Cybercrime: Inadequate moats and insider jobs

Can you believe that cybercrime has resulted in over US$1.5 trillion dollars in worldwide losses over the past 12 months? We know that cybercrime has escalated during lockdown, but this figure does more than enough, surely, to reinforce the need for businesses to deepen their understanding of financial crime. (The figure comes from research by BAE Systems Applied Intelligence and SWIFT, the financial messaging and payments organisation set up by a cohort of banks).

The Lens has scanned several reports recently and can relay some details.

We read that cybercriminals are more sophisticated in using ‘front companies’ to launder funds. Cryptocurrencies have also become a favoured medium for money laundering, with digital transactions offering a peer-to-peer environment that allows criminals to bypass the compliance and KYC controls applied by banks.

Financial organisations are spending, on average, 10.9% of annual budget on cybersecurity programmes according to Accenture. This is a large price to pay for safety, but the danger of not being cybersecure also has large associated costs. For example, the Information Commissioner’s Office, the UK’s data protection watchdog, slapped a £183.39 million fine on British Airways (BA) last year for violating the EU GDPR when hackers exploited security vulnerabilities to steal credit card details and other customer information.

The past 12 months have also seen an escalation in ransomware attacks. The 2020 Cyber Security Report by Check Point Research reports that in the US and Europe, software companies, healthcare organisations and regional government have particularly been targeted. As the gravity of these attacks has grown, the FBI has weakened its previously strong stance on paying ransoms.

About 40% of security breaches are now indirect, with criminals targeting the weakest links in supply chains and in business ecosystems. Traditional ‘perimeter-based’ defences, based on building a wall or a moat around IT, have become inadequate. Attackers are locating vulnerable organisations that are a single step away from their main target, including cloud-based data services.

Further, Check Point also finds that 34% of cyberattacks are committed by insiders.