Cyber security threats affect every industry. In this article we share our insights about business vulnerability, types of cyber crime and what you can do to prevent being a victim of cyber-attack.
How vulnerable are different industries to cyber attacks?
First things first, there is no such thing as 100 per cent security for businesses. With this in mind, the key question is whether some industries or organisations are disproportionately more prone to vicious attacks than others.
"In the past we would have said that banks, health care, insurance and government services are prime targets. This was for various reasons - whether it be financial, political or other gains. Nowadays though, all organisations and even individuals are vulnerable to attacks," Simon suggested.
This is because of the way organised crime has become interconnected with cyber crime, inevitably shifting areas of focus and scope.The different ways businesses are being attacked invariably has led to individuals as well as groups offering cyber crime as a service.
"You can hire people to effectively work Monday to Friday, much like your usual 9 to 5 gig, to perform cyber attacks for you. They will have you sign contracts and even provide money-back guarantees in some cases," Simon elaborated.
What are the differences in cyber crimes?
In terms of differentiating between the crimes, Simon said it's less about the various approaches to a specific crime and more about the attackers behind the operation. As such, we can put cyber crime attackers into - very broadly speaking - four main categories:
1. Nation-sponsored attackers
Where the news is full of fixing election outcomes - for example the recent allegations against the Russians in the U.S. election - this is just one aspect of nation to nation attacks.
"One hears of Chinese-sponsored attempts to gain military information, but it's easy to look at nation-funded endeavours to steal intellectual property for technological areas of interest for them," Simon said about the complexity of this type of attacks.
Of course, these crimes are not solely nation to nation, but are often targeted at private enterprises with valuable information.
2. Organised cyber criminals
Simon calls these criminals the mafia of cyber activity who run a lucrative business with crime.
"As part of a highly organised operation, cyber crime is just another revenue stream in this case. It is a much cleaner way of making money as you avoid drug trafficking, protection and other traditional crimes like robberies."
3. Script kiddie
As the term suggests, Simon describes these attackers as the typical teenager, sitting at home in their room with loud music on. The thing about them is that they're not really into crime but the prestige that comes from the ability to break into something usually off-limits.
"They have sites where they compete with others, where peer-to-peer recognition is the main motivator. Of course they can do damage, yet this isn't the key driver for the script kiddies," Simon highlighted.
4. Insider threats
Organisations might also be affected by resentful ex-employees who are looking to get back at them. Similarly, current staff who - through negligence or ignorance - compromise their organisation's security can pose a major risk to businesses.
What does this mean for you?
By nature, larger organisations that have been targeted by cyber crime for some time now have built significant defences and proactively monitor their networks. However, if you function as a small to medium enterprise (SME), there is a chance that you have limited resources available to dedicate towards security.
As a consequence of limited security, businesses need to not only be aware of the potential threats but willing to move beyond the paralysis we've seen so far. The time to take action and improve cyber security is now, before an attack rather than after.