Lloyds of London, which specializes in risk assessment and insurance, recently published its report on risk for 2013. Cyber-crime has moved up from 12th position in Lloyd’s previous report to the third most significant risk worldwide – and the second most significant risk within the United States. Lloyds speculates that this huge jump may be due to the use of cyber-crime for political or ideological reasons, and to cause disruption, rather than only for financial gain.
Recent large-scale attacks
In 2012, we witnessed a large number of significant cyber-attacks. As examples, the websites for Interpol, the CIA and Boeing were all victims of malicious attacks. The alternative online currency Bit-Coin had its trading floor suspended. LinkedIn, the professional networking website, suffered a mass-theft of user passwords, and the websites of six major US banks were attacked and taken down.
Sources of cyber-risks
An increasing number of companies allow employees to log into their corporate networks using their own devices, including laptops, tablets and smartphones. This phenomenon is sometimes referred to as “bring your own device”, or BYOD, and it poses particular risks. If an employee’s device is compromised, it may put an entire company’s system at risk.
A wide range of apps available in both the Android and Apple markets contain potentially malicious elements – and with phones and tablets featuring built-in microphones, cameras and internet access, BYOD has opened several gateways for serious cyber-attacks.
Weak encryption algorithms, such as MD5, have and will continue to allow breaches. MD5 has allowed hackers to bypass security checks and infect thousands of computers and other devices with malware.
The proliferation of social networking over the last decade has also provided new opportunities for cyber-criminals. Information that cyber-criminals can exploit during attacks is often readily available on networks like LinkedIn, Google+ and Facebook. Even if sensitive details are hidden from anyone who isn’t a direct “contact” on one of these networks, tricking someone into accepting them as a contact is often easy. A convincing-looking profile of a company or professional contemporary can be enough to get a scam running over a social network, allowing sensitive data to get into the wrong hands.
The fast adoption of relatively new technologies like cloud storage and HTML5 are creating further weak links. Cloud storage involves storing your data with a third party online, typically across massive servers. If just one server is compromised, it can mean that tens or even hundreds of thousands of peoples’ data is compromised.
HTML5, a new language for building websites, is being rapidly adopted. However, security considerations for HTML5 web sites are still being discovered. The available protection hasn’t kept pace with cyber-criminals, who continue to discover and exploit new holes.
A report compiled in April 2013 by the Insurance Information Institute specified that
- employee negligence is responsible for 39% of data breaches
- system glitches are responsible for 24% of breaches
- malicious criminal attacks account for 37% of breaches.
For companies, this means that about two-thirds of all cyber-crime incidents are directly preventable.
IT consulting companies that specialize in online security can help businesses prevent data breaches due to negligent employees and system glitches, as well as external system breaches.
As a business, outsourcing your cyber-security needs can reduce labour costs and ensure that you have the most appropriate technology in place. This can boost organizational efficiency, as well as protecting your valuable data and systems from attack.