Cyber crime set to increase in frequency and sophistication

Cyber risk is constantly evolving; attacks are growing in sophistication and frequency. This is evidenced by recent large-scale hacks such as that suffered by UK broadband and telecoms supplier TalkTalk. The new cyber risk landscape has seen also seen an increase of crime from organised criminal gangs are becoming more ambitious.

The key to addressing the risk successfully is appreciating that there are different levels of cyber crimes being committed. Along with the high-profile attacks on large companies, there are small attacks that target individual citizens – all of which pose a serious risk to brand and business.

“Cyber-attacks are becoming far less scatter-gun in approach and are now highly targeted,” says Stuart Poole-Robb chief executive at KCS Group.

“Often, months of social engineering, largely internet-based research on a specific target, is used to prepare for a ‘spear phishing’ attack. Sometimes these use email addresses that are virtually indistinguishable from that of a trusted executive; they may comprise detailed personal information, making the message appear even more genuine.

“Frequently the false communications chain will result in a member of staff divulging security information or making a bank payment to a new account. Sometimes, all the unsuspecting target need do is click on an attachment to open up the entire corporate network to the latest malware, compromising all its confidential data and leaving its financial assets at the disposal of the organised criminal gangs.

“Often, these spear phishing attacks take place late on Friday afternoons when staff are often tired and rushing to get away for the weekend.”

The overall trend feels like Moore’s Law, according to Xavier Verhaeghe vice-president technology solutions EMEA at Oracle. “There is a continuous growth in information and cyber risks, and organisations and individuals try to balance the need for privacy and usability with the overall risk of information theft,” he says.

The risk is driven by firms’ increasing reliance on technology as they become more aware of the potential of being better connected and making more use of data. As operations become more sophisticated, so too do their vulnerabilities – especially now that hackers are prepared to invest serious time and money in order to succeed.

Many experts believe that over the next few years cyber attacks will increase in number, sophistication and specialisation.

“Essentially, it’s a low-risk crime with a low risk of getting caught,” says Vincent Hinderer cybercrime expert at CERT-Lexsi.

“It’s a very appealing area of criminality and we are seeing more and more criminals getting involved, from teenagers through to older, experienced lawbreakers.

“Criminals are specialising in particular areas and offer their services on a consultancy basis to other criminals and this allows relatively inexperienced criminals access to a high level of expertise,” he says.

“For example, we are still seeing attacks that leverage email but these are becoming more sophisticated with a greater degree of personalisation. Criminals are getting better at social engineering; being more believable and finding new ways to get people to click on links or open the attachments that will expose them to Malware.”

This type of attack is made easier because there is much more data now available about people in an open source format online, and criminals can use things like social media profiles to find out about those they are targeting.

“Like the firms they target they have become marketing experts,” says Hinderer.

“They learn from experience which type of scams work, and which don’t, and make their plans accordingly.”