20 April 2020

Cybercrime

If you think of a traditional robbery or at a physical intrusion in a company for industrial espionage, you are probably thinking at old ways to commit crimes.

Physical presence carries a much greater risk than a criminal conduct perpetrated through the digital means.

That is why crime is changing and Cybercrime becomes more and more predominant.

 

Covid and Cybercrime

Due to the pandemic caused by the Corona Virus, the population has to observe measures of social distancing, companies must encourage the use of smart working and there has been a general increase of online services‘ demand.

Enterprises and people are far more exposed to cyber-attacks than before.

Just few days ago hackers attacked important hospitals in Italy, Spain and Czech Republic.

Europol reports an increase in cyber-criminal activity due to the increased digital exposure of these days. The Spanish cyber security agency has launched a campaign called # CiberCOVID19 to raise awareness on Cybersecurity. Spanish Police reports a 70% increase of internet frauds, something that is happening all over Europe.

 

Cybercrime affects everyone

When we talk about cybercrime, we think it will only concern large companies. This isn’t correct. Big companies relies on a defensive chain made of IT security team, infrastructure and internal policies. While SMEs or private citizens are more exposed and less proactive in protecting their assets.

Cybercrime can strike in countless ways. Its main danger are the invisible threats together with too little digital hygiene not performed by people and workers.

 

What are the most dangerous attacks?

Some of the most dangerous attacks are Ransomware, the Man In The Middle and Phishing. These ones are just a few examples when countless other attack modes exist.

 

  • Ransomware can affect companies and individuals paralyzing their activity. A malicious code encrypts the data on a device asking for a ransom to unlock it.

 

  • The Man In The Middle attack, means having a hacker intercepting email communications. In this way they can modify IBAN codes and intercept payments.

 

  • Phishing, is an attack method that involves deception of the user. User believes he is interfacing with a specific subject, for example a bank, but in reality he is interacting with criminals who attempt to steal codes or in any case information capable to cause economical damage.

 

Sophisticated attacks

Attacks can be incredibly sophisticated. Social engineering means combining different attack techniques by studying in detail the activity of the person or entity to attack. This is in order to make the attack effective and, malicious communications, really trustworthy.

 

How to defend yourself

First rule is to apply digital hygiene rules.

Digital space must be seen as a physical space. Would you let a stranger to enter your office or home? The same rule must be applied to the digital space. The only thing that changes is that in the digital world the threat is almost invisible.

Digital hygiene is the first and one of the most important part of the cybersecurity chain.

An example? In mananging your own emails you should neither open any attachment nor click on links if you aren’t  sure of the origin of the message. You should do a careful check of the sender. Is the sender the real sender? In addition you should ask yourself if the e-mail content is something reasonable to receive or not.

 

Cyber ​​security and policy

This is just a small example. Employers must train their Employees. Employees must comply with the safety guidelines prepared by the company. The guidelines must also be adapted to the new smart working needs.

Employees must interface with the company through VPNs and using secure corporate devices.

It is necessary a clear back up activity in order to promptly restore any data in case of cyber-attack or crush.

It is appropriate to have an insurance covering Cyber ​​Risks.

 

Cyber ​​security as a duty

Cyber ​​security is not only a matter of opportunity and protection but it is also a duty. Whoever manages the data has a duty to protect according to the GDPR provisions.

 

In the event of a cyber attack

In the event of a cyber attack, it will be necessary have a prompt response having an IT, legal and investigative plan already set.

To prevent  is better than to cure in a world, the digital one, where a single click can be fatal.

® Euroleges