More than 2,000 complaints per day and about $4.2 billion losses due to cybercrime and Internet frauds in 2020: these are some of the figures reported in the US by the FBI’s Internet Crime Complaint Center.
The uptick in cybercrime is mostly made of business e-mail compromise (BEC) cases and ransomware attacks. About 19,000 BEC scams were reported in 2020, with hacking or social engineering criminals penetrating legitimate e-mail addresses and stealing about $1.8 billion. Ransomware victims have increased a lot in the last twelve months; the American health care provider Universal Health Services announced $67 million losses after a single ransomware attack last September.
While the cybersecurity industry is adopting modern and sophisticated defensive systems, cybercriminals are sometimes exploiting the most basic tricks to achieve their goals. A study by a consortium of UK researchers, including WMG and the University of Warwick, analyzed the momentous surge in cybercrime during the Covid-19 pandemic. In some peak weeks, around three to four new attacks were being reported daily, revealing a direct connection between governmental policy announcements and cybercrime campaigns.
Scams pretended to impersonate public authorities such as the World Health Organization, healthcare services offering Covid-19 cures, or well-known organizations endorsing relief campaigns. Such scams were typically sent by text or e-mail messages, with a URL pointed to a fake institutional website that requested debit/credit card details. Most of these phishing, smishing, or malware campaigns were successful.
This reminds us of how relevant the human element is when dealing with cybersecurity. Although often underestimated, independent surveys said 90% of security breaches come out of human inadvertent errors.
With the pandemic resulting in more people working from home and accessing business-critical data from less-secure locations and less-protected devices, the potential vulnerabilities for cybercriminals have grown enormously. Also, cybercrime has evolved into a well-organized, professional, determined business, driving an economy which is about 7 times the size of Amazon, and 60 times that of Tesla.
While a security-by-design approach is absolutely needed when developing and implementing any digital system, private and public organizations are increasingly looking at cyber-awareness programs to educate their employees and share appropriate security policies and practices.
It might not be far the day when recruiters will measure the Cyber Quotient by assessing who the candidate is, what he/she knows about cybercrime, how much he/she is used to mitigating risks. This parameter would quantify the human element of cybersecurity and potentially become the basis for hiring new employees.