Cybersecurity Alert: Cyberattacks on the Rise - No. 1 Challenge Facing Businesses Today
By Hanne-Lore M. Gambrell & Craig S. Horbus on February 12, 2019
Cyberattacks show no sign of slowing down this year. A quick Google search or Google alert provides a daily reminder of the latest attacks and the latest victims around the globe. According to the FBI Internet Crime Complaint Center (IC3)[i], 2018 saw a 47% increase in cyberattacks over 2017, with targeted attacks outnumbering mass campaigns as cybercriminals grow more sophisticated. Most cases involved targeted attacks on companies and their clients, as well as cryptocurrency exchanges and resulted in over $1.5 billion in losses. Ohio ranks in the top ten states by number of victims with over 8,000 individuals and companies impacted by a cyberattack according to the FBI’s annual IC3 report.
It should come as no surprise that C-level executives rank cybersecurity as the no. 1 challenge they face for the third consecutive year, as more than 85% of companies report experiencing a breach in the past three years, according to a recent report from global management consulting firm A.T. Kearny.[ii] However, only 39% of the 400 executives and board members surveyed said their company has fully developed and implemented a cyber defense strategy, the report found, putting them at increased risk for future attacks.
A similar share—37%—said their company has yet to create a cyber defense strategy at all, let alone implement it, the report found. The remaining 24% of executives said their company has developed a strategy, but has yet to fully implement it.
"Given the high stakes—and that executives have long identified cybersecurity as a top challenge for their business—this is a glaring vulnerability," the report stated.
According to the FBI report the hot topics for the upcoming year include the following:
Ransomware is a form of malware targeting both human and technical weaknesses in an effort to make critical data and/or systems inaccessible. Ransomware is delivered through various vectors, including Remote Desktop Protocol, which allows computers to connect to each other across a network, and phishing.
2. Business Email Compromise (BEC)
BEC is a sophisticated scam targeting businesses that often work with foreign suppliers and/or businesses and regularly perform wire transfer payments. The Email Account Compromise (EAC) variation of BEC targets individuals who regularly perform wire transfer payments. BECs may not always be associated with a request for transfer of funds. The FBI notes that the scam has evolved to include the compromise of legitimate business email accounts and fraudulent requests for Personally Identifiable Information or Wage and Tax Statements commonly known as W-2 forms for employees. In 2017/2018, the real estate sector was heavily targeted with many victims reporting losses during real estate transactions.
3. Hacking/Server Attacks
Hacking—exploiting vulnerabilities in software and hardware—is often the first step in an attack. Hackers currently cause the most damage to businesses, governments, banks, and cryptocurrency platforms and can shut down entire operations leaving companies rudderless at sea.
4. Tech Support Fraud
Tech Support Fraud is a widespread scam in which criminals claim to provide customer, security, or technical support in an effort to defraud unwitting individuals and gain access to the individuals’ devices. There are many variations of this scam, and criminals are constantly changing their tactics to continue the fraud. For example, in addition to telephone calls, popup and locked screens, search engine advertising, and URL hijacking/typosquatting, criminals now use phishing emails with malicious links or fraudulent account charges to lure their victims. Criminals also pose as a variety of different security, customer, or technical support representatives and offer to resolve any number of issues, including compromised email, bank accounts, computer viruses, or offer to assist with software license renewal.
In light of so many recent cyberattack events, we cannot stress how important it is for our clients to maintain best practices when it comes to data privacy and cybersecurity. An ounce of prevention is worth a pound of cure when it comes to data privacy and cyber security in today’s technology landscape.
Brouse McDowell is here to help our clients navigate these tricky waters. We offer legal services related to data privacy and cybersecurity, including pre-breach and cybersecurity planning, cybersecurity and data privacy transactional services, data regulatory compliance, breach response and disclosure obligation services, cyber liability insurance review, and any related litigation issues regarding cybersecurity and data breaches (investigation, defense, insurance recovery and response). Contact us for more information.
[i]Federal Bureau of Investigation Internet Crime Compliant Center (IC3). www.ic3.gov/media/annualreports.aspx
[ii]DeNisco Rayome, Alison “Cybersecurity no. 1 challenge for CXOs, but only 39% have a defense strategy,” October 29, 2018. www.techrepublic.com/article/cybersecurity-no-1-challenge-for-cxos-but-only-39-have-a-defense-strategy/.