2020 is shaping up to be a year of uncharted territory when it comes to cybercrime. The emergence of COVID-19, combined with ever growing developments in technology have led to a significant increase in cyber-attacks, posing a major risk to Australian businesses.
Understand how Coronavirus and technology advancements are contributing to a spike in cybercrime, as well as strategies your business can use to mitigate the risk of an attack.
The current cybercrime climate
Cyber-attacks are predicted to become more commonplace, and complex in 2020, according to a report published by McAfee Labs – Intel Security. This trend is predominantly due to advancements in technology systems, which are being misused for malicious activity, with hackers continually unleashing new methods to target and exploit individuals.
Additionally, the Australian Security Intelligence Organisation (ASIO) director-general has warned that the Coronavirus pandemic has given an even greater reason to be on high alert when it comes to cybercrime, with spies and hackers looking to do an increasing amount of harm in the online space. To read more on this, click here.
According to Wotton + Kearney's Kieran Doyle, evidence of this has come to light, through a surge in Coronavirus themed phishing campaigns over several months. Phishing campaigns are a form of fraud, whereby an attacker impersonates a trustworthy entity or person in email, text message or other forms of electronic communication. Attackers use phishing emails to distribute harmful links, which when clicked on, may extract login credentials or other sensitive information from victims' devices.
A key element to mitigating the risk of a cyber-attack is to be aware of emerging trends, and ways through which cyber-criminals are carrying out malicious activities. Given the current climate, this is more important than ever.
Stay one step ahead - The latest cybercrime predictions for 2020
A report conducted by McAfee Labs - Intel Security has released their predictions on the cyber threats that we will face as a society in 2020.
Chief Scientist and McAfee Fellow Raj Samani explained, “Continuing advancements in Artificial Intelligence (AI) and Machine Learning (ML) have led to invaluable technological gains, but threat actors are also learning to leverage AI and ML in increasingly sinister ways…our researchers foresee more threat actors targeting corporate networks to exfiltrate information in two-stage ransomware campaigns”.
1. Deepfake technology to become more commonplace and user-friendly.
Deepfakes are synthetic media in which a person in an existing image or video is replaced with another person’s likeness. It is typically used in film production, whereby a different face is overlaid on an actor in existing footage, but appears to be perfectly in sync with dialogue and movement. However, with deepfake technology becoming more commonplace and user-friendly, comes the threat of less skilled cybercriminals using the software for malicious activity.
How is this a threat to business?
Senior Vice President and Chief Technology Officer at McAfee explains that “Artificial Intelligence (AI) technology has extended the capabilities of producing convincing deepfake videos to less-skilled cybercriminals attempting to manipulate individual and public opinion. AI-driven facial recognition is being used to produce deepfake media capable of fooling humans and machines”. An example of this is facilitating a cyber-criminal’s ability to bypass facial recognition password protected devices.
2. Ransomware attacks on corporate networks are expected to grow, and morph into two-stage extortion campaigns.
Ransomware attacks are a form of cyber-attack, whereby the cyber-criminal gains access to a victim’s sensitive information, e.g. patient records, and then threatens to publish them, or deny the victim access, until a ransom is paid. Ransomware attacks are most commonly performed through Phishing attacks. As explained above, Phishing attacks are emails or text messages which distribute harmful links. When clicked on, these links provide the cyber-criminal access to a victim’s device and sensitive information.
In 2020, Ransomware attacks are predicted to morph into two-stage extortion campaigns. In stage one, cybercriminals deliver a crippling ransomware attack, extorting victims who need their files back. In stage two, criminals target the recovering ransomware victims in a second extortion attack, but this time they threaten to disclose the sensitive data which was stolen.
How could an attack like this affect your business?
An employee at your company might accidentally click on a malicious link in an email that appears to have come from a trustworthy source. When clicked however, the link opens up software in the background that scans their computer for vulnerabilities and downloads malware. This may lead to significant financial losses through extortion, legal liability claims and reputational damage.
Managing the threat
It is clear that the nature and sophistication of Cybercrime continues to grow and it’s no longer a matter of if your business will be targeted, but when.
Relying on the internet for any business activities leaves companies especially vulnerable, no matter how impenetrable your IT systems may seem.
The McAfee Labs 2020 Threats Predictions Report is a real eye opener for threats your business can expect to face in 2020. More importantly however, it underlines the importance of having a well-constructed, comprehensive risk and crisis management plan to insulate your business against the threat.
Key strategies to protect your business
Develop a cyber security strategy that goes beyond IT.
- Take out a Cyber Liability Insurance policy to protect against significant financial losses and the fallout of legal action
- Educate your staff
- Review your current data security strategy
- Develop a data breach risk and crisis management strategy
Protecting yourself with Cyber Insurance:
A cyber insurance policy offers many benefits and can cover you for:
- Financial compensation to recoup costs that result from a security breach - including business interruption, IT recovery costs and regulatory fines.
- Compensation for clients and customers who suffer financially or emotionally as a result of stolen data.
- Forensic investigation costs
- Legal counsel and representation costs.
- The cost of professional consultants to assist in repairing damage to your company's brand and reputation.
Take control away from cyber criminals and ensure Cyber Liability Insurance features in your Insurance program for 2020 and beyond. For a tailored quote and specialist advice, please get in touch with one of our commercial insurance advisors.
To read the full McAfee Labs 2020 Threats Predictions Report - click here.