Security firm Symantec’s latest Internet Security Threat Report makes grim reading.
Not only is the UK the most targeted nation in the world for spear phishing attacks and social media scams, but it ranks second only to Germany for ransomware attacks. Spear fishing is a planned e-mail spoofing fraud attempt to get confidential data, and ransomware involves using malware to encrypt the victim’s data. There is then a request for money to the victim for the release of their own data.
Professional Cyber Criminals
One shocking aspect of the evolving and ever more sophisticated world of cyber crime is the adoption of corporate best practices and the establishment of professional businesses by cyber criminals.
It is now not uncommon for cyber criminal organisations to not only have superior hacking skills but also call centre operations and their own technical staff!
This shift to a more ‘professional’ criminal status and the associated scale and reach means that cyber crime risk levels are reaching critical for businesses and consumers alike.
Same Day Attacks
Professional cyber criminal gangs have been particularly successful in actively searching for and finding software, hardware or firmware vulnerabilities, and exploiting them on the same day. 3 out of 4 websites globally for example have unpatched vulnerabilities. The Symantec reports shows that these so-called ‘zero-day’ attacks have showed a 125% increase in 2014 to 2015.
Malware Up & A Big Year For Data Breaches
Not only did malware increase 36% in the same year with 430 million malware variants, but 2015 saw record breaking data breaches reach 191 million record with 9 mega-breaches involving more than 10 million records each. Over 80% of companies however chose not to report the records that were lost which means that in reality breaches could actually have exceeded half a billion!
The Old Ones Are The Best
The Symantec study confirmed that like the rest of us, cyber criminals like a degree of certainty that their efforts will pay off. This is why methods like fake technical support scams saw a 200% increase, although even this crime has had an update thanks to the addition of fake warning messages smart phones prompting the owners to call the (criminal) call centres.
What Does This Mean For Your Business?
These latest figures highlight the need for all businesses to take a serious and professional approach to their own IT and cyber security as soon as possible.
Schemes such as the government’s Cyber Essential’s Scheme is a good place to start, and seeking other specialist IT security help is now commonplace.
Staff training and education, risk assessment and management, penetration testing, tightening of data protection, and a greater focus from the top down on IT governance and increasing cyber resilience should now be a priority for businesses.