The new cyber threat landscape

The Covid-19 pandemic has seen an increase in actively by both cyberattackers and fraudsters, as Liz Booth reports

Google recent cyberattacks and there is a frightening list of victims, from Spanish railway systems to technology company Garmin and beyond.

Since the Covid-19 pandemic started and most of us switched to remote working, cyberattackers appear to have changed their modus operandi, deliberately targeting small businesses and new home workers in particular – both groups that include many financial advisers.

There is some good news, however. The Hiscox Cyber Readiness Report 2020 shows that financial services were in the top three in terms of organisations that were most likely to be prepared to fend off an attack.

However, the cost of failure is high. The report reveals: “One in six of those attacked were held to ransom, with costly consequences. The highest loss involving ransomware topped $50m (£39m) for one unlucky organisation

“Some of the largest losses were seen in the UK market, including one UK financial services firm that was hit by total losses of $87.9m (£68m). The largest loss from a single cyber event also fell on UK soil, costing the professional services company in question a cool $15.8m (£12.2m).”  

Homeworking vulnerabilities

And the risks have become that much higher courtesy of Covid-19. Jesus Mantas, an IBM executive, has been widely quoted in the past couple of weeks after he pointed to “a 6,000% increase in Covid-19-related spam” at the height of the pandemic.

In February this year, even before the pandemic hit the UK and lockdowns began, research by cybersecurity company, OGL Computer, revealed that the vast majority of UK SMEs (81%) confirmed that they had suffered a data breach or cyberattack, with a considerable two in five (37%) admitting they had suffered multiple breaches.

The report stated, referring to the financial sector specifically: “The threats facing organisations working directly and indirectly with the finance sector go far beyond simple theft. Cyber threats facing banks, insurance companies, asset managers and similar organisations range from basic consumer-grade malware all the way up to highly targeted attacks from organised criminals and state-sponsored actors. Financial service providers are a hacker’s favourite, given the nature of the private information held by those organisations.”

Roll onto the pandemic and it has quickly become apparent that these same sectors are being targeted by hackers eager to take advantage of changes in working practices. The Organisation for Economic Co-operation and Development warns that the digital security risk is increasing as malicious actors take advantage of the Covid-19 pandemic. Coronavirus-related scams and phishing campaigns are on the increase.

In a particularly low blow, it says there are also cases of ransomware and distributed denial of service (DDoS) attacks targeting hospitals – something echoed by the World Health Organisation, which reports a 5000% increase in attacks against the organisation.

So, when global organisations are reporting such problems, what can small businesses do to protect themselves? The OECD suggests:

• Individuals and businesses should exercise caution when they receive coronavirus-related communications and use appropriate digital security ‘hygiene’ measures (such as patching, the use of strong and different passwords, and regular backups).
• Treat with caution all communication related to the coronavirus crisis, even indirectly (such as via teleworking tools) including emails, messages on social media, links, attachments and SMS.
• Keep computers, smartphones and other devices up to date with recent security patches.
• Regularly back up content, especially important data.

Meanwhile, governments and other stakeholders are encouraged to raise awareness on the increasing digital security risk related to Covid-19, in particular regarding phishing campaigns, ransomware and DDoS attacks.  

Fraud

But this is not just about cyberattacks. Criminals are using every tool at their disposal, with hacking into company systems also increasing.

PwC recently released some alarming stats on this. For its Global Economic Crime and Fraud survey, it quizzed more than 5,000 respondents across 99 territories about their experience of fraud in the past 24 months. Questions included: whether they’d been hit by fraud, how many times, what tye, and what they had done to prevent it happening again.

Nearly half of those surveyed had suffered at least one fraud – with an average of six per company. The most common types were customer fraud, cybercrime and asset misappropriation. And there was a roughly even split between frauds committed by internal and external perpetrators, at almost 40% each – with the rest being mostly collusion between the two.

A spokesperson for PwC warns: “The total cost of these crimes? An eye-watering $42bn (£32.5bn). That is cash taken straight off companies’ bottom lines. And 13% of those that had experienced a fraud said they had lost $50m-plus.”

Financial crime comes in many guises and it proliferates across segments, sectors and geographies, according to the Payments Industry Intelligence 2020 Fraud and Financial Crime Report.

It says: “Theft, fraud, deception, corruption, money laundering… the possibilities for making and moving money illicitly are seemingly vast, often with low risk and high returns for the perpetrators. While financial crime can be committed on a small scale purely by ill-intentioned individuals, it more often extends to large-scale, highly organised operations. “These larger networks can span international borders, often with close connections to violent crime and even terrorism. Financial crime is everyone’s problem. A recent survey by Refinitiv revealed that 47% of organisations across a variety of sectors had pinpointed financial crime in their global operations in the last 12 months.”

In the US, SecurityBoulevard reports that according to data analysed by Atlas VPN, financial fraud complaints in the US jumped by more than 104% in Q1 2020, compared to Q1 2019.

In 2020 Q1, the largest increase was in loan or lease frauds, with a 116% growth in the number of reports. From Q1 2015 to Q1 2020, the number of financial fraud reports surged by 434%.

Closer to home, Experian reports in the UK: “Fraudsters targeted a myriad of financial products in April, including current and savings accounts, as the UK entered lockdown due to the Covid-19 pandemic, new analysis reveals. “Data from Experian and the National Hunter Fraud Prevention Service shows a rise in fraud rates, with criminals looking to take advantage of the disruption to both businesses and their customers brought about by the outbreak.

“Across all financial products, fraud rates rose by 33% in April, when compared with previous monthly averages. The largest increase was in car and other asset finance applications, which saw a rise of 181%, followed by current accounts (35%) and then saving accounts (28%). Fraudulent credit card applications (17%) and unsecured loans (10%) also went up.”  

Liz Booth is contributing editor to the PFP