Cyber Crime Continues to Increase
New posts show how the number and cost of cyber crimes continue to increase.
According to Scott Ferguson at www.bankinfosecurity.com, analysis by the U. S. Treasury Department’s Financial Crimes Enforcement Network found that business email compromise scams (also known as computer fraud or social media fraud) increased from 500 incidents per month in 2016 to 1,100 per month in 2018. During the same period the monthly cost of fraud almost tripled from $110 million to $301 million. The Treasury Department’s annualized fraud loss of $3.6 billion is three times the FBI’s estimate for 2018. An AIG Claims Intelligence Series report covering Europe, the Middle East and Africa shows business email compromise claims were 23% of total 2018 incidents reported.
The construction and manufacturing industries accounted for one quarter of reported U.S. incidents, but commercial services and real estate have also seen significant increases. In the AIG report, professional services were 22% of claims, followed by financial services.
Fraudulent emails impersonating company executives are giving way to scammers posing as vendors submitting authentic looking invoices. These invoices can also be vehicles for malware to steal passwords or confidential information. Vendor impersonation yields higher payments for criminals; average impersonated vendor or client invoice amount is $125,439, CEO impersonation is $50,373.
While cybersecurity applications and hardware have improved, employees are the weakest point. Security starts with training employees to recognize scams and report suspicious emails.
According to a study by recovery service provider Coveware reported in HIPAA Journal (https://www.hipaajournal.com/study-reveals-increase-in-ransomware-attacks-and-3x-hike-in-ransom-demands/) ransomware payments increased by 184% from first to second quarter of 2019. Average payments almost tripled, from $12,762 to $36,295. Average downtime also increased, from 7.3 to 9.6 days. In the AIG report, ransomware made up 18% of 2018 claims.
Ransom payments are only a small part of a loss; downtime losses including lost revenue are five to ten times the payments.
These studies show a continuing need to improve cybersecurity to mitigate these attacks. Organizations also need to cover computer fraud, extortion, loss of data and business income loss as part of their cyber insurance program.