Cyberattacks are now commonplace, and cybersecurity does need to be high up on the priority list. Big companies and organizations’ IT systems sometimes suffer thousands of attacks a day. They continuously have to fend off attacks. These attacks come from all over the world and are also becoming increasingly targeted. Whereas cybercriminals previously largely launched broad attacks – in the hope that someone would walk into their trap – they are now often aimed at specific people, for instance the person within a company responsible for financial matters. Targeted attacks like these are becoming more common and turn out to be much more dangerous.
The complexity of the cyberthreats means that organizations need to arm themselves on a number of levels: both technically and organisationally, with a good grasp of what their crucial data is, what their priority business processes are and how they have to apply these measures to ensure optimum safety.
Almost ten years ago, a cyberattack mostly wouldn’t really have much operational impact. At most, the IT environment went down for a day or two. Operating activities carried on as usual, albeit less efficiently. Today, a targeted cyberattack paralyzes whole companies and organizations. After all, technology has increasingly become a fundamental part of core business processes and services. Automation fully connects production environments with digital tools to remotely control machines and installations. This fact hasn’t escaped the notice of cybercriminals either. Not integrating cybersecurity into operating activities means waiting until a hacker pulls the plug.
Four forms of cybercrime
- Phishing: victims are mostly lured via an email to a fake website that is a copy of a real website. They unsuspectingly log in there, giving their login details – and also often their bank account details.
- Spear phishing: a very targeted phishing attack on an individual, a company or an organization.
- Ransomware attack: hackers install ransomware in the company’s IT systems and thus shut down all business and production processes. The cybercriminals then demand a ransom to unblock everything.
- CxO fraud: a version of invoice fraud where attempts are made to get people to send money to the scammer’s bank account. The scammer pretends to be a CEO or another high-level director at a company.