“Threats” to cyber security have grown in recent years on an international scale. Cybercriminals benefited from misaligned networks during the epidemic as businesses shifted to remote working environments. Malware attacks rose 358% in 2020 compared to 2019. The number of cyberattacks then rose by 125% globally through 2021 and in 2022, as more and more cyberattacks happened on both enterprises and people.
According to statistics from the South African Banking Risk Information Centre (Sabric):
• Sim-swap fraud climbed by 63% in 2021;
• Total gross loss in digital banking in South Africa increased by 45%;
• Debit card fraud represented 55.3% of all card fraud.
The likelihood of becoming a victim of an online crime increases yearly as more aspects of our lives become digital. According to Surfshark CEO Vytautas Kaziukonis, since 2001, the number of victims of online crime has increased 17 times, and financial losses have increased more than 400 times, from R37,000 to R14.4 million every hour.
It is estimated that cybercrime would cost the world R192 trillion annually by 2025, placing it among the top 10 global threats for the future, above infectious diseases, stagflation, and human environmental harm.
Phishing has been the most frequent cybercrime for the third year in a row, per Surfshark’s report. (There were 323,972 phishing victims in 2021.)
According to Statista, here are the top 5 cybercrime categories that were reported most often worldwide in 2021, by number of victims:
1. Phishing
2. Non-payment/Non-delivery
3. Personal data breach
4. Identity theft
5. Extortion
1. What is phishing?
Phishing is a type of cybercrime where a target is contacted via email, phone call, or text message by someone posing as a legitimate source to trick them into disclosing sensitive information like passwords, banking and credit card information, and personally identifiable information.
The data is then used to access crucial accounts, which may lead to compromised data, financial loss and even identity theft.
2. What is non-payment/non-delivery?
Non-payment or non-delivery scams typically occur online when buyers pay the seller in advance. After receiving payment, the seller breaks their promise and either fail to deliver the item or do it in a way that differs from what was promised.
3. Personal data breach
A personal data breach is defined as a security breach that results in unintentional or intentional loss, alteration, disclosure, or access to personal data. An information breach involves more than merely losing personal information like confidential customer data, personal medical history, and the company’s financial dealings, but it can result in major financial loss.
4. Identity theft
The act of obtaining another person’s personal or financial information with the intent to use it to commit fraud, such as carrying out unlawful transactions or purchases, is known as identity theft. Identity theft can be performed in numerous way s, and the victims often suffer consequences to their reputation, wealth, and credit.
• When someone uses your personal information and credentials to commit fraud, it is called identity theft.
• Although identity theft can take many different forms, the most prevalent one is financial.
• Identity theft can affect people’s credit records, financial transactions, and use of Personal Identity Numbers.
5. Extortion
The term “cyber extortion” is a catch-all for a variety of online crimes. Cybercriminals that threaten to shut down a target company’s activities or compromise its private information are engaging in cyber extortion.
Ransomware and DDoS are the two types of cyber extortion that occur most frequently.
• Ransomware – Ransomware is a type of malicious software or malware. After the data of the victim is encrypted, the attacker demands a ransom. The attacker sends an encryption key to allow access to the victim’s data once the ransom is paid. A few hundred rands to several million can be demanded as ransom. Normally, a cryptocurrency like bitcoins can also be required as payment.
• DDoS stands for “distributed denial of service” – This is an attack by a cybercriminal to overwhelm a server’s infrastructure by saturating it with traffic. This prevents legitimate visitors from reaching the site by causing it to slow or even crash.
Advice on how to keep yourself from becoming a victim of cybercrime.
Chief Information Security Officer at Nedbank Ltd, Christine Gordon-Bennett provided a quick overview of what South Africans may do to reduce the chances of becoming a victim of cybercriminals while sharing some of the cybercrime statistics stated above during the Nedbank Treasurers’ Conference 2022.
The following are Gordon- Bennett’s suggestions for avoiding being a victim of cybercrime:
• DO NOT CLICK. Keep in mind that if you don’t click, you won’t get phished!
• Be sceptical of tempting offers; chances are they aren’t what they seem to be.
• Detect malware and other online risks on all your devices by using an established security suite.
• Multi-Factor Authentication (MFA) should be used — Cybercriminals are seeking your credentials, so add an extra layer of security by using MFA.
• Organise your social media accounts. The more information you have posted about yourself online, the more likely it is that a criminal will initiate targeted phishing attempts. So be cautious about what you post.
• Regularly create data backups.
Cybercrime may have detrimental effects on people and enterprises, including financial loss, a decline in trust, and reputational damage.
So, why is ISO/IEC 27001:2022 important to your organisation? It outlines the requirements for establishing, applying, maintaining, and continuously enhancing an Information Security Management System.
Contact WWISE today to implement ISO/IEC 27001:2022 and thus protect yourself and your organisation against cybercrime.