No End in Sight for Rising Cybercrime, Experts Say

Knowing what’s out there is half the battle

By Aliah D. Wright Nov 2, 2016
LIKE SAVE PRINT
Reuse Permissions

Experts say cybercrime continues to rise worldwide. In fact, it's gotten so bad in Europe that some states in the European Union now report that cybercrime has surpassed traditional crime.

That's why companies need to make sure their employees are aware that they are the first line of defense when it comes to cybersecurity, experts tell SHRM Online.

Opportunity is partially driving the trend, according to the 2016 Internet Organised Crime Threat Assessment (IOCTA) report produced by Europol, the European law enforcement agency located in The Hague, Netherlands

"We have seen the number of reported vulnerabilities rise nearly 170 percent in the past five years, along with the level of complexity and sophistication of threats," said Brian Gorenc, director of Trend Micro's Zero Day Initiative, a program for rewarding security researchers for responsibly disclosing vulnerabilities. Trend Micro, a global cybersecurity company, is headquartered in Tokyo.

New cybercrime tools designed to compromise ATMs and mobile devices are also fueling this trend, experts report. They say companies remain the most lucrative targets.

According to a global analysis by IBM, a single data breach can cost, on average, up to $6.53 million.

Many companies could do a better job of safeguarding against cyberattacks, regardless of whether the tools used to launch them are new or old. "A large part of the problem relates to poor digital security standards and practice by businesses and individuals," the IOCTA report states. "A significant proportion of cybercrime activity still involves the continuous recycling of relatively old techniques, security solutions for which are available but not widely adopted," such as backing up data.

Steven Wilson, head of Europol's European Cybercrime Centre, said "2016 has seen the further evolution of established cybercrime trends. The threat from ransomware has continued to grow and has now expanded into sectors such as health care," which SHRM Online reported earlier this year.

According to the IOCTA report, the top business-related cybercrime trends from 2016 include:

  • Crime-as-a-service - Because cybercrime is so lucrative, it's evolving and growing rapidly. "With the chance of being caught or even stopped so low, new members are joining the criminal ranks daily," Hank Thomas, chief operating officer at Washington, D.C.-based cybersecurity investment firm Strategic Cyber Ventures LLC, told SHRM Online. Criminals are selling tools and services to other criminals, increasing the likelihood of future damage—especially by terrorists.

  • Ransomware - The practice of holding the contents of computers hostage until money has been paid to relinquish data is unlikely to dissipate, experts say. "Ransomware and banking Trojans remain the top malware threats, a trend unlikely to change for the foreseeable future," the report states. Banking Trojans are malicious programs cyber thieves use to gain access to client data through online payment and banking systems.

  • Criminal use of data - Data remains a key commodity for cybercriminals. In many cases, it is acquired for immediate financial profit. But it is also increasingly being acquired to perpetuate more-complex and more-lucrative fraud, encrypted for ransom, or used directly for extortion.

  • Payment fraud - Malware attacks against ATMs continue to grow. In addition, organized-crime groups are beginning to manipulate or compromise payments involving contactless near field communication cards. These cards use radio-frequency identification for making secure payments (think Apple Pay).

  • Abuse of the "dark net" - Criminals continue to share and sell illicit commodities and data such as firearms, credit card information and employee data on the dark net, a restricted online peer-to-peer sharing network. While extremist groups currently using cybertechniques to conduct attacks are limited, the IOCTA report states, cybercrime tools and services continue to be available.

  • Social engineering - CEO fraud, in which top executives are targeted and tricked because of their access to data, has become a critical threat. Law enforcement authorities continue to pursue the increase in phishing campaigns aimed at high-value targets such as companies' top leaders.

  • Virtual currencies - The bitcoin remains the optimal currency for criminals. It is used as payment in the digital underground economy and to pay for goods and services on the dark net, the report states. The bitcoin has also become the standard type of payment for extortion.

HR Should Be Proactive

Karla Jobling, who specializes in the recruitment of cybersecurity professionals, told SHRM Online via e-mail that there are a number of steps HR professionals can take to ensure that their companies' systems are secure and that their employees fooled by by cybercriminals.

"Good encryption, monitoring, proper identity management, penetration tests and regular updates are all important," said Jobling of BeecherMadden Ltd., a London-based staffing and recruitment firm.

However, many attacks are conducted by very simple means, and making sure all employees are aware of the methods cybercriminals use is crucial to ensure that these attacks do not succeed, she says. She suggests that companies make sure their staffs are trained on how to spot phishing e-mails and whaling attacks and how to practice good password management.

Forward-thinking organizations are also making use of behavioral analytics and machine learning, also known as artificial intelligence, to address potential internal threats.  "Companies that have good cyberprocesses in place are looking at their employees' behavior to stop the insider threat before it is a problem," according to Jobling.

[SHRM members-only webcast: AI for HR]

Staying on top of the problem is critical, she added: "Crime changes over time, and cyber is the new fraud. However, if data is the new currency, cybercrime will get worse before it gets better."

          Was this article useful? SHRM offers thousands of tools, templates and other exclusive member benefits, including compliance updates, sample policies, HR expert advice, education discounts, a growing online member community and much more. Join/Renew Now and let SHRM help you work smarter.


LIKE SAVE PRINT
Reuse Permissions

SHRM WEBCASTS

Choose from dozens of free webcasts on the most timely HR topics.

Register Today

Job Finder

Find an HR Job Near You

SPONSOR OFFERS

Find the Right Vendor for Your HR Needs

SHRM’s HR Vendor Directory contains over 3,200 companies

Search & Connect