2 minute read
The relentless rise of financial cyber-crime
Cyber attacks on companies are soaring and executives must upgrade their tech skills to understand the threat
In recent years, political cybercrime has repeatedly made headlines. Yet, amid a series of sensational stories, the media has largely overlooked a simultaneous surge in a potentially far more damaging global threat: financial cybercrime. In the UK, the latest annual Crime Survey for England & Wales recorded 515,000 reported cybercrimes in the year to July 2018 involving “unauthorised access to personal information”. The total number of attacks may well be substantially higher, given the underreporting of cybercrime.
Advertisement
Businesses and the wider public have not woken up to the danger posed by financial cybercrime. “Unlike a physical disaster, people find it hard to conjure up the image of a cyber attack on their computer,” says Joe Hancock, head of Mishcon de Reya’s cyber-security consulting team. Firstly, it is not true that cybercriminals primarily focus on large multinational companies. In fact, estate agents, convenience stores and a host of other high-street businesses with high transaction volumes are very tempting targets for hackers, as is anyone who shops on the internet or does their banking online. Secondly, it is also untrue that most cybercriminals are highly sophisticated tech wizards. It is easy for a crook to buy do-it-yourself cybercrime toolkits from an international underworld economy. “Access to software packages that allow criminals to penetrate corporate networks is readily available on the internet,” says Jason Davison, vice president of IT Service & Security at KLDiscovery. “The emergence of ‘darkweb’ malware market places and cybercrime-as-a-service (CaaS) offerings have greatly increased the ability of even novice hackers to gain access to cybercrime tools.”
In some cases, cybercriminals need little more than nerve and a plausible phone manner to steal confidential financial data from individuals and businesses, merely needing to dupe them into revealing their bank details by convincing them on the phone that they are speaking to the bank’s anti-fraud department. Chasing the money is often an impossible task for national police forces because of the borderless nature of data. Within seconds, the original theft can span several national jurisdictions with different regulatory regimes.
For individuals, the rules of defence against cyber attacks are straightforward: devise obscure passwords, change them frequently and hang up if a caller pretends to be a bank’s anti-fraud officer. For companies, the challenge is more complicated. It is not just that routine tasks such as changing unique passwords are often not performed properly when repeated across multiple departments and databases. “Many senior executives I meet need to upgrade their tech skills in order to understand the true threat their businesses face from financial cybercrime,” says Hancock. “Companies can’t hold their tech departments to account when an attack occurs if they don’t know the right questions to ask.”
The lesson for companies is that cybercriminals exploit human weakness in the boardroom as much as in the home.
mishcon.com/cyber
