The cybercrime threat is evolving

It’ll be a couple of months before the final numbers are published, but 2023 already looks like being a record year for cybercrime.

There more reported cybercrime attacks than in any previous year according to the most recently available data, and the average cost per breach has now hit $4.45 million according to IBM.

UK Government figures from last April suggested 11 per cent of businesses and eight per cent of charities had suffered a cybercrime attack in the previous twelve months.

Data on private individuals is harder to quantify, but Action Fraud believe 200,000 people have fallen victim to cybercrime in the most recent 12-month period for which data is available.

In total, UK citizens lost £890 million after consumer/advanced fee/banking fraud. Investment fund fraud accounted for eight per cent of cases – but 51 per cent of financial losses.

It’s expected that cybercrime will increase globally by 15 per cent year on year, costing us all over $10 trillion in 2025, and few people expect 2024 to reverse the trend.

Sadly, the only small numbers in any of this involve the chances of punishment. World Economic Forum data indicates a successful prosecution rate in America of just 0.05 per cent.

No wonder cybercrime is such a growth industry, especially with new technologies like QR scams emerging.

So where are these threats coming from, and what can individuals or businesses do to reduce their chances of becoming part of 2024’s statistics?

A global issue

We mentioned America with good reason just now, since American businesses and consumers are the most likely to be the victims of cybercrime.

This is partly due to much of the world’s software originating Stateside, and partly due to America’s global unpopularity – especially in countries with a history of creating malware.

UK businesses and consumers may be less fixed in the crosshairs of Russian or Chinese cybercrime networks, but we’re still threatened by them – and also by the oceans of online malware.

It’s hard to calculate how many malware programs presently exist, but conservative estimates place it at over a billion, with an estimated 560,000 new pieces launched daily.

The latter are known as zero-day attacks, as they give antivirus software no time to update its databases before they begin targeting data such as personally identifiable information (PII).

Operating theatre

Cybercrime attacks on smartphones are relatively unusual, with a far greater focus on attacking desktop computer operating systems and the software platforms they host.

This is due to various factors including our propensity to open email (a key malware vector) on computers, the lack of PII saved on mobile devices, and the more robust nature of Android and iOS.

Conversely, Windows has always been the cybercriminal’s favourite OS, which is why PC users need to be more vigilant than Mac owners in terms of avoiding malware and viruses.

Even so, best practice when it comes to staying safe online applies to smartphones and tablets just as much as desktop or laptop computers….

• Always use antivirus software on desktop computers. As stated above, it’s of little benefit on smartphones, but PC or Mac users should install AV tools with automatic updates enabled.
• Never open unsolicited emails or unknown attachments. Email attachments remain a core vector for malware, so only open recognised file types from known senders.
• Avoid dubious top-level domains. Every web address has a TLD. Ours is .uk, which is usually safe, as are .com, .org and .net. Dodgy TLDs include .cn, .live, .gq and .top.
• Stay away from torrent sites unless you’re a confident user. Our recent guide to torrents explains why these streaming platforms are rife with undetected malware.
• Be wary around financial transaction. Double-check account info as you enter it, never respond to unsolicited requests for money, and be suspicious of ‘account suspended’ phishing emails.
• Use secure networks. Finally, don’t share PII across insecure public WiFi networks. Wait until you get home or – in an emergency – use a VPN or the Tor browser to protect data.