Cybercrime: Is your business doing enough to protect against this escalating risk?

24 March 2021

Cybercrime has surged during the COVID-19 pandemic. Organisations across the world are increasingly being targeted by cybercriminals looking to exploit the disruption and disinformation that has been abundant during this period. The organisation, its clients and its people are all at risk of financial loss and reputational damage.

  • Cybercrime and fraud represent a large proportion of all crime in many countries.
  • Organisations are more likely to suffer cybercrime and fraud than many other types of crime.
  • A high proportion of all organisations suffer cybercrime breaches each year.

In Australia, the Australian Cyber Security Centre receives one report of cybercrime every 10 minutes and estimates that financial losses to cybercrime exceed $300 million each year [1]. Unfortunately, small and medium sized businesses are most exposed.

Many organisations have responded to this threat, but many are struggling with knowing where to target their limited resources and budget to make a realistic improvement in their resilience to a rapidly evolving threat.

The nature of the problem

Cybercrime attacks are profitable. Cybercriminals think an anxious population, vulnerable people at the highest risk, and the proliferation of disinformation on social media represents a good opportunity to defraud.

Phishing and ransomware attacks have increased, and this has been compounded by organisations setting up new ways of remote working at a pace which does not always allow effective cyber security arrangements to be put in place. The World Economic Forum said, "New working patterns leading to cyberattacks and data fraud are the most likely technological fallout risk for the world (from COVID-19)".

Many organisations have sought to rely on outsourcing their technology or operational needs, however, some organisations don’t have an adequate level of visibility over their third-party suppliers of technology-related services. Very few have enough knowledge to assess whether they are properly protected or not.

Some basic steps to protect yourself against cyber threats include using strong passwords, updating software, avoiding suspicious links and using a VPN (Virtual Private Network). For many, the landscape of cyber protection strategies gets complex quickly.

Four steps your organisation can take to protect itself

1. Understand your cybercrime vulnerability

Do you know how susceptible your organisation is to cybercrime? Have you identified your areas of weakness and biggest threat? Using a tool such as Crowe’s Cybercrime Vulnerability Scorecard can help you understand your organisation’s cyber vulnerability and identify the steps necessary to strengthen it.

2. Undertake an external vulnerability assessment

Have you assessed your domains to see if your emails can be spoofed? Do you have out of date, unsupported software, open ports which can be hacked, known vulnerabilities which haven’t been resolved, previously exploited ransomware vulnerabilities, self-signed or expired security certificates and domain registration problems?

If you understand the risks, you can better protect yourself against them.

3. Undertake an internal vulnerability assessment

Have you assessed your network for weaknesses? Do you conduct regular penetration testing to identify (but not exploit) vulnerabilities?

4. Scan the Dark Web

A lot of cybercrime is organised and planned on the dark web. Have you assessed your exposure on the dark web (the part of the web which cannot be searched using normal search engines) for compromised emails and passwords available for sale?

Cybercrime will continue to grow. and organisations need to be vigilant and not become complacent.

Take the first step to protect your business. Contact our cybercrime team today to learn more about Crowe’s Cybercrime risk assessment and protection services.

[1] https://www.cyber.gov.au/sites/default/files/2020-07/ACSC%20Small%20Business%20Survey%20Report.pdf