Cybercrime can be defined as any “criminal activity (such as fraud, theft […]) committed using a computer especially to illegally access, transmit, or manipulate data”.
There is a wide range of individuals or groups who engage in cyber-attacks – known as ‘threat actors’.
- A first category consists of hacktivists – such as ‘Anonymous’ – in other words, actors that are ideologically driven. These hackings are linked to a specific incident and tend to shift according to geopolitical events of the moment. For instance, anti-capitalists would target banks; or ecologists would target companies involved in fracking.
- A second category includes actors that are politically motivated and who therefore operate mostly at a strategic level. These are typically either States or groups with ties to countries (for example, APT28 ‘Fancy Bear’ is reportedly linked to the Russian military intelligence service GRU). They are an increasing threat now in relation to the war in Ukraine.
- Cybercriminals – they are financially motivated and constitute the vast majority of threats.
Hackers can use a variety of tools to conduct their activity, such as:
- Email phishing (either bulk phishing, indiscriminate and used against random targets; or spear phishing, used against a specific target or individual);
- Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) attacks;
- Structured Query Language (SQL) injection exploit, to insert malicious code into a website;
- Credential loggers;
- Banking trojans;
- Custom malware.
It is important to note at this stage that, since the core focus of most hackers is the prospect of financial gain, there is a strong likelihood they will be opportunistic. In other words, they would generally not go for your business for a specific reason.
There are of course instances by which hackers hoping to loot are specifically targeting one business or organisation; it happens, but simply much less.
Cybercrime can include many different types of activity, including ransomware attacks, email and internet fraud, and identity fraud, as well as attempts to steal financial account, credit card or other payment card information.
This issue has become even more apparent as businesses have had to reorganise their workforce and arrange for employees to be able to work from home due to the pandemic. Even though the restrictions subside, hybrid working is still very much present and most likely will continue. The temptation of targeting your business becomes even bigger and this makes it crucial to take the steps to protect your IT infrastructure and implement effective software countermeasures.
Impact on reputation
Cybercrime poses an operational threat to businesses as financial losses are the immediate effect of cyber-hacks. However, these are expected to also have a real and lasting impact on said breached business or organisation’s reputation.
Indeed, companies in the financial sector, for instance, use and update their clients’ data daily for professional purposes, which include sensitive information (personal details, financial information, etc). Cybercriminals, if they were to breach servers of said companies, can access this data. This can have legal repercussions but also can severely impact the reputation of the company being breached. Clients will lose trust and business could therefore be impacted.
A Centrify study from 2017 found that 51% of respondents involved had been the victim of a data breach and 52 % said this had happened more than once. It is worth mentioning that 11% of respondents highlighted that the data breach resulted in a criminal act such as credit card fraud or identity theft. Crucially, the research pointed out these cyber-intrusions had a serious impact on the relationship the consumer has with the organisation, as two-thirds (65%) of respondents say these incidents did cause them to lose trust in the organisation experiencing the data breach. Furthermore, 27% admitted they took steps to terminate their relationship with the breached organisation.
Another example that illustrates the correlation between cyber-criminality and damage to reputation is Aon’s 2021 Global Risk Management Survey, which rated cyber risk and reputation/brand damage the number one and number three risks respectively for UK businesses.
There are regular occurrences of high-profile businesses in the financial services sector which suffer dire consequences from a massive data breach. One example is Capital One, which had a massive breach in its servers in July 2019. The reputational harm this incident caused led to a severe fall in the company’s stock valuation, as well as its ability to keep and attract customers.
In many cases of cyber-attacks, the incident can be prevented, or at the very least the impact mitigated, with the correct security and software measures in place – the primary mistake is thinking that something like this will never happen to you.
At Valorous, one of our mantras is the adage that prevention is better than cure. Effective risk management identifies threats before they become problems. We work collaboratively with our network of specialists to take a deep dive into our clients’ organisations to decipher where breaches can easily occur. Looking at operations from a malicious third-party’s perspective allows us to pinpoint vulnerabilities that may otherwise have been missed by in-house teams, allowing you to implement the correct countermeasures to protect your business.