Back to Blog

Organised and disorganised cybercrime

Post by |

The guys

When thinking about cybercrime, many imagine a loan teenager sat in their bedroom 'hacking' into a corporate network to steal their millions, or their intellectual property. Whilst this is often true, it is not the whole truth.

Disorganised crime

There are many reasons that an individual may target a company. Ranging from revenge (for poor customer service or being sacked) through to doing it for the 'lulz' (slang for 'a laugh'). It could be a loan 'hacktivist' who sees you as a legitimate target as you oppose their ideology or outlook on life. These 'loan wolves' also attack companies to build their reputation amongst their peers – you simply become another 'notch on the bedpost'. We should also not forget the 'insider threat' where the people we have trusted have access to systems, and sadly abuse that trust by intentionally stealing your clients or your money.

Organised crime

But it is not just the loan wolves we need to be aware of. Traditional organised crime gangs are, like most organisations going online. Online fraud increased by 48% in 2015, demonstrating that organised criminals are capitalising on the borderless nature of the Internet. It was reported by the 2013 Europol Serious & Organized Threat Assessment, the "Total Global Impact of cyberCrime [has risen to] US $3 Trillion, making it more profitable than the global trade in marijuana, cocaine and heroin combined".

Organised criminals have seen the benefit of 'steal a little from more'. As Professor David Wall (Leeds Becket University) states "Steal £1million from a bank, you'll be chased by every law enforcement agency in the world. But steal £1 from 1 million people – and no one will come looking for you."

What can we do?

There are many things we can do to decrease the chances of being a victim of cybercrime, and only a few of these are directly related to 'hardening' the computer system itself. Here are a few ideas you should consider/discuss/implement.

  • Cybercrime is carried out by people. It's a people problem. Not a technology problem.
  • When recruiting staff, follow up on references and carry out appropriate background checks.
  • Speak to your IT department and ask them to conduct a review of 'Access Rights' across your systems. Does everyone have the right access to the right information? Ask them who has 'highest privileges' on the systems and check that passwords for this level of access is strong (and changed regularly).
  • Have a process between IT and HR, so that when people change roles, their access rights are updated appropriately.
  • Develop a 'cyber Awareness' education programme which can include training your staff to be on the lookout for 'suspicious' emails and 'Think before you click'. But explain how important this is for them personally too.
  • Encourage your staff to raise their own security. When was the last time they reviewed their own DirectDebits in their own accounts? Make security, personal.
  • Speak to your IT vendors (software, or Cloud) and ask them what protection they have in place to protect against 'Malware' or 'DDoS' attacks). Ask them about backup processes and test that backups are happening as they should.

Crime, disorganised or organised is a fact of life. But there are simple steps we can take. We need to be vigilant personally and professionally. The majority of cybercriminals are 'opportunistic' – they're looking for an open window, low awareness. Don't let them in. Be pro-active, not re-active.

About the Author:

Gary Hibberd was appointed as Managing Director of Agenci back in 2012. Gary’s passion for all things cyber was sparked in 1985 when he began his career as a programmer. As a result of that passion Gary went on to become a renowned expert on ISO 27001 and GDPR. Today, Gary is a passionate practitioner and regular speaker on cyber security.

Gary speaks across the Globe to both large and small business as well as private and public organisations. He loves to engage the next generation of cyber experts speaking in schools, colleges and universities. As part of his busy life Gary has authored books on cyber security and business continuity as well as contributing to government initiatives on cyber security and counter terrorism. If that wasn’t enough in his personal life Gary is an avid obstacle race participant and fitness fanatic. Gary can count the Worlds Longest Obstacle race amongst his many personal achievements.

| See all our contributors
Back to Blog