Cybercrime: stay one jump ahead

Technology makes life easier and more efficient. But as our reliance grows, so does cyber risk. Understanding and controlling this risk is vital, as is understanding that as our technologies and behaviours develop, the criminals evolve to take advantage. Failure to identify new threats could be catastrophic.

This article will explore how technology is attacked, why today’s cyber solutions might not provide protection tomorrow, and how to keep one step ahead of the bad guys.

How does the adoption of technology increase vulnerability?

Your device

As we use more technology, we increase our attack surface area. With remote working, “bring your own device”, remote desktop policy, and mobile phones, we’re no longer safely tucked in behind the office firewall. Cybercriminals are exploiting this increased opportunity to take over your device with techniques like malware, phishing, spyware and even calling you up (vishing).

The cloud

With the progressive shift towards cloud-based services, data is stored and accessible all over the place. Between SharePoint, OneDrive, Dropbox, email, hosted servers, and case management systems, the cloud facilitates a huge portion of your firm’s matters.

There’s a common misconception that working in the cloud makes you safer. This is false. It just means your risk is different. The rush to move data and applications to the cloud means firms have multiple front doors which all need to be protected. The increase in digital technology means more access to more data via more routes. Strong authentication and data loss prevention policies become increasingly important. 

Automation

Arguably the best thing about modern technology is that so much is automatically done for us, so we don’t have to worry about it. We expect our mobile phones to update automatically, we assume our antivirus is scanning in the background, and you might also expect that you would get an alert if someone else logged into your email account. It’s brilliant when it works, but, when these systems are infiltrated, it can be months before companies become aware. It’s important not to become solely reliant on the automations in place – humans are still needed. Humans can understand the risk associated with the tech and configure alerts to those who need to verify suspicious activities.

Today’s cyber solutions won’t last forever

Cybercrime is worth billions – by 2025 the global cybercrime industry will be worth an estimated $10.5 trillion annually.

As the world tries to protect itself from attack, criminals create new sophisticated techniques to bypass security.

The two most common types of attack for law firms are email account takeover (“EAT”) and ransomware.

With EAT, criminals can divert payments, tricking clients into transferring money to faked accounts. Multi-factor authentication (“MFA”) is a vital control against this attack, but it is already being successfully circumvented by the criminals. Their phishing attacks take you to a login page via the criminal’s website, which enables them to capture the MFA code as well as your credentials, and you have literally logged them into your account.

In a ransomware attack the criminals make your systems unusable unless you pay for a code to unlock them. Investment in good backup services is a control against this, but criminals now steal your data as well as locking it, then threaten to sell it in marketplaces on the dark web unless you pay up. A backup won’t help you here. Ransomware is growing faster than ever.

How to stay one step ahead

In summary, your cybersecurity strategy needs to have layers. The criminals can peel back or work around a layer or two, but the more layers in place, the harder it becomes. Train your staff, add another layer of authentication to every cloud-based account, and configure system security alerts, to name just three layers. Operate a zero-trust policy, remove unnecessary privileges, and reduce document access where possible.

Our reliance on technology isn’t going away any time soon, and neither are the criminals. Preventing this risk needs some investment.