Cybercrime threatens every single organization and individual. No business and no individual is immune or invulnerable, we all must evaluate the threats. Protection starts with understanding the three priority cybercrime threats, and then reducing the risks. The three cybercrimes to know are
- Data breach
- Ransomware, and
- Email based funds transfer frauds (also known as CEO fraud, or business email compromise, BEC).
Attacks can disable operations and cause serious harms that are costly, time consuming, and stressful. Organizations and individuals can take steps to reduce their risks, and many of these steps are no more burdensome than putting on a seatbelt when getting in a car, a helmet before riding a bike, or the routine maintenance we do to protect our homes and automobiles.
Here is a brief description of the three priority cybercrime threats to know and plan against:
A data breach is an unauthorized access to confidential data. A cybercriminal that breaks into an email account, network, or stored data. This breach can have many negative effects, require notification to government and affected parties, damage reputation, and more. There are many ways a cybercriminal can breach an information system to access and steal data.
Ransomware locks computer systems making them unusable. The cybercriminal uses malware and encryption to encode data and then extorts the victim to pay a significant ransom to try regain access to systems and data. Business disruption can be immense, reputational harm follows, and organizations need to evaluate if a data breach occurred.
Email based funds transfer frauds
Cybercriminals steal funds large and small through their clever abuse of email communication. This can create fiscal devastation. Large payments can be diverted and stolen. The funds may never be recovered, are not insured, and litigation and other disruption ensue. This fraud is sometimes called CEO or CxO) fraud (when executives are impersonated to engineer a funds transfer) or business email compromise (BEC) when businesses are impersonated to engineer a fraudulent transfer. Criminals use many techniques to attempt and succeed with these frauds. Organizations need to evaluate if email systems were accessed, and if a data breach occurred.
The way to protect against these three priority cybercrimes is through good cybersecurity, and that starts with knowledge and proceeds through effective steps and good decisions to plan, protect, and prevent cybercrime. This can start with my Four Pillars of Cybersecurity. Organizations and individuals can evaluate their risks and plan for continual improvement.
Organizations and individuals may have legal duties to protect against these crimes, and to properly investigate and report after they occur. Some laws essentially require reasonable cybersecurity to protect personal information, and require organizations to properly investigate and report to the government and affected parties after a data breach.
I provide more details on each of the crimes and how to protect against them in the links below.
My usual disclaimers apply, this is generalized information and is not legal or consulting advice.
Additional reading and resources
More information on the three priority cybercrime threats:
This article is also hosted at my website at https://johnbandler.com/priority-cybercrime-threats/ where I also include more links for additional reading, and it may be more current and with improved formatting.
Copyright John Bandler all rights reserved.
Posted to Medium on 7/24/2022 based on my earlier article. Last updated on 7/24/2022.