The Three Priority Cybercrime Threats
by John Bandler
Cybercrime threatens every single organization and individual. No business and no individual is immune or invulnerable, we all must evaluate the threats. Protection starts with understanding the three priority cybercrime threats, and then reducing the risks. The three cybercrimes to know are
- Data breach
- Ransomware, and
- Email based funds transfer frauds (also known as CEO fraud, or business email compromise, BEC).
Attacks can disable operations and cause serious harms that are costly, time consuming, and stressful. Organizations and individuals can take steps to reduce their risks, and many of these steps are no more burdensome than putting on a seatbelt when getting in a car, a helmet before riding a bike, or the routine maintenance we do to protect our homes and automobiles.
Here is a brief description of the three priority cybercrime threats to know and plan against:
A data breach is an unauthorized access to confidential data. A cybercriminal that breaks into an email account, network, or stored data. This breach can have many negative effects, require notification to government and affected parties, damage reputation, and more. There are many ways a cybercriminal can breach an information system to access and steal data.
Ransomware locks computer systems making them unusable. The cybercriminal uses malware and encryption to encode data and then extorts the victim to pay a significant ransom to try regain access to systems and data. Business disruption can be immense, reputational harm follows, and organizations need to evaluate if a data breach occurred.
Email based funds transfer frauds
Cybercriminals steal funds large and small through their clever abuse of email communication. This can create fiscal devastation. Large payments can be diverted and stolen. The funds may never be recovered, are not insured, and litigation and other disruption ensue. This fraud is sometimes called CEO or CxO) fraud (when executives are impersonated to engineer a funds transfer) or business email compromise (BEC) when businesses are impersonated to engineer a fraudulent transfer. Criminals use many techniques to attempt and succeed with these frauds. Organizations need to evaluate if email systems were accessed, and if a data breach occurred.
The way to protect against these three priority cybercrimes is through good cybersecurity, and that starts with knowledge and proceeds through effective steps and good decisions to plan, protect, and prevent cybercrime. This can start with my Four Pillars of Cybersecurity. Organizations and individuals can evaluate their risks and plan for continual improvement.
Organizations and individuals may have legal duties to protect against these crimes, and to properly investigate and report after they occur. Some laws essentially require reasonable cybersecurity to protect personal information, and require organizations to properly investigate and report to the government and affected parties after a data breach.
But wait, there's more
Of course, cybercrime is an enormous black market industry, there are lots of criminals working on lots of schemes. Mostly it is about theft. Stealing. Victimizing others. There are many names for many schemes. Some involve social engineering, con artistry, trickery. Some involve highly technical activity. It is still mostly about theft. Read more in the links below.
I provide more details on each of the crimes and how to protect against them in the links below.
My usual disclaimers apply, this is generalized information and is not legal or consulting advice.
- The Three Priority Cybercrime Threats (This article)
- Identity theft
- Five Components for Policy Work
- Policies, Procedures, and Governance of an Organization
- Cybersecurity and Privacy for You and Your Organization
- Cybersecurity Tips from John Bandler
- Bandler's Four Pillars of Security
- Cybersecurity for the Home and Office (book)
- Cybercrime Investigations (book)
- External articles
- Data breaches and your business, John Bandler (February 16, 2022) https://westfaironline.com/145435/data-breaches-and-your-business/
- Ransomware and your business, John Bandler (November 18, 2021) https://westfaironline.com/142669/ransomware-and-your-business/
- An overview of cybersecurity laws affecting businesses in New York and Connecticut, John Bandler (August 18, 2021) https://westfaironline.com/139522/an-overview-of-cybersecurity-laws-affecting-businesses-in-new-york-and-connecticut/
This article is hosted at https://johnbandler.com/priority-cybercrime-threats, copyright John Bandler, all rights reserved.
This article is also available on Medium.com at https://johnbandler.medium.com/the-three-priority-cybercrime-threats-1df7bb3b0339 (though perhaps not updated as frequently).
Originally posted 1/3/2022. Last updated 7/24/2023.