Short answer: yes. Although we’ve recently heard so much about sophisticated cyber crimes like those launched on a national scale—i.e. Russia—the truth is, most attacks are simple and home grown. In fact, unassuming employees make up the bulk of attacks happening today. That means companies need to change their perspective on how to protect themselves. Planning only for sophisticated cyber crimes in today’s digital landscape—it just won’t cut it.
First off, all of us have a different concept of the term “sophisticated cyber crime.” So, what exactly is it? Think of it this way: sophisticated cyber crimes require gathering information on specific networks with the intention of exploiting that specific network from the get-go. Unsophisticated crimes? They’re basically the equivalent of throwing spaghetti at the wall to see what sticks. The more spaghetti they throw, the more likely they are to “stick” a win. They don’t care which company they hit—just as long as long as they get the data. They don’t even have to be super techy to do it. The UK’s National Crime Agency reported the average age of a cyber crime criminal was just 17 years old. Not exactly 007! So why are so many of us falling victim to their tricks?
The following are just a few of hackers’ most common—and simple—methods:
Trick #1 – Phishing via Convincing Emails
I have a friend who worked for a hospital, where data is heavily monitored due to HIPPAA regulations. One day, she received an email indicating that she needed to change her password due to an attack on the system. She didn’t realize at the time that the email was simply an attacker who was “phishing”—sending a message to multiple employees to see who would be dumb enough to provide their personal information when they clicked it. Luckily, this phishing email was just a test from the hospital itself—a test she failed, by the way. But she’s not alone in fall for such simple hacking methods. In fact, Fast Company, Snapchat, and others have all suffered phishing attacks thanks to a lack of awareness from their own employees. In fact, Accenture reports that 2/3 of businesses have experienced data theft from within their own organizations.
Trick #2 – Injecting Malicious Code via Email Attachments and Links
Did you know that wannabe cyber hackers can actually purchase ransomware right off the shelf just by searching online? I feel like inserting the “face palm” emoji here. It has not become so easy for kids and bored techies to pretend to do sophisticated cyber crimes right from their own couch for bedroom. This problem is so prevalent it needs to be hit at multiple levels—search engines included.
Trick #3 – Gaining Network Access Through Personal Devices
BYOD has gone viral—and so have threats associated with BYOD. A recent report showed that nearly half of 400 IT professionals said detecting or preventing insider threats has become next to impossible due to the endless number of connected devices companies are now exposed to. The more connected we become, the less sophisticated cyber crimes have to be in order to impact at least one target.
So, what can be done about these increasingly prevalent attacks on our data? Here are just a few tips:
Check your foundation. Simply “throwing money” at your security budget or buying more sophisticated cyber crime prevention software will not fix this problem. Start at the bottom to ensure that your companies bases are covered from the ground up.
Train. Make sure your employees understand the clear and present danger of phishing emails and always check for signs, such as strange or unfamiliar URLs embedded in the message), before responding to them.
Make a BYOD plan. BYOD is great. Tons of companies are saving money and improving productivity because of it. But BYOD also comes with an associated risk. Make sure that before you dive in, you have clear guidelines and processes in place to reduce that risk.
There is no fool proof way to prevent cyber crime in today’s digital landscape. It is simply too easy for criminals to access business data. However, when you understand that today’s cyber attacks are not sophisticated cyber crimes, and instead reframe your view of how simply they really are, you empower your entire company to better safeguard your data.
Additional resources on this topic:
Key Takeaways from Cisco’s 2018 Cybersecurity Report
The Roles CFOs and CMOs Need to Play in Cybersecurity Protection
This article was originally published on Futurum.