Cyber-dependant crimes can only be committed using a computer and in these offences, technology is usually also the target. This can be as simple as unauthorised access to a computer by logging into a system without permission, or as sophisticated as hackers gaining remote access. Fraudulent emails asking for personal and security information known as phishing is a common cyber threat and remains one of the most successful attacks. Phishing kits being sold on the dark web have facilitated people with limited technical knowledge to administer their own attacks.
Other cyber-dependant crimes are malicious software which can be in different forms such as, viruses which infect a computer, often after being downloaded in an infected file. Trojans often appear to be innocent programs, but they contain hidden functions which can install a back door to allow remote access, intercept messages or acquire information. Bots infect a computer and then secretly run in the background and allow remote access. Several bots form a botnet which can be instructed to carry out synchronised tasks.
Distributed denial of service attacks (DDoS), deny service by overwhelming a system. An innocent example of this would be when a website selling music festival tickets is no longer able to handle the volume of traffic it is receiving. A DDoS attack would intentionally replicate the same effect on a website, server, network, or single computer. It could do this by sending enough requests to a website to overwhelm it or by sending thousands of emails. It could also be achieved by using a replicating program such as a virus or by using a botnet.
Another cyber-dependant attack is known as ransomware. This is a form of malware that encrypts the files on the victim’s device. The victim is then blackmailed to pay a ransom to receive the key that will decrypt the files. Files can be encrypted in such a way that reverse engineering is not possible. If the files are not duplicated elsewhere, the only way to retrieve them is with the key held by the criminals. Europol stated that ransomware was the ‘top cybercrime threat in 2019’ that provides an ‘easy income for cybercriminals’.
With a lot of these cyber-attacks, data is often the key element. You could face considerable fines if you lose the personal data of your customers due to inadequate security measures. In 2018 the European Union (EU) General Data Protection Regulation (GDPR) came into force and were incorporated into United Kingdom (UK) law with the Data Protection Act 2018. Fines can now be up to, ‘20 million Euros or 4% of the undertakings total annual worldwide turnover in the preceding financial year, whichever is higher.’
A UK survey reported that the average cost to businesses in 2019 for lost data was £4,180 and £9,470 for charities. The report also noted that businesses identifying breaches and attacks was lower in 2019 than 2018, which could be partly explained by companies being more cyber secure since the introduction of the GDPR and its greater fines.
Smartphones are incredibly vulnerable to attacks as they often contain considerable amounts of sensitive and financial information, away from the security of a home network. More than 60% of online fraud is achieved through phones, with 80% of that fraud accomplished through mobile apps. In the UK, the Computer Misuse Act 1990 does not define the meaning of the word computer which allows the law to keep pace with advancing technology, such as smartphones.
Another vulnerability when it comes to cyber-attacks is human error. A 2019 study found that ‘humans are still the weakest link’. Employee error is often the main cause of a successful attack whether by intent or accident. The study noted that this is partly due to inadequate training, as training employees is often the most underfunded area of cyber security budgets.
As a business that operates online it is vital that you are conscious about cybercrime. You must ensure that you are sufficiently and adequately protected against cyber threats. A failure to do so could result in substantial negative consequences for your business.
At Lawdit Stay Legal we offer several packages at different price points to keep your business compliant with the law. We will also put legal safeguards in place to protect and assist you and your business if a dispute were to arise. With a free initial consultation there is no need to delay, so book today!