According to new research by recruitment finance provider, Sonovate, IT security professionals are currently the most sought-after workers in the UK’s growing jobs market.
The growth for such roles has reached 19 per cent – a new year-on-year high and is expected to reach 30 percent over the course of 2016. Richard Prime, co-CEO and co-founder of Sonovate suggests “IT security has always been important for companies looking to protect their business interests – something which has only been reinforced by the recent spate of high-profile data breaches and cyber-attacks.” The rise in cybercrime is becoming increasingly a concern for us as an IT company who support small business’ – the desired target of this crime.
Cybercrime is no longer about fancy hacks and sophisticated exploits, an increasingly common and lucrative scam to which businesses are falling victim to involves simply just a bit of phishing and social engineering. This type of cybercrime is commonly known “CEO fraud” or “business email crime” and is becoming increasingly problematic for business owners. According to the FBI, losses incurred from this scam have cost companies more than £1.43bn over the past two years.
Here’s how it works; the hacker impersonates email accounts from senior managers at the target company and requests (fraudulent) wire transfers from employees. The hacker registers an almost identical domain to the victims so the unbeknown victim would very rarely notice the difference, for example if jon.snow@lucidica is the normal address, the hacker would register a domain called ‘Lucdica.com’ and create the email firstname.lastname@example.org. The hackers even go so far as to study the communication style of the victim that they’re impersonating, via social media, so as not to raise any suspicion. If all goes to plan, the recipient will approve an otherwise unauthorised transaction. And just like that, there’s cash in the thieves’ bank account.
According to figures from the FBI, there has been a sharp rise in this type of cyber scam. While $1.2bn was lost between October 2013 and August 2015, through the scam globally, the losses have increased by an extra l $800m over the past six months. So far it appears that almost 12,000 companies have fallen prey to this scam, and this number keeps increasing. It appears that anyone can fall victim to this type of scam – both large and small companies have been subjected to this type of cybercrime, with real estate firms looking to be the new focus of the hackers.
This type of scam is a global problem and has been allegedly reported in as many as 108 countries. Criminals don’t have borders and this is a global problem. It’s easy, all you need is a computer. Even large organisations are not exempt from this type of crime regardless of what security measures they have in place.
The only preventative method for this type of cybercrime is that businesses implement a two-factor authentication for email as well as phone verification for wire transfers – and for employees to be vigilant and to be on guard for suspicious emails – even if it’s from your boss.
We also advise you to
• Never carry out any correspondence on public Wi-Fi;
• Never open email attachments or hyperlinks unless you are absolutely sure they are safe.
• Never install software that isn’t from a trusted, established brand.
Another rising trend in cybercrime in ‘ransomware’ – the act of turning a machine against its owner, taking a device hostage and demanding money to return it. Worryingly the viruses that carry out these attacks are becoming increasingly common and normal Anti-virus protection doesn’t pick this type of virus up – so there’s no way to know if you’re going to be targeted. Previous versions of the virus alerted users, stating that a user’s device has been overridden with malware and offering to clean it up, for a price, with an antivirus software—all fake, of course. However, today’s more sophisticated varieties take over a victim’s computer completely, locking up years of invaluable photos and sensitive documents and refusing to return them until a ransom is paid, usually in BitCoin – so there is no way to trace the transaction. With more and more of our personal documents being stored on our devices the information that stored is incredibly valuable. These virus’ don’t just encrypt documents stored on the computer, they can also encrypt files across the network – so on server drivers and remove local Backups. This type of cybercrime isn’t just limited to desktops or laptops – there have been cases on Android phones and even Smart TVs.
These attacks, therefore, are incredibly lucrative, especially in the SME industry as the majority of small/medium businesses backup all of their information locally and only the critical data on the cloud. One researcher discovered that a hacker made upwards of $1 million in a single day off several hapless users desperate for their data back. Imagine thieves sneaking into your house while you’re away, and instead of disappearing with your valuable possessions they stand blocking the front door trying to sell you the key – that’s ransomware.
Just as with “CEO fraud” there is no clear-cut answer on how to avoid this type of cybercrime, the newer incarnations of the virus are incredibly difficult to defeat and advances in technology and open-source encryption mean they’ll only get trickier.