Understanding the Size of the Threat

Cybercrime: Criminal activity that either targets or uses a computer, a computer network, or a networked device.[1]

Internal fraud: Occurs when a current or former employee steals, alters, or destroys business information (such as customer data) or assets (such as computer software or physical assets) for direct personal gain or indirect gain by assisting other fraudulent actors.[2]

In 2023, cybercrime is predicted to cost the world USD 8 trillion.[3] Additionally, according to the Association of Certified Fraud Examiners, internal fraud generates median losses of $117,000 per case and typically lasts for 12 months.[4]

Phishing victims in 2022: 300,497[5]
Business email compromise losses in 2022: $2.7 billion[5]
Average number of days to discover a breach in 2023: 277[6]
Global average cost of a data breach in 2023: $4.45 million[6]
Percentage of breaches involving external attackers in 2023: 83%[7]

Common Security Threats

Malware: Harmful software designed to gain unauthorized access to devices, networks, and systems. Includes viruses, spyware, ransomware, and adware.

Phishing: Email communications designed to trick the recipient into disclosing sensitive information. Phishing targets large groups. Spearphishing targets specific individuals.

Ransomware: Uses malicious software to encrypt a victim's files, denying them access. The attacker then demands a ransom payment to relinquish control.

Password attack: The attacker cracks or guesses a password to gain access to a company's devices, network, or systems.

Business email compromise: Criminal compromises legitimate business email accounts to conduct fraudulent transfers of funds.

Formjacking: Criminals use malicious code to hack a website form and gather data.

Insider threats: Authorized individuals misuse their access to an organization's assets.

 

Strengthen Your Defenses

Attackers exploit weaknesses in your company's cybersecurity strategies. Here's how to strengthen your defenses:

Conduct risk assessments: Scrutinize all of your business for potential security weaknesses. Document the results and address the weaknesses.

Invest in security: Antivirus, antimalware, firewall, and intrusion detection software can make it harder to breach your security systems and generate alerts if an attacker succeeds.

Provide employee training: Make employees aware of the threats your business faces. Train them on how to detect and respond to threats.

Install software patches and updates: Install patches and updates as soon as possible. Not doing so leaves your organization exposed.

Require complex passwords: Strong passwords that include upper and lower case, numbers and special characters make it more difficult for attackers to crack.

Limit employee data access: Provide employees with the data they need to perform their job. Remove additional access privileges.

Backup your data: Create online and offline backups of your data daily.

Create an incident response plan: Have a plan to follow during an attack. Test the plan frequently, including engaging a third-party firm to evaluate its effectiveness.

Mandate dual control: Require two employees to perform tasks that are prone to fraud, such as sending payments to suppliers.