Cybercrime Challenges and Risks
Over the past the past several years there has been a significant advance in cyber risk assessment maturity, to help thwart cybercrime. There has been wide recognition that security and risk frameworks provide an excellent process for assessing risk. Increasingly, boards have been asking for quantitative measures of cyber risk, similar to what other areas in the organization have been doing for a long time, such as measuring the financial impact of the risks.
To understand the areas at risk for cybercrime an organization needs to assess their risk areas. To help with this process in May 2017 the Federal Financial Institutions Examination Council (FFIEC) issued a cyber security assessment tool. The tool includes completing an inherent risk profile for the organization which covers five areas:
- Technologies and connection types,
- Online/mobile products and technology services,
- Delivery channels,
- Organizational characteristics, and
- External threats.
Some of the activities that understanding and assessing your level of risk can protect against include; cyberterrorism, cyberextortion, financial fraud crimes, and cyberwarfare.
Cyberterrorism can be defined as an act of terrorism committed through the use of cyberspace or computer resources. As such, a simple propaganda piece on the Internet that there will be bomb attacks during the holidays can be considered cyberterrorism. Also, hacking activities directed towards individuals or banks, that are organized by groups within networks, and tend to cause fear among people, demonstrate power, or collect information to hurt individuals or groups.
Cyberextortion occurs when a website, e-mail server, or computer system is subjected to or threatened with repeated denial of service, or other attacks like holding a computer or computers for ransom, by malicious hackers. These bad actors demand money in return for promising to stop the attacks, releasing the computer or computers from the malware the hackers infected them with and to offer protection. Cybercrime extortionists are increasingly attacking corporate websites and networks, crippling their ability to operate and demanding payments to restore their service.
Financial fraud crimes include any dishonest misrepresentation of fact intended to let another to do something which causes loss. In this context, the fraud will result in obtaining a benefit by altering data in an unauthorized way. This requires little technical expertise and is a common form of theft by employees altering the data before entry or entering false data, or by entering unauthorized instructions or using unauthorized processes. Altering, destroying, suppressing, or stealing output, usually to conceal unauthorized transactions. Crimes that can have a big impact on financial institutions are the selling of credit card information, bank account and other personal information online, bank fraud, identity theft, and the theft of customer confidential information.
As long as we continue to use computers and the Internet we are at risk of; computer viruses, denial-of-service attacks, malware, spam, phishing scams, fraud and identity theft.