Cybercrime has been rated the number one risk for SA’s life and general insurance industry. Anna Collard, Consultant: Cyber Security Awareness at Sanlam Group Technology and Information, explains further.
A recent increase in sophistication of cybercriminal activity has put cybercrime on the agenda at the top levels of business. It has become everyone’s concern. To understand how to deal with cybercrime and why it’s so important to protect information, it helps to understand why it happens, who we’re dealing with and how they operate.
Why do they do it?
Although some cybercrime is ideologically or politically motivated, it’s predominantly fraud for financial gain.
Who are we dealing with?
Although they may look like legitimate companies, there are full-blown businesses that commit or facilitate organised cybercrime. They may offer services such as hackers for hire, malicious software for rent, credit-card or ID-book cloning and money mules. Developers with deep knowledge are also bringing constant innovation to malware and attack tactics.
According to cybersecurity data provider CSO, the average age of a cybercriminal is 35 and the main motivation is financial gain.
What do they do?
One of the major threats is ransomware – a type of malware that prevents users from accessing their system or personal files and demands ransom payment in order to regain access. More ransomware groups are expected to emerge, demanding higher ransoms, especially when the infected computer belongs to a business.
Another threat is so-called CEO or impersonation fraud – email scams in which the attacker makes emails look like they come from an executive, a colleague or a supplier to trick someone at the organisation into wiring funds to the fraudsters.
The FBI estimates that the cost of such scams has increased from $3,1 billion to $5,3 billion since 2016.
How do they do it?
Phishing – a way of tricking you into sharing passwords, credit-card numbers and other sensitive information by posing as a trusted institution in an email or phone call – remains one of the most notorious ways of infecting a victim’s computer.
Besides email, cybercriminals also use social media threats and mobile apps to trick users into infecting their own systems. In some cases, they research their victims to create custom-made attacks called spear-phishing.
As you continue building your practice and your legacy as the custodian of your clients’ financial well-being, securing your information is vital.
* Contributor: Anna Collard, Cyber Security Awareness, Sanlam Group Technology and Information