Cobbetts Logo
Search
Browse
 
 | 
Home  Publications & Events  All Publications  The cost of cybercrime
22 February 2012
Contact Me
Complete our general enquiries online form and we will contact you.
Publication
RSS

The cost of cybercrime
 
Last year the Government estimated that the cost of cybercrime to the UK economy was a staggering £27 billion.  This figure includes a £21 billion cost to businesses of which £9.2 billion resulted from the theft of intellectual property and £7.6 billion from industrial espionage.   These figures exclude the loss of customer data at a further cost of £1 billion.

 

Some of the world’s leading brands have been the victim of cyber attacks including Sony, and most recently, adidas.  The German sportswear maker suffered a “sophisticated, criminal cyber-attack” causing it to take its website content offline back in November 2011. 

 

Financial losses caused by acts of fraud have frequently been in the news during the economic downturn.   There now appears to be more instances of cybercrime, which has has led to a unified approach by the Government in dealing with the threat, including a recent two day international conference in London.

 

However, despite efforts to deal with cybercrime and raise concerns, some businesses are still not aware of the risk to them and what actions they can take to reduce their exposure?

 

In this article we will outline the major risks businesses face and offer some practical advice to help you protect your organisation from this increasing threat.

 

The risks

All types of businesses are at risk from a variety of cybercrimes and from different perpetrators.

Some of the key risks you should be aware of include:

 

Cloud computing

Cloud computing refers to the practice of using a network of remote servers hosted on the internet to store, manage and process data.  Risks include:

 

• The loss of control over data, influence or audit capability
• Lack of access to data
• Compliance breaches
• Employee misuse of data (innocently or with malicious intentions).

 

Social networking platforms

Employees who interact on social networks such as FaceBook and Twitter could unwittingly expose sensitive data such as clues to passwords.  .   Consider the standard security questions such as your mother’s maiden name which could be located by someone who knows how to retrieve this information from a FaceBook page.

 

Similarly postings and status updates on Twitter which relate to your businesses’ activities could be easily monitored and potentially compromise confidentiality.
 
Mobile devices

Smart phones and tablets have the ability to quickly transport data if adequate security regarding the release of data is not in place.  You should consider the access levels of any temporary staff or unguarded computers accessible by external contractors, suppliers or visitors to your business. 

 

Information theft

It has been reported that 65 per cent of all information theft is linked to an existing or former employee of a business.   Failure to monitor password security and access levels to sensitive data within a business can lead to loss of key data such as your process systems or confidential client information.  

 

Consider a charity that needs to keep the names of those who make substantial donations private, or sensitive design and manufacturing processes which are unique to a particular business.  

 

This is the area of risk that in our opinion can lead to the greatest degree of financial damage to an organisation. 

 

Email scams

Organised crime is becoming increasingly sophisticated at extracting personal information from individuals, and even information about their employers, through email scams.

 

In 2010, some 1.07 trillion emails were sent.  Often human error combined with the specific intention to extract information can lead to sensitive information being released.  For example, a false email from HMRC relating to a tax refund, could lead to an employee releasing confidential bank account information.


It is not only businesses that are suffering from this specific risk.  In November 2011 the Commons Public Accounts Committee stated that online shoppers have been left at risk of email scams and fraud and that police authorities are not getting to grips with the situation.


Corporate hijack

In its simplest form, this is where an organisations corporate identity is replicated and then used to extract money or information from a third party who believe they are dealing with the legitimate organisation.

 

Key features of corporate identity include mimicking the logos and house style of letterheads or websites, creating fictional bank statements with the knowledge of where an account is held and the account details, and use of company and VAT registration numbers which are easily accessible. 

 

More sophisticated fraudsters will gain information over a period of time so to place them in a position to control bank accounts and gradually siphon monies away.  

 

How can you minimise the risk to your business?

The key to all of these risks is that, to a large degree, they can be minimised by clearly enforcing your own internal policies and procedures.


Initially, you should consider undertaking an internal risk assessment which seeks to highlight your businesses’ potential exposure to cybercrime. Once completed, all your employees should be appropriately informed about the key threats and policies and procedures implemented to safeguard them from exposing themselves or the organisation.

 

A few points to consider:

 

1. Identify the risk areas in your organisation.  Procedures could include appointing responsibility within your technical team of at least two people with separate passwords who are able to release sensitive data where it is required.

 

2. Ensure your staff are fully aware how they should use the internet and email at work.  Ensure they are aware of your IT security policy and that any breach will result in disciplinary action and at worst dismissal.  Consider training sessions.

 

3. Ensure staff are aware of the risk of releasing sensitive information outside of work, be it through emails from work to home containing sensitive data or commenting on issues at work on a social media platform.  Make them aware of the tactics of fraudsters who operate online in order to obtain sensitive information.

 

4. Look at your data suppliers and third parties who have control of your organisation’s sensitive information.  Ensure there are suitable contractual terms in place to protect you in the event of a data breach.

 

Conclusion

The rapid development of the internet over the last decade has created a significant new area of fraud risk.  

Whilst organisations are now more aware of issues, such as employee theft or fraud, there still remains a view that when it comes to cybercrime “it won’t happen to us”. 

 

You cannot guarantee protection from these threats but you can at least reduce your exposure.  Please do not leave yourself open to risk?

 

For further information about the risks of cybercrime or to discuss your businesses’ policies and procedures please do not hesitate to contact a member of our expert fraud team:

 

Arun Chauhan
Tel: 0845 404 2391
arun.chauhan@cobbetts.com

 

Mark Kenkre
Tel: 0845 404 2379
mark.kenkre@cobbetts.com

 

The content of this article is for information purposes only and should not be relied upon as a substiture for legal advice.  Copyright 2012 - Cobbetts LLP All Rights Reserved - January 2012

Bookmarks

You have 0 bookmarks

View bookmarks

Subscribe

For the latest industry news and updates enter your email address:
© Cobbetts LLP 2011. Cobbetts LLP is a limited liability partnership
and is regulated by Solicitors Regulation Authority.		 my.cobbetts | Disclaimer | Data Protection | Accessibility