, businesses face substantial files if they fail to take proper care of their customer’s personal information. Breaches have to be reported in a timely manner too, so there’s no hiding the fact that you have been the victim of a cyber crime or data breach.
All of this is leading businesses to take information security much more seriously than they have in the past. Greater resources are being ploughed into protecting systems and there’s greater awareness that as businesses become increasingly interconnected, there may be risks from other organisations in the supply chain too.
But of course, the cyber criminals aren’t standing still either. They are using increasingly sophisticated techniques and targeting their attacks against what they perceive as the most lucrative targets. The world of cyber security is, therefore, a constant arms race and something to which all businesses, regardless of their size or industry, need to pay attention.
[1] https://www.independent.co.uk/life-style/gadgets-and-tech/news/dark-web-id-value-hackers-cyber-crime-a8683821.html[2] https://betanews.com/2019/02/26/us-uk-trust-after-breaches/