Back in late 2016, we reported that cybercrime rings were “growing up” by way of becoming more organized—even beginning to collaborate with each other. That year, cybercriminals set a record for the number of successful and attempted data breaches in the history of the internet—which they then broke in each succeeding year.
By now, many of these operations are all the way grown—and have seemingly shifted their focus away from individual consumer targets and onto corporate ones—which is terrible news for unsuspecting businesses in a wide variety of industries around the world.
Your business is a big target no matter its size
Cybercriminals have developed many tried and true tactics for taking down both large and small networks, swiftly commandeering user accounts, and stealing real money. And the rise of the Dark Web allows them to sell these nefarious services to others.
Of course, while new threats emerge all the time, this rising “professionalism” in the world of cybercrime has meant that scam attempts and other cyber wrongdoing routinely take the same forms—which are still unfortunately effective.
What is Cybercrime?
The term "cybercrime" can be confusing. It has been used to describe anything from a single individual impersonating another person online for modest financial gains to acts of terrorism committed by hostile nations.
Essentially, it’s any crime that utilizes networking technology as a tool—and it can take innumerable forms. However, fraud is the most common type of cybercrime, so it’s critical to keep alert for scams that may start with an innocent-seeming email and quickly ramp up to you being locked out of your own network thanks to ransomware.
Current Cybercrime Terms and Tactics You Need to Recognize
One of the most frustrating things about cybercrime is that it's often multi-dimensional—in other words, cybercriminals may employ multiple tactics in the course of one attack on your business. The end goal, however, is usually theft, though your company’s reputation may be irreparably damaged in the process, as well.
We often think of identity theft as a consumer problem, such as when someone obtains our personal credit card number and then makes unauthorized purchases with it. This can also happen to your corporate card accounts, of course, but your entire business’s identity might also be stolen and used to defraud others—including your customers and business partners like vendors and suppliers.
What a nightmare, right?
As we’ve discussed here on the blog in the past, a popular consumer-facing scam involves requests to reset website account passwords and other phishing emails sent to consumers from criminals impersonating legitimate companies' customer support teams. These companies may be targeted for any number of reasons—and it’s usually a while before they realize that someone is impersonating them and can make attempts to contain the crisis.
Unfortunately, a side effect of this enterprise-level identity theft is that even those who didn’t fall for the scam tend to mistrust the victimized business afterward—and whether the company successfully stopped the identity theft or contained the crisis responsibly doesn’t seem to matter.
Social Engineering & Phishing
Following on the idea of your company’s good name and image being used by criminals to steal from consumers and/or your business associates, social engineering scams connected to phishing activities can use your employees' willingness to be helpful as a weapon against their own company. This type of fraud usually takes the form of something called "spear phishing."
Spear phishing begins as an email that looks like a real request from someone in your company, a vendor, or an unsuspecting employee’s manager, for instance. This message, sent from an address that has been spoofed to look like a different person is the sender, is specifically aimed at an individual or department within an organization.
While it appears to be from a trusted source, it is actually from cybercriminals attempting to steal confidential information, and usually has a malicious file attached (that may look like an invoice or other important business documents). Often that file is actually malware, and more often than not in recent years, ransomware.
Antivirus software developer Malwarebytes has recently reported that ransomware—malicious software that locks you out of your computer and/or entire network and demands a “ransom” to restore access—has roared back against business targets (particularly vulnerable SMBs with smaller IT budgets) with a quarter over quarter increase of 195% into 2019 Q1.
If your business has never been hit with a ransomware attack, which often starts as a phishing email, it may only be a matter of time. You’ll want to review our tips for protecting your business from this escalating threat, and then review your current IT resource’s ability to keep you safe.
DDoS Attacks & Botnets
This usually involves taking down your company’s website, as you find yourself on the receiving end of a distributed denial-of-service (DDoS) attack. However, your malware-infected computers could be the tools used to attack someone else, as they become the “botnet.”
This video from cybersecurity provider Kaspersky explains how this type of attack works:
Other Online Scams
There are so many online scams, and it can be extremely difficult for individual technology users (aka you and your employees) to keep up. In fact, scammers depend on the fact that their targets are “distracted” by things like their normal daily work and “set it and forget it” attitudes toward, for example, direct deposit paychecks into banking accounts. (That’s right, scammers have even found ways to breach HR departments and steal your pay!)
This is also an area where a proactive managed IT department—like we provide for our valued business clients here at Monroy IT Services—can be a priceless resource. We monitor the ever-evolving threat landscape and keep you protected from—and educated about—new scams that pop up.
Defend Yourself with Robust Cybersecurity: Monroy IT Can Help
Experts estimate that cybercriminals worldwide steal about a million dollars from its legitimate owners every minute of every day, while businesses only spend just over $170,000 each minute to fight back. That’s a scary mismatch between what “bad guys” are getting away with and what the “good guys”—hardworking business owners and managers—are doing about the problem of rampant cybercrime.
If you’re ready to step up your San Antonio-area business’s defenses against cybercrime—and you should be—it’s time to give us a call at Monroy IT Services. We’re ready to help you protect your network and your business while keeping your monthly IT costs predictable.