It’s that time of year when the the annual cyber security and cyber crime stats start rolling in from the previous year. The most recent being the 2020 Internet Crime Report issued by the FBI’s Internet Crime Complaint Center.
The annual report includes information from 791,790 complaints of suspected internet crime—an increase of a whopping 69.4% from 2019—and reported losses exceeding $4.2 billion. The top three crimes reported by victims in 2020 were phishing scams, non-payment/non-delivery scams and extortion. It should not come as a surprise to the IndustryWeek audience that ransomware was also a significant factor.
Expert thoughts
Cyber criminals are masterful when it comes to playing on human emotions, explains Vanessa Pegueros, Chief Trust and Security Officer, OneLogin in a statement. “They take advantage of human loneliness, fears around health, and the desperate hopes of quick economic gain,” says Pegueros. “Computers don’t have emotions and are the vehicles by which cyber criminals monetize these human emotions. We need to continue to implement security controls on computers because we will not change our humanness.”
Axiad Chief Operating Officer Jerome Becquart added his thoughts around email phishing and user credentials. “Email phishing remains a growing issue because an organization’s greatest vulnerability is its users. Despite all the efforts businesses make to educate users to identify phishing emails, and the implementation of increasingly smarter email filtering solutions, hackers still find new ways to trick users and get through the system. Most email scams are masquerading as a known email source or colleague within the same organization, which makes the recipient more likely to share sensitive information,” says Becquart, in a statement.
Digital signature of emails should be more widely used to prevent this, as they enable the email recipient to confirm that the sender is authentic and legitimate, explains Becquart. “In our experience at Axiad, implementation of digital signature for e-mails significantly decreased the risk of email phishing, as we know that if an email for a co-worker doesn’t have their digital signature, it is a phishing scam,” he says.
Of course, user credential compromises is not a new issue either. “Passwords are not secure and are an easy target for scammers and hackers, which is one of the reasons credential issues make up over 80% of data breaches. The good news is that we see a lot of organizations moving to a passwordless approach using technologies such as FIDO2 and PKI,” Becquart says. “These technologies are widely available and supported by all the major players, from Microsoft to Google and AWS. These approaches result not only in better security but also better user experience, as passwords are painful to remember, need to be changed frequently, etc. However, it’s important for businesses to deploy passwordless solutions for their various business use cases, as FIDO2 or PKI don’t protect all of your users and devices on their own. By implementing multiple credential solutions, you can protect every identity on your network.“
According to K2 Cyber Security’s Timothy Chiu, the FBI’s 2020 Internet Crime report shows a big jump in complaints about cyber crime. “During this last year, just like everyone else, cyber criminals were working from home, and with the shelter in place and quarantine, they were working harder than ever,” says Chiu. “Cyber criminals generally prefer attacks that are easy and will give them the biggest return. One way to ensure that is to take advantage of trending topics and news. Last year COVID was the news, all the time and unavoidable, making it the obvious choice to use for scams, phishing and malware attacks, as evidenced by the FBI report.”
However, Chiu tells IndustryWeek, he is surprised the personal data breach number wasn’t higher. “It was actually lower than in some prior years. Maybe it’s because we’ve all gotten so used to data breaches and the loss of personal data isn’t something we bother complaining about any more,” he says. “We know though that data breaches do continue to happen, in fact the recent SITA breach was another high profile data breach that lost yet another significant number of personal data records.”
