Guess how much cybercrimes costed the worldwide economy in 2018? Take a guess. Now wait for it…$60 billion. You heard it right.
60 billion dollars.
But before we dive into the types of cybercrimes that could be creeping at your front door, it’s important to baseline what cybercrime is.
What is Cybercrime?
A cybercrime is defined as the criminal activities carried out by means of computers or the internet. A cybercrime may use the computer as the target of the crime (ie. hacking it to gain information, installing ransomware to obtain a payout, etc), or it may use the computer to commit an offense (ie. phishing for information or money, and identity theft).
Types of Cybercrime
A recent study from accenture outlined various types of cybercrimes as well as their associated costs from 2018. Below are 9 types of cybercrimes you should be aware of. Even though the initial thought of these costs might be unnerving, there are many things you can do to protect your business from these types of threats! Let’s take a look at a few of them:
Malware – $2,613,952
Malware is defined as software designed to damage, disrupt, or gain access to a computer. Malware can take many forms such as executable code, scripts, content, or other software. You may know these forms as viruses, trojans, spyware, etc.
Web-based attacks – $2,275,024
Web-based attacks include cybersecurity attacks against websites, applications, and exposed APIs. Hackers target your DNS servers or execute DDoS attacks that can bring your business down, even if your DNS is protected. These attacks are dangerous and often can be difficult to defend against.
Denial of service – $1,721,285
A denial of service (or DoS) attack is meant to shutdown a computer or network. This is done through flooding the network with traffic to make it unavailable to users. These attacks can be done through flooding attacks (overwhelming the system with traffic) or crash attacks (transmitting bugs that exploit vulnerabilities in the system to make it crash).
Malicious insiders – $1,621,075
Malicious insiders account for a large amount of cybercrimes. These insiders may be employees, former employees, contractors, or anyone who has inside information concerning the company’s security practices. These individuals can have an upper-hand on committing cyber crimes as they are familiar with the policies, systems, and data within the company.
Phishing & social engineering – $1,407,214
The practice of phishing is a cyber scam involving sending emails faking the sender as either part of the organization, or a reputable business, in hopes to coerce employees into revealing personal info. This info could include credit card information, login info, money wiring, and more.
Malicious code – $1,396,603
Malicious code describes any sort of code within a software system or a script that intends to cause damage or a breach to a system. It is not easily controlled by antivirus software alone and a professional should be consulted to help determine if malicious code is present in your systems.
Stolen devices – $973,767
Criminals can access personal information and commit identity theft through stolen devices.
Ransomware – $645,920
Ransomware prevents users from accessing their systems or files until a ransom is paid. Sometimes, even after the ransom is paid, users still cannot access their information. This threat typically comes in the form of a software that takes over the computer.
Botnets – $390,752
Botnets are groups of computers that are infected with malicious programs without the owner’s knowledge. This network of infected computers is used to send spam, or infect other computers to join the botnet.
Major Categories of Cybercrime
Cybercrime comes in 3 major categories. Crimes against people, property, and government.
- Cybercrime against people
These types of crimes deal with online harassment, stalking, credit fraud, human trafficking, identify theft, and more. An example would be an individual distributing false information online about another person.
- Cybercrime against property
Cybercrime that happens against a computer or server is a crime against property. This includes DDOS attacks, transmitting viruses, vandalising computers, infringing on copyright, hacking, etc. A hacker who runs phishing scams to gain access to user’s bank account information would be committing a crime against property.
- Cybercrime against government
Cybercrimes against the government are typically through terrorists or anti-government organizations. These include hacking government or military property, cyber warfare, pirated software, accessing confidential information, etc.
The Most Vulnerable Industries for Cybercrime
The costs discussed above are huge, but who’s at the most risk? Probably not surprisingly, there are some industries that are higher targeted for cybercrime than others. Are you one of them?
- 40% of data breaches are targeted at Businesses
- 35.4% of breaches are targeted at Medical and Healthcare industries
- 8.1% of breaches are targeted at Government or Military
- 7.4% of breaches are targeted at Educational institutions
We think it’s important to discuss why 40% of breaches are targeted at business. They are targeted the most, but (maybe unsurprisingly) they have the LOWEST amount of security measures put into place! Businesses just are not investing in cyber security in the way that they should. An ounce of prevention is equal to a pound of cure in these cases. Luckily, there are many things you can do to protect your business from a data breach.
Preventing Cybercrime in Your Business
In the tech-driven world we all live in, it can be difficult to stay safe. Some companies don’t even notice a data breach for weeks, or months which can be detrimental to the business. There are some simple rules-of-thumb that all business can take to help their employees be safer.
- Teach employees to be careful when browsing the internet. Blocking certain sites can help overcome this.
- Have employees mark shady emails as “spam” and report anything suspicious.
- Encourage employees to never click on strange links or ads. Ad-blocker should be enabled to help mitigate this.
- Use a company VPN.
- Ensure all anti-virus tools are up-to-date and working.
- Have a strong password policy.
- Speak with an established IT consulting firm for recommendations.
Preventing a data breach can begin with something as simple as training your employees. Even implementing the simple steps above can help tremendously if there are no web-security practices in place. Only 22% of small and medium sized businesses actually have any sort of security training in place for this! Putting your employees through a simple training course on the types of threats and how they can help prevent them can be extremely helpful in the long run of your business. Web-based attacks and phishing attempts are the most prevalent types of attacks. Make sure everyone is aware and understanding of the threats.