It’s easy to focus on WHAT people should be doing to prevent themselves from becoming victims of cybercrime, but it’s just as easy to ignore the advice from experts while thinking “nah, that won’t really affect me.”
The thing is, you HAVE to be aware of these threats, and you have to take measures to protect yourself. We’re going to drop the dramatic language here, and focus on breaking the threats down so it’s easier to be more aware of them, and hopefully make it easier to navigate and circumvent a world that has a growing amount of cyber threats.
Breaking Down Cybercrime into Four Distinct Classifications
There are certain types of threats that you can ignore, and certain types of threats that you need to be aware of. Narrowing this down will help put things into perspective. For this exercise, we’re going to assume that you are a business owner, or have some level of agency within your career, and that you also, like everyone else, have a typical life where you need to interface with the world through technology. That should sound like just about anybody who would stumble upon this blog, so with that out of the way, let’s take a look at the cybercrime categories.
Localized Public Cybercrime
This type of cybercrime is typically small-scale stuff, but it tends to affect a lot of people before it is discovered. Here are a few examples:
- Criminals installing credit card skimmers on ATMs and gas pumps.
- Wireless electronic credit card and payment card theft.
- Fraudsters calling local numbers to scam people out of money.
- Legitimate or illegitimate businesses and organizations using unsavory methods to scam customers.
- Planting dangerous thumb drives and other types of devices that deploy malware or cause damage to a system when plugged in.
- Users on public Wi-Fi networks attempting to steal any information they can get their hands on from other users on the same network.
These threats vary as far as what they achieve, from theft to simply causing chaos and senseless destruction of property, but they tend to target individuals and affect those who are already less fortunate.
In particular, Baltimore has seen a rash of local, public cybercrime in the form of credit card skimmers. A recent trend has been going around where criminals are stealing food stamps and cash assistance benefits from Marylanders. These people depend on financial support to feed themselves, and if these benefits are stolen, it turns a dire situation into something far worse.
It’s bad enough that Maryland has issued some information on this type of threat and how to protect yourself.
Everyone should be aware of these types of threats, and just be cognizant of the world around them. It’s getting harder and harder to detect newer credit card skimmers, and criminals can sometimes get away with stealing credit card and payment card info simply by keeping an electronic device in near proximity to it for a few seconds.
There are ways to protect yourself from this—invest in a wallet that blocks RFID signals, carefully check gas pumps and ATMs before using them, change your pin and keep your passwords secure, always use a VPN when traveling, get notifications from your bank whenever you make a transaction, etc. This covers a lot of ground, and while this type of crime isn’t uncommon, it’s usually something that can be caught quickly and fixed, or prevented with a few simple measures.
Localized Targeted Cybercrime
This category is why the general public doesn’t feel as threatened by cybercrime as they should be. They picture hackers as basement-dwelling nerds with an agenda for vengeance. They assume that they haven’t done anything to upset someone who falls into the classification of “generic Hollywood-style hacker” so they don’t need to worry about anything.
That’s the bad news. The good news is that this category is a little more rare than most people actually think it is. It still happens, and business owners need to be aware of it, but generally accounts of this aren’t nearly as popular as all of the other categories. Here are some examples:
- Disgruntled employees (current or former) exploiting credentials and other access to cause chaos or steal from their employer.
- Misuse, negligence, or accidental data loss or theft in the workplace.
- A local novice cybercriminal purchases ransomware to distribute it among a small list of contacts.
While it’s not impossible that a local cybercriminal wants to get into your business and cause harm, it’s just more likely that it’s someone with a little less technical skill who already has the access they need.
Every business should adopt some processes to protect themselves from this, and fortunately it’s pretty easy, and helps protect you from other types of threats at the same time. First, establish a very thorough offboarding process that happens immediately when an employee quits or is fired. Change passwords, block access, and make sure they can’t get into ANYTHING.
Secondly, don’t grant employees access to data and folders they don’t need access to. If you restrict sensitive information and only provide it to those who need it, you will reduce the chances of someone taking advantage of having too much information.
This is the largest threat to Maryland businesses, and we feel that most people don’t quite understand the scope of this type of cybercrime.
The most successful, prevalent cybercriminals treat their work like a business. Sometimes, they even have facilities, employees, and bonus structures. Most likely though, the organizations that focus on mass-producing cybercrime are equally as deplorable, sometimes even “employing” victims of human trafficking. Usually, these “businesses” are overseas, making it a challenge for authorities to detect them and bring them down.
These organizations function in a lot of ways like any other business. They have a process that they continuously optimize. They adapt, and strive to improve performance. They are constantly taking what works and what doesn’t work to get the highest return on their efforts. Here are examples of the types of attacks found in this category:
- Email phishing attacks, especially highly effective targeted phishing.
- Text and phone scams, often impersonating a vendor.
- Distributed Denial of Service (DDoS) attacks.
- Mass distribution of malware, including ransomware.
- Social media scams and phishing attacks.
Most of these attacks are financially motivated, and most of the time, they rely heavily on non-technical scamming in order to infiltrate a network. It’s much easier to trick an employee into surrendering information than it is to try to bypass even the weakest cybersecurity protections, and these attacks are cheap to repeat and require very little skill.
That’s what makes this type of cybercrime so dangerous for businesses. They are effective. They work. The criminals are only getting better and better at doing it.
Worst of all, they give businesses an opportunity to pay them off, which funds their operations. As mentioned before, organizations like these have been known to do other unsavory things, so businesses that pay the ransom often end up contributing to something far worse than they could imagine.
Cyber Warfare and Espionage
This is a whole other level of cyberattack that you might hear about often enough to make you assume your business isn’t a likely target of cybercrime.
This category consists of around 5 percent of all cybercrime. It’s typically funded by a state or some other massive entity, and it typically has a very specific goal. Over the last year, for instance, Russia has utilized cyberattacks to assist with its invasion of Ukraine to disrupt business, commerce, and distribution of medicines, food, and relief supplies.
Experts suggest that it’s only a matter of time before we start seeing more disruptions like this, and entities like the FBI have issued warnings to organizations and businesses to harden cybersecurity protections to prevent issues.
The way we see it, business owners shouldn’t look at cybercrime on such a massive scale. While yes, it’s critical that your business is properly protected, it’s easy to look at yourself and your own organization and think “why on Earth would they target my business.”
The answer is, because they can.
Your business might not even be a target, it might just be in range.
It’s Time for Baltimore Businesses to Take Cybersecurity Seriously
It’s time for a change. It’s time for Maryland businesses to make internal adjustments and invest in the tools and protections needed to not become a headline in the Baltimore Sun. This is akin to the early 2000s when it was stressed that all businesses absolutely require antivirus, except now the stakes are higher, as the criminals realized they could make money and not just cause disruptions.
Fortunately, Dresner Group is here to help. We can harden your network, and help establish processes and best practices that prevent issues. On top of that, we can actively monitor and maintain your entire network to catch threats before they cause an issue. Get started today, before it happens to you. Give us a call at (410) 531-6727.