Cybercrime 2021: Online crime at record level thanks to Covid

New software solutions, increasing data traffic and more and more people working from home The Covid pandemic has changed the world of work and started a new golden age for cyber criminals. The Verizon Business 2021 Data Breach Investigations Report (DBIR) shows a third more breaches than in 2020. We have summarised the facts and figures for online crime in this article and provide advice on how you can protect your company from cyberattacks.

New challenges for companies

In the 14th edition of the report, 83 authors analysed 29.207 security incidents. 5.258 of these incidents were explicit security breaches (compared to 3.950 breaches last year). There was data from 83 participants with data subjects from 88 countries. Among these participants were members from 12 different industries in three regions of the world. The report classified the security risks using incident classification patterns. These patterns are used to classify the multitude of different threats in a meaningful way and have been revised again this year. They explain 95.8 percent of the security breaches analysed and 99.7 percent of the incidents investigated. This approach aims to make the risks understandable and to identify solutions.

When examining how cybercrime affects global security, the authors of the study found eleven percent more phishing attacks and a six percent increase in ransomware attacks. Cases of fraudulent misrepresentation have also increased fifteen-fold since 2020. 61 percent of the detected attacks involved login data. In what is known as credential stuffing, criminals use stolen credentials from one service in an attempt to gain access to accounts for other services. 95 percent of all companies that were victims of such an attack recorded between 637 and 3.3 billion malicious login attempts in 2021. Attacks on web applications also make up a large proportion of the security breaches recorded in the report, at 39 percent.

Tami Erwin, CEO of the telecommunications group Verizon Business, believes new demands are being placed on the IT security of companies due to the Covid pandemic. New challenges arise primarily from the fact that critical activities are increasingly taking place in the cloud. The risk of cyber threats has increased for almost every company, because human error and dependence on digital infrastructures offer profitable starting points for criminals. In Germany, the average cost per incident was EUR 21.818.

Quelle: https://www.security-insider.de/cyberkriminalitaet-floriert-waehrend-der-pandemie-a-1023872/

 

Cybercrime - an issue for every industry

The DBIR analyses a total of twelve industries. It becomes clear there that everyone is focusing on cybersecurity, but some businesses are more affected by security incidents than others. For comparison: 83 percent of compromised data in the insurance and financial sectors was personal in nature. In the scientific and technical area, it was only 49 percent.

Regional differences in motives and techniques

In the Asia-Pacific region, cybercrime is often financially motivated. The criminals generally use phishing to obtain access data from employees in various companies, thereby gaining access to email accounts and web application servers.

In Europe, Africa and the Middle East, cyber criminals focus primarily on web application attacks, system intrusion and social engineering. Web applications are computer programs that visitors use to send or retrieve data from a database via the internet. Since this data is mostly sensitive information such as account information, these applications are a worthwhile target for criminals.

In North America as well the hackers’ motives are mostly financial. Either the criminals obtain the money directly through their attacks or they steal data that they can quickly turn into money. This is increasingly happening through social engineering, hacking or the use of malware. Hacking involves the use of technology or know-how to overcome obstacles (in this case security mechanisms). Malware, on the other hand, relies on malicious code. It is usually downloaded by mistake. Once downloaded, it infects the device and works in the service of the criminals.

Quelle: https://www.security-insider.de/cyberkriminalitaet-floriert-waehrend-der-pandemie-a-1023872/

 

Alex Pinto, the main author of the report, makes it clear that this variety of threats does not require a particularly unusual, innovative solution. That is because as extraordinary as the circumstances of a security incident may be, a solid security foundation for the most likely threats is often the best protection.

Cybersecurity at all company levels

The digital association Bitkom gives companies advice on how they can protect themselves against cybercrime. It is not only large corporations, but also small businesses that are worthwhile targets for criminals. Unfortunately, many see the risk as abstract, and cybersecurity is still not part of everyday work - the high costs of protecting against cyberattacks do not seem justified. In addition, there is often a lack of the financial resources and knowledge needed to protect companies.

Managers as role models

Of course, trained staff is an elementary component on the way to the correct handling of data. But in general it is also true that cyber security should be a top priority for management. Managers not only have to promote the conscientious handling of data, they also have to set an example. This also includes conveying knowledge and creating an understanding of possible risks in order to be able to realistically assess threats. It is best to ensure this exchange of knowledge across the entire company. Appointing a security officer is also helpful in this endeavour. Because security concerns everyone.

Set priorities

It is not possible to protect every part of a company from cybercrime to the same degree. The more elementary a process is for a company, the better it should be protected. You should therefore identify the most important processes and critical structures in advance and make it clear where exactly sensitive data is located in order to develop a realistic security concept.

Accept help

The market is full of security service providers that offer many different services and products. Suitable partners can be of valuable help if you analyse in advance where your company needs support. Actively seek cooperation with service providers and security authorities - ideally before something happens. However, do not delegate all cybersecurity tasks to external providers. Every company has to know its own processes and inform itself about risks. Otherwise their security protection is never comprehensive.

Security as part of the corporate culture

A well thought-out security concept is primarily based on prevention. All aspects should be questioned, checked and improved at fixed intervals. Always evaluate the individual risks including their probability of occurrence and determine who is responsible for which areas in the company. If a security incident does occur despite all the measures taken, a clear plan is of course crucial for an orderly and comprehensive response to a cyberattack.

Overall, the aspects of cybersecurity can be broken down into three categories:

Insurance for cyber damage? Of course!

Even with comprehensive protective measures, a hacker attack can hit anyone. Even an operating system can be a gateway for attacks. With the Professional Indemnity Insurance for IT Professions from exali, you are also fully insured in these cases. If, for example, a programming error on your part results in a security loophole at your customer that enables a hacking attack, the insurer will pay for the damage incurred. If your own business falls victim to a cyberattack, the First-party Cyber and Data Risks Insurance (FPC) add-on has you covered.