Since the early 00's becoming a cyber criminal has became increasingly incentivising due to the high financial reward and very little risk. Teenagers more than anybody have came to the realisation that they can not only acquire thousands (or maybe millions) of pounds but also, almost never get caught. How can this be so damaging to peoples lives and businesses though?
Well there are a wide variety of cyber attacks and also many ways in which the data acquired can be used to earn money. Your data could be sold to a criminal organisation that could steal your identity or blackmail you, you could be easily tricked into transferring money into an account, you could be physically attacked and the list goes on. The kind of impact explained in the last few examples are mainly a result of attackers having full access to your devices without you being aware and spying on you.
People are often under the misconception that as long as their personal devices are secure then they can't become a victim of a cyber attack but they could not be more wrong. Your employer holds personal information about you, the government holds personal information, any online website you sign up to holds your personal information and various other organisations hold your data too. If any one of these organisations are hacked, you are instantly a potential victim and it is not something which should be taken lightly. While you may not see any instant impact, criminal organisations are reviewing what they have and figuring out how they can either trick you into giving them money, blackmail you into giving them money or they may have your bank details already so they're just waiting until payday to steal all of your money.
The only way you can prevent this is by reducing the amount of information you store on websites and request that organisations do not hold more information than what is necessary. Anti-malware on all of your devices is a given and you should be very careful when on public WiFi as this is a free for all for cyber criminals. You also have to ensure that any websites you access are legitimate and be sure to question any kind of unexpected digital interaction from any provider such as your bank, don't just click the link and follow the instructions, especially if it states it is urgent! One of the most simple but effective preventative measures is updating your devices, the updates have been released for a reason. If you are reading this as a business owner, ensure your business data is backed up to offline storage, ensure you have advanced anti-malware protection (not cheap or free solutions) and ensure your systems have a robust updating process in place.
Now you are aware of how a cyber criminal operates to gather money from a single person, how do they bring down an entire business? Well the answer is simple, they either encrypt all of the businesses data and ask for a huge some of money and they promise not to delete anything if you pay within a very short duration (48 hours or so) or they spy on the financial departments and figure out how to trick someone into sending them money. There has been examples where they have even emailed a businesses client pretending to be the business and asked the client to pay an invoice to a new bank account as they have recently changed banks. These kind of attacks can destroy any business no matter how big or small the business is and they are often really easy to do.
With the serious impact cyber criminals can cause to people and businesses, why aren't they being caught?
Well the simple answer is, you can't trace them as the money goes to dummy bank accounts or they request to be paid in crypto currency which is so secure that even governments cannot trace payments made through cryptocurrencies. Once the cyber criminal walks away from their computer, there is no digital footprint that they was ever performing such activities either so even if they are suspected to be committing cyber crimes, there is very little evidence to prove it.
Why is cyber crime increasing?
The answer to this is also simple, people and businesses alike are not taking the necessary action to ensure their data is secure. Simple things like updating your applications and operating systems are being skipped, cheap anti-malware products are being used, the training is not in place to prevent social engineering attacks, there is no internal process in place to identify what needs to be done in the event of a cyber attack and the list continues. This is just allowing the entire world to become an open game for cyber criminals, they're able to acquire money with very little effort as the tools they are using are being developed every day to become more and more advanced while businesses and the general public are just ignoring the risks.
What to take away from this:
Purchase an effective anti-malware product for your devices
Be careful about where you share your personal information
Ask organisations to hold minimal information about you
Take a training course on how cyber criminals can use social engineering to steal your money
Don't ever give any personal information over the phone unless you initiated the call and you know it is the correct number, even then you should be careful
Keep your devices up to date