60% of mid-sized businesses were hit by cybersecurity fraud in the UK last year. The average loss per firm defrauded was a staggering £245,000.
All businesses can be vulnerable to online fraud attempts. Awareness and appropriate security measures are key to fighting back against cybercrime.
Cybersecurity fraud in the UK: why is it on the rise?
From the pandemic to more sophisticated fraud tactics, we take a look at the top five reasons why cybersecurity fraud is on the rise.
The global Covid-19 pandemic
The pandemic has pushed more businesses online and more people to work from home, resulting in a huge surge in cybercrime. There were 1.1 billion online fraud attacks in the first half of 2020, starting an upward trend in online attacks such as social engineering and phishing.
Cyber criminals are taking advantage of the rise in digital payments and finding new ways to trick people into providing personal information such as passwords, account details and other payment information. Scams such as fraudulent emails or text messages offering Covid-19 vaccinations and tax refunds as a result of the pandemic have led to people providing personal details and having their money and identity stolen.
Other cyber-attack techniques include:
- Emails pretending to be government announcements.
- False advice and cures.
- Health-related websites containing malware.
New threats and more sophisticated fraud tactics
Fraudsters have found new ways to create new identities that are harder to detect by combining real and fake data. For example, a cybercriminal may steal an address from one person and mix it with somebody else’s national insurance number. The information is then used to open bank accounts and cards.
Evolution of ransomware
The technology and tactics used in ransomware is evolving at an alarming rate.
Distributed Denial of Service (DDoS) attacks are being used in ransomware attacks to speed up the attack. A DDoS attack shuts down a computer by flooding it with traffic to cause the system to crash and shut the user out.
Other ransomware attacks that will pose a threat to organisations in 2021 are:
- REvil: a virus that encrypts files and demands money from the victim.
- The Maze: ransomware is used to encrypt files and threatens to release the information online if the victim doesn’t pay a ransom.
- Ryuk: a crypto-ransomware that blocks access to a device or file through the use of encryption until a ransom is paid.
- Tycoon: a new type of ransomware that is written in java to help it stay hidden on file servers.
- NetWalker: compromises the network to encrypt all Windows devices and uses an embedded configuration for ransom notes.
Cybercriminals are using more automated fraud methods such as script creation and credential stuffing to conduct large scale cybersecurity fraud attacks.
Script creation uses fraudulent details to automatically create accounts, and credential stuffing uses data that has been taken from a breach to takeover a person’s other accounts.
These methods make fraud crimes easier for hackers to commit and more scalable than ever before.
Hackers are taking advantage of technology improvements such as Internet of Things (IoT) and 5G to find new ways to commit cybersecurity fraud. Professional hackers exploit the increasing number of devices and interconnectivity to attack systems and networks.
AI technology is being used by cyber criminals to create new malware programs to trick people into providing personal information that is then used to steal their identity. AI is also being used by attackers to counteract the advancements that is being made in cybersecurity, making it even harder to keep up to date with the latest threats.
As new technologies emerge, users must keep up with new security advice to prevent cyber-attacks from happening.
Protect your business against cybersecurity fraud
The threat of digital fraud is increasing every year. It’s crucial that your business knows how to protect itself and fight back against cybersecurity fraud.
- Perform a security audit: a security audit will identify if your company has any vulnerable areas and recommend solutions to protect them.
- Implement a password policy: a company-wide password policy will make it harder for cyber criminals to figure out. Try implementing passwords that contain words not in the dictionary.
- Provide training on the signs of digital fraud: including multiple purchases, billing and IP addresses that don’t match and failed card verification.
- Double check online requests: evaluate all online requests and be extra careful of any requests that express an urgency.
Our IT security services will give you the knowledge and technology needed to protect your legal firm. Get in touch to arrange your free IT security consultation.