Fraudsters are taking advantage of increasing digital dependence to steal personal and financial information, leading to what FBI Deputy Director Paul Abbate described as “an unprecedented increase in cyber-attacks and malicious cyber activity”. With $6.9B in losses attributed to cybercrime in the last year, it is more important than ever to arm employees with tools like VPN, anti-virus protection, and password managers to help protect their corporate and personal devices from vulnerabilities that can lead to data compromises, theft, and fraud. Let’s look at 4 cyberthreats employers should account for in their cybersecurity plans.
Business Email Compromise (BEC)
The 2021 FBI Internet Crime Report found that among the complaints they received, ransomware and BEC schemes were among the top incidents reported. In fact, BEC schemes resulted in 19,954 complaints with an adjusted loss of nearly $2.4 billion.
Criminals attempting BEC scams target both businesses and individuals to compromise legitimate business email accounts and conduct unauthorized transfers of funds. A new form of BEC has emerged with the uptick in remote work and virtual communication during and since the COVID-19 pandemic. Now, some fraudsters are using virtual meeting platforms to hack emails and spoof business leaders’ credentials to initiate fraudulent wire transfers.
In 2021, the FBI’s Internet Crime Compliance Center (IC3) received 3,729 complaints identified as ransomware with adjusted losses of more than $49.2 million. Ransomware is a type of malicious software, or malware, that encrypts data on a computer, making it unusable. A malicious cybercriminal holds the data hostage until the ransom is paid. If the ransom is not paid, the victim’s data remains unavailable. Although cybercriminals use a variety of techniques to infect victims with ransomware, the IC3 found the top 3 in 2021 were:
Remote Desktop Protocol (RDP) exploitation
Exploitation of software vulnerabilities
If under attack from ransomware, the FBI advises not to pay the demanded ransom to attackers, as they believe that it may further embolden bad actors to perpetrate attacks on other organizations and, ultimately, may not guarantee that the victims files will become available.
The Identity Theft Resource Center (ITRC), a non-profit organization established to minimize risk and mitigate the impact of identity compromise, noted in its 2021 Annual Data Breach Report, that a total of 1,862 data compromises occurred in 2021, breaking the previous record of 1,506 set in 2017, and up 68% over 2020. In these breaches, 293,927,708 individual credentials were compromised. The ITRC found that so far, in 2022:
There were 14% more reported data compromises in the first quarter of 2022 than in the first quarter of 2021. This is the third year in a row that the number of overall data compromises increased in comparison to the previous year’s initial quarter.
Approximately 92% of the data breaches in the first three months of 2022 were the result of cyberattacks.
Phishing, ransomware, and other malware were the top root causes of data compromises.
The health care, financial services, manufacturing/utilities, and professional services sectors experienced the most compromises in the first quarter of 2022.
Phishing is certainly nothing new, but despite efforts in technology and training to curtail it, recent statistics show that there is still work to do. According to the 2021 ITRC study, phishing was the root cause of 33% percent of cyberattack data compromises in 2021, and increased in volume by 40% over 2020.
Phishing can come in many different forms, including text messages (smishing), pop-up windows, phone calls (vishing), social media messages, and even bogus websites. In order to gain the victim’s trust, scammers may impersonate a bank, government agency, well-known retailer, the victim’s boss, or even a family member to trick employees with the goal of luring them to click on a bad link or download a malicious attachment that gives them access to sensitive information.
Though we are in an environment that experienced an unprecedented increase in cyber-attacks and malicious cyber activity, all is not lost. We do have insight into the major threats we are facing and their impacts. There are highly sophisticated tools and strategies that can strive to fight these specific threats, but new threats are surely on their way. As we work to mitigate rising cyberthreats, efforts like company-wide education and the use of anti-virus and email verification software are small steps we can all take to help stem the tide.
For more information on phishing scams and how employees can better protect themselves against phishing attacks, read Phishing Scams Have Evolved—Are You Prepared?
The information provided is intended as general guidance and is not intended to convey any tax, benefits, or legal advice. For information pertaining to your company and its specific facts and needs, please consult your own tax advisor or legal counsel. Links to sources may be to third party sites. We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.