Staying Safe and Secure
Cybercrime: Cybercrime is any illegal activity carried out using computers or the internet.[1]
External fraud: This includes fraud committed against an organization from the outside, be it by a vendor, customer, competitor or criminal.[2]
Internal fraud: This occurs when an employee, manager or executive of an organization deceives the organization itself.[3]
The FBI reported a 10% increase in cybercrime reports in 2023 and a 22% increase in losses, the total exceeding $12.5 billion.[4] For its part, internal fraud generates median losses of $145,000 per case and typically lasts for 12 months.[5]
Phishing victims in 2023: 298,878[6]
Business email compromise losses in 2023: $2.9 billion[6]
Average number of days to discover a breach in 2023: 258[7]
Global average cost of a data breach in 2023: $4.88 million[7]
Percentage of breaches involving external attackers in 2023: 65%[8]
Percentage of breaches involving internal attackers in 2023: 35%[8]
Common Security Threats
 Business Email Compromise Criminals compromise legitimate business email accounts to instruct other “good” employees to take actions that result in fraudulent transfers of funds. |
 Malware Harmful software designed to gain unauthorized access to devices, networks, and systems. Includes viruses, spyware, ransomware, and adware. |
 Phishing Email communications designed to trick the recipient into disclosing sensitive information. Phishing targets large groups. Spearphishing targets specific individuals. |
 Ransomware Malicious software is used to encrypt a victim's files, denying them access. The attacker then demands a ransom payment to relinquish control. |
 Password Attack The attacker cracks, guesses, or social engineers a user’s password to gain access to a company's devices, network, or systems. |
 Formjacking Criminals use malicious code to hack a website form and gather data. |
 Insider Threats Authorized individuals misuse their access to an organization's assets or make mistakes that create vulnerabilities. |
 The Rise of Generative AI Criminals have access to generative AI and have started using it to create phishing emails, deepfakes, malicious code, fake websites, and counterfeit documentation, among other innovative uses. |
Strengthen Your Defenses
Attackers exploit weaknesses in your company's cybersecurity strategies. Here's how to strengthen your defenses:
Invest in security: Antivirus, antimalware, firewall, and intrusion detection software can make it harder to breach your security systems and generate alerts if an attacker succeeds.
Provide employee training: Educate employees on the threats your business faces and train them on how to detect and respond to threats. Update your training to include schemes facilitated by Generative AI, such as deepfakes and automated social engineering attacks.
Install software patches and updates: Install patches and updates as soon as possible. Not doing so leaves your organization exposed.
Require multi-factor authentication: Require users to verify their identity in more than one way, using a strong password and a code sent to their phone, for example.
Limit employee data access: Provide employees with the data they need to perform their jobs and remove additional access privileges. Review access for all users at least twice a year.
Backup your data: Create online and offline backups of your data daily.
Create an incident response plan: Have a plan to follow during an attack. Test the plan frequently, including engaging a third-party firm to evaluate its effectiveness.
Monitor & Alert for Fraud: Pay close attention to emerging fraud schemes involving AI. Continually revisit the effectiveness of your policies, procedures, and technology in combatting the threat and establish an alert system to help identify anomalous activity.
Mandate dual control: Require two employees to perform tasks prone to fraud, such as sending payments to suppliers.
Conduct risk assessments: Scrutinize all of your business for potential security weaknesses. Document the results and address the weaknesses.
