The Three Priority Cybercrime Threats
by John Bandler
Cybercrime threatens every single organization and individual. No business and no individual should think they are immune, invulnerable, or believe they have nothing to fear. Protection starts with understanding the three priority cybercrime threats, and then reducing the risks. The three cybercrimes to know are data breach, ransomware, and email based funds transfer frauds (also known as CEO fraud, or business email compromise, BEC).
Attacks can disable operations and cause serious harms that are costly, time consuming, and stressful. Organizations and individuals can take steps to reduce their risks, and many of these steps are no more burdensome than putting on a seatbelt when getting in a car, a helmet before riding a bike, or the routine maintenance we do to protect our homes and automobiles.
Here is a brief description of the three priority cybercrime threats to know about and plan against:
A data breach is an unauthorized access to confidential data. A cybercriminal that breaks into an email account, network, or stored data. This breach can have many negative effects, require notification to government and affected parties, damage reputation, and more. There are many ways a cybercriminal can breach an information system to access and steal data.
Ransomware locks computer systems making them unusable. The cybercriminal uses malware and encryption to encode data and then extorts the victim to pay a significant ransom to try regain access to systems and data. Business disruption can be immense, reputational harm follows, and organizations need to evaluate if a data breach occurred.
Email based funds transfer frauds
Cybercriminals steal funds large and small through their clever abuse of email communication. This can create fiscal devastation. Large payments can be diverted and stolen. The funds may never be recovered, are not insured, and litigation and other disruption ensue. This fraud is sometimes called CEO or CxO) fraud (when executives are impersonated to engineer a funds transfer) or business email compromise (BEC) when businesses are impersonated to engineer a fraudulent transfer. Criminals use many techniques to attempt and succeed with these frauds. Organizations need to evaluate if email systems were accessed, and if a data breach occurred.
The way to protect against these three priority cybercrimes is through good cybersecurity, and that starts with knowledge and proceeds through effective steps and good decisions to plan, protect, and prevent cybercrime. This can start with my Four Pillars of Cybersecurity. Organizations and individuals can evaluate their risks and plan for continual improvement.
Organizations and individuals may have legal duties to protect against these crimes, and to properly investigate and report after they occur. Some laws essentially require reasonable cybersecurity to protect personal information, and require organizations to properly investigate and report to the government and affected parties after a data breach.
My usual disclaimers apply, this is generalized information and is not legal or consulting advice. See the below links for more details on each of the crimes and how to protect against them.
- More information on the three priority cybercrime threats
- Policies, Procedures, and Governance of an Organization
- Cybersecurity and Privacy for You and Your Organization
- Bandler's Four Pillars of Security
- Cybersecurity Tips from John Bandler
- External articles
- Data breaches and your business, John Bandler (February 16, 2022) https://westfaironline.com/145435/data-breaches-and-your-business/
- Ransomware and your business, John Bandler (November 18, 2021) https://westfaironline.com/142669/ransomware-and-your-business/
- An overview of cybersecurity laws affecting businesses in New York and Connecticut, John Bandler (August 18, 2021) https://westfaironline.com/139522/an-overview-of-cybersecurity-laws-affecting-businesses-in-new-york-and-connecticut/
This article is hosted at https://johnbandler.com/priority-cybercrime-threats, copyright John Bandler, all rights reserved.
This article is also available on Medium.com at TO BE POSTED SOON (though perhaps not updated as frequently).
Originally posted 1/3/2022. Last updated 2/15/2022.