Cybercrime: the current landscape and how to navigate it

University campuses in 1980s America were a breeding ground for a new type of threat: the cybercriminal. From Fred Cohen who wrote a programme in 1983 while studying at the University of Southern California that seized control of a computer’s operations, to Cornell student Robert Tappan Morris who almost brought down the early internet when he inadvertently executed the first Distributed Denial of Service (DDoS) attack in history - a costly mistake that saw him become the first person convicted under the US Computer Fraud and Abuse Act 1986.

Fast-forward over three decades and the evolution of cybercrime from academic pranks to sophisticated and coordinated assaults on our private data has given rise to the world's biggest criminal growth industry – it is estimated that global cybercrime cost will reach $10.5tn annually by 2025, up from $3tn in 2015. The proliferation of cyber-attacks has been given further traction by the Covid-19 pandemic – and yet most businesses and their customers remain underprepared for this very real threat.

The worst public health crises in modern history presented an opportunity for cybercriminals to cash in on escalating uncertainty amid large-scale remote working, increased online activity and heightened stress levels. So these nefarious opportunists got busy doing what they do best: developing themed attacks to fit new trends and circumvent new controls - and the result has been eye-watering for individuals and businesses alike:

Email scams related to Covid-19 surged 667% in March 2020 alone - when the pandemic blindsided society.

• More than 11,000 UK-government-themed phishing campaigns were taken down in 2020 – over double the 2019 total.
• UK businesses faced a 20% rise in cyber security threats in 2020.
• Web application attacks against UK businesses were up 800% in the first half of 2020.
• Ransomware attacks against UK businesses increased by 20% in the first half of 2020.

The current landscape

From targeted attacks that use Covid-19 as bait to its power to transform the way we work, the pandemic has reshaped the cybersecurity landscape by expanding the amount of virtual ground that needs safeguarding.

Enforced homeworking has precipitated a new flexible working model that has become the norm. Consequently, the number of internet-connected devices is expected to balloon from 31 billion in 2020 to 75 billion in 2025. Not only is this facilitating convenient hybrid working opportunities; it has opened the backdoor to cybercriminals who have a much larger attack surface to target – and social engineering is typically their weapon of choice.

Phishing remains the most common cyber threat faced by businesses in the UK - a trend that has been amplified by the pandemic. For example, the bogus Covid-19 tax refund email directs targets to a fake government website, where they’re prompted to enter their payment information to receive the refund. Having compromised the data, the cybercriminals use it to access the victim’s personal finances. According to a recent survey, 47% of individuals fall for phishing scams while working at home.

Amid the onset of the pandemic, UK businesses were in the firing line of an unprecedented number of cyber-attacks. With resources depleted during this testing period and businesses in full survival mode, many lacked the resources to combat cybercrime in 2021. For example, security controls were not applied to new remote working systems and good practices were overlooked in the rush to achieve homeworking at scale.

The UK government’s Cyber Security Breaches Survey underscores this worrying trend:

• Fewer businesses report having up-to-date malware protection (83% vs. 88% in 2020).
• Fewer businesses have set up network firewalls (78% vs. 83% in 2020).
• Fewer businesses are carrying out security monitoring than in 2020 (down from 40% to 35%).

Perhaps most alarmingly, 84% of businesses say Covid-19 has made no change to the importance they place on cybersecurity.

Fighting back

Benjamin Franklin astutely said: “By failing to prepare, you are preparing to fail” - which rings true when it comes to mitigating the threat of cyber-attacks. Imagine you were a professional boxer: they don’t enter the ring hoping their opponent hasn’t put in the hard yards in training; they prepare for battle meticulously. And that’s exactly what a cyber-attack is: a battle between you and the cybercriminal that has targeted your device or business. If you adopt a laissez-faire approach to this sophisticated threat, you might be dealt a jarring blow as they feint their way behind your defences.

The pandemic has brought the importance of adopting a proactive approach to cybersecurity into sharp focus; one that prevents an attack from happening in the first place. You must not be complacent about cybersecurity. Whether you're a business or a consumer, responding reactively to these sophisticated and constantly evolving threats will restrict you to damage limitation - depriving you of the foresight required to remain resilient. So what should you do?

Businesses

Don’t expose your business to financial loss, reputational damage or legal action by crossing your fingers and hoping you aren’t targeted by a cyberattack; implement measures that preemptively identify security weaknesses, help you keep pace with rapidly evolving threats and add processes to identify attacks before they happen. To achieve this, your business should invest in developing a holistic cybersecurity strategy that establishes proactive and meaningful security controls and culture. This should encompass:

Homeworking

Homeworking has opened multiple new points of entry for cybercriminals, who have identified vulnerabilities in IT systems due to the widening attack surface - thrusting it to the top of the cyber agenda. Essential homeworking cybersecurity practices should include:

• Antivirus protection: Employees using personal computers should be provided with a licence to antivirus and malware software.
• Cybersecurity awareness: Brief employees on best practices to regulate the sending of emails or other content to private email addresses and/or cloud storage.
• Phishing awareness: Brief employees about remaining vigilant when receiving emails and checking the authenticity of the sender’s address.
• Home network security: Employees must ensure their home Wi-Fi is protected by a strong password.
• VPN: Virtual private networks provide an additional layer of protection to internet use from home.
• Identify weak spots: Run tests to identify weaknesses and patch the most critical vulnerabilities immediately - such as vulnerability scanning or penetration testing.
• Frequent reviews: Frequently evaluate cybersecurity risk exposure and determine whether existing controls are robust enough amid evolving threats.
• Renew business continuity and crisis plans: Update business continuity plans and consider cyberattack scenarios.

Consumers

The right strategy must recognise that cybersecurity is not just an IT issue, boards need to consider consumers' awareness and cynicism about how their data is used. Forward-thinking businesses communicate the dangers of cyber threats to their customers by leveraging content marketing channels, creating cyber-focused digital content, using engaging - non-technical - language, leveraging social media and providing step-by-step instructions. Empowered by this information, consumers can be proactive in their approach to cybersecurity.

Culture

Employees are a vital layer in the fight against cyber-attacks. This first line of defence must be invested in cybersecurity for it to be effective - and a positive cybersecurity culture will underpin this. According to the European Union Agency for Cybersecurity (ENISA), the cybersecurity culture of an organisation refers to “the knowledge, beliefs, perceptions, attitudes, assumptions, norms and values of people regarding cybersecurity and how they manifest in people’s behaviour with information technologies.”

A proactive cybersecurity culture is achieved when a business embeds relevant security considerations into employees’ day-to-day actions. Get this right and you will imbue an organic culture that develops from engaged attitudes and behaviours towards cybersecurity.

Clear Treasury

Clear Treasury are experts providing clients with the knowledge and tools they need to operate across borders. Against the backdrop of a global pandemic, this guidance and expertise are more crucial than ever. Our relationship-focused approach achieves long term success and is underpinned by our dedication to excellent customer service.

We understand how technology is at the core of how businesses operate in the modern digitally-enabled world. This has enabled us to develop a technology platform that seamlessly integrates our products and services into your ecosystem - removing the complexity and risk involved in making international payments.

Our knowledge and experience allow us to provide our clients with solutions and guidance that help their business thrive when engaged in international trade, both through our team of experts and our innovative technology - and opening an account to access this specialist service is quick and easy.

You will be assigned a dedicated account manager who can help you to plan and establish a proactive hedging strategy. There’s no “one size fits all” approach to protecting your bottom line from the threat of currency risk. Therefore, a bespoke hedging strategy that aligns with your requirements, commercial context, and risk appetite will allow your business to execute effective solutions that sync with its aims. This dedicated expert can provide guidance and support on tools to track, target or fix exchange rates for currency transfers to hedge against currency risk when making international payments.