Three top causes
of cybercrime and how to guard against cyber attacks
We all take steps to keep our homes and our possessions safe. Whenever we go out, we lock our doors and close our windows. Why? So criminals can’t find an easy way in and wreak havoc with things we hold dear.
But bizarrely, people often neglect their online safety. And yet, we’re living in a world where digital criminal activity reigns supreme. It’s a mind-boggling double-standard, no?
Why do people tend to disregard cyber security, even when they might be well aware of the risks?
In this blog, we’ll delve into the realm of cybercrime and cyber attacks. We’ll shed light on the top three causes of cybercrime. How are we making it all too easy for the cyber criminals? And what can we do to halt the hackers?
We’ll also explore the far-reaching impact of cyberattacks on individuals and organizations. Because this stuff affects us all.
No, really. Look, the stats don’t lie, and there’s a lot of them.
You will learn:
What is a cyber attack and who’s behind them?
What three things make cybercriminals’ lives easy?
Why are there so many cyber attacks?
How can we stop cyber attacks?
How can behavioral science help stop cybercrime?
What’s human risk management?
How can human risk management help curb cybercrime?
How can we be ready for future cyber threats?
Some (seriously) sobering cybercrime statistics
- 1 in 2 people expect to be targeted by cybercrime in 2023.
- Over 33 billion electronic records are expected to be stolen in 2023.
- The average cost of a UK data breach/cyber attack is £4,200.
- Gen Z deals with the highest rate of cyberbullying, with 38% of all reported victimization.
- Data breaches cost businesses an average of US$4.35 million in 2022.
- There was a 23.5% increase in social media hacking in the UK in 2021 alone.
- Over a quarter of people (27%) report having been a victim of cybercrime.
- Cybercrime costs could reach US$10.5 trillion annually by 2025.
- Cybercrime is projected to cost the world $8 trillion annually in 2023.
- The FBI received 800,944 cybercrime and cyberfraud-related complaints in 2022.
- 43% of cyberattacks target small businesses (and 60% of victims go out of business within six months).
- 31% of UK businesses are attacked at least once a week.
- People’s fear of becoming cybercrime victims increased by 7% from 2022 to 2023
Or, to put it another way: What most people and businesses do isn’t working.
So, vitally, we’re about to lay it on the line, with cybersecurity solutions grounded in behavioral science and human risk management. AKA the stuff that actually works.
So, prepare to get empowered and help others join you there. Get ready to be able to protect yourself and others against these digital threats.
Section 1: Understanding cyber attacks
So, what is a cyber attack?
Before we get into the meat of it, let’s ensure we’re all on the same page here. So, what exactly is a cyber attack?
A cyber attack is a deliberate, harmful move, focusing on computers, networks, or devices. The goal is to breach security, disrupt processes, steal valuable personal data or sensitive information, or inflict damage. These attacks come in various forms, like hacking, phishing, malicious software, or identity theft.
Portrait of a cybercriminal
You’re picturing a guy in a dark hoodie hunched over a laptop, right? Well, while hoodies are good for staying cozy during long coding sessions, it’s a much more diverse and complex world in reality.
Cybercrime is a multifaceted world with a spectrum of individuals and groups, each with their own motives and methods. At one end, you have organized crime groups who view cybercrime as a lucrative criminal activity. These entities are driven by financial gains. They love large-scale, coordinated attacks. They want to steal sensitive information, commit internet fraud, or hold personal data to ransom.
On the other hand, there are the individual cybercriminals, often operating as hackers, who may work alone or in small groups. Their motivations range widely. Anything from financial gain to personal satisfaction, curiosity, or even ideology. These actors reach for a wide array of techniques. Exploiting vulnerabilities, spreading malware, launching phishing attack campaigns—everything’s on the menu.
Phishing incidents account for the highest proportion of total cybercrime incidents (47%). (Oh Behave! The Annual Cybersecurity Attitudes and Behaviors Report 2023)
The dark web serves as a marketplace for various cybercrime services. This makes it easier for individuals to access tools, services, and expertise to conduct cyber attacks. This underworld allows them to buy or exchange stolen data, hire hackers, or snag malware to carry out their shady activities.
Cybercriminals love social engineering. It manipulates people into giving them unauthorized access to sensitive information. A distributed denial of service attack (DDoS) can disrupt online services, causing chaos. Furthermore, they engage in internet crime, including fraud and forgery, to profit from their illicit activities. In the world of cybercrime, adaptability and innovation are their key assets.
How do cyber attacks impact people?
The internet’s vast expanse has made cybercrime as simple as a mouse click. Cyber attacks can strike at any time and anywhere, potentially resulting in devastating consequences. Individuals can fall victim to these attacks, losing their personal data or becoming victims of identity theft.
In October 2023 the US Federal Trade Commission (FTC) reported that social media fraud has cost victims a staggering $2.7 billion between January 2021 and June 2023, far surpassing losses on regular websites, phone calls, and email. The most common scams on social media platforms involve online shopping (44%), followed by investment fraud (20%) and romance scams (6%).
How do cyber attacks impact organizations?
For organizations, the consequences are even more severe. A successful cyber attack can lead to data breaches, financial losses, and reputational damage.
One glaring example of this is the MGM Resorts ransomware attack, costing over $100 million. The attack led to significant operational disruptions, particularly in MGM’s Las Vegas properties. MGM opted not to pay the ransom, despite the substantial costs this led to, on advice from law enforcement.
The breach exposed personal customer information but, thankfully, sensitive information like passwords, bank account numbers, and payment card information remained secure.
This incident serves as a stark reminder that even large organizations are vulnerable to cyberattacks. It also illustrates the pressure that security teams are under.
Section 2: The three most common causes
How about we break it down and expose the gaps in the game? It’s time to take a look at the three troublemakers causing those hiccups in the world of cybersecurity.
The three most
Cause 1: People lack the help they need
So, here’s the deal – lots of folks are just out there wandering clueless when it comes to securing their digital turf. Plenty of people have terrible password habits. Millions of us still use the password ‘123456’, for instance (eye roll). And many of us recycle our one weak password across multiple accounts.
People need to get serious about crafting strong passwords [SB003: Uses a strong password or passphrase]. And they need to understand the dangers of reusing them [SB151: Does not use weak passwords]. When people understand what makes a secure password and why it’s so important, we’ll all be slamming the door in criminals’ faces.
56% of people have never used a password manager, and 30% have never heard of Multi-Factor Authentication (MFA). (Oh Behave! The Annual Cybersecurity Attitudes and Behaviors Report 2023)
The three most
Cause 2: People don’t take vulnerabilities seriously
Cybercriminals see a chink in the digital armor, and bam, they’re in.
Take for instance the hit on Sony’s file transfer app, MOVEit in 2023, when hackers found a vulnerability. The upshot? 1,000 businesses and 60 million individuals felt the sting.
Mind-boggling numbers, no? They serve as a reminder of the importance of keeping systems and software in check. They reveal why it’s so important to grab any updates and patches pronto.
The three most
Cause 3: People are bad at assessing risk
This one’s all about human nature messing with our heads. You know how we get, thinking nothing’s going to happen to us? Optimism bias–that’s the behavioral science term for it. (Feel free to use it next time you want to sound clever. You’re welcome.)
People freak out about flying. But it’s statistically safer than driving. It’s the same deal with cyberattacks—people tend to think they’re safe and sound.
Only half of us think a cyber attack could happen to us. (Oh Behave! The Annual Cybersecurity Attitudes and Behaviors Report 2023)
Section 3: Three powerful solutions to cybercrime
So many people’s front doors are not just unlocked but wide open with welcome mats out. People need help with their digital security. That means knowing what works…and doing it.
solutions to cybercrime
1. Harnessing behavioral science and human risk management
Mark our words. Behavioral science and human risk management are your trusty sidekicks in the fight against cyber crime. To counter cybercrime effectively, we must understand the human factor in security.
But paying lip service isn’t enough. It’s vital to adopt a data-driven approach. Gathering data on training participation and click rates means you can assess the effectiveness of your security awareness program, and target resources where they are needed most.
With the right tools, you can educate your people and demonstrate the tangible impact of your efforts. In turn, you’ll be able to justify further investment in cybersecurity.
Two thirds (64%) of people have no access to cybersecurity training. (Oh Behave! The Annual Cybersecurity Attitudes and Behaviors Report 2023)
solutions to cybercrime
2. Empowering people and organizations
Every day, countless players, including cybersecurity ventures like CybSafe, work hard to make digital defenses stronger. On the front lines, we’re using the latest technology, diving into the research, and creating clever solutions to thwart the cyber baddies.
But if you think that means coming up with glorified firewalls, think again. We know that upping everyone’s confidence and skills is at the core of creating a safer digital world. Because of that, cybersecurity awareness needs to be an everyday part of life, at home and at work.
34% of people change sensitive online account passwords only if forced to. (Oh Behave! The Annual Cybersecurity Attitudes and Behaviors Report 2023)
solutions to cybercrime
3. The right tools
Your FREE Ransomware Toolkit
Amid the ever-evolving digital threats, preparedness is paramount. So we’re making it easy to stay one step ahead with our CybSafe Ransomware Toolkit. It’s your comprehensive solution for combating this sinister cyber menace. And it’ll enhance your overall security posture to boot.
What’s inside the toolkit?
We’ve generously packed your kit with everything you’ll need. It’s all the result of hundreds of hours of expert research and development, distilled and packaged into highly readable and usable stuff.
- Long Read: Dive into “Ransomware 101”, the ultimate guide for ransomware today. Learn what ransomware is, the different types, how it’s delivered, and most importantly, how to protect your organization.
- Webinar: Join our on-demand webinar to understand the power of people in preventing ransomware attacks. CybSafe’s Science & Research team and expert guests present their findings to help you stop and spot ransomware attacks.
- Report: Explore the science and strategies behind the ransomware riddle, including prevalence, trends, and the impact on organizations. Discover how human psychology can play a key role in ransomware prevention.
- Ransomware module: Familiarize yourself with ransomware through an exclusive module from our platform. Learn how ransomware infiltrates, how to contain it, and how to stay protected.
- eBook: “The ransomware threat is real: Is behavior the savior?” lays out how a behavioral science-based approach can help you influence the right behaviors to combat ransomware effectively.
- Blogs: Our comprehensive ransomware blog series, covering the latest trends and essential information to keep you ahead of the game.
Don’t let ransomware hold you hostage. Get the CybSafe Ransomware Toolkit and run rings around this growing threat.
It’s time to call last orders on hacker happy hour
Cybercrime is evolving and becoming more sophisticated, organized, and lucrative.
But you can flip the script. You can address the common causes of cybercrime. And you can choose to embrace solutions grounded in behavioral science and human risk management.
The evolution of cyber threats never stops, but with the right knowledge and tools, we can all stay ahead of cybercrime.
It’s time to join the mission in building a more secure digital world.
Cyber security awareness needs to become a useful part of everyday organizational culture. It needs to be something that reaches us and is relevant in our homes as well as in our places of work.
The risk of becoming a victim of cyber crimes is becoming greater every day.
As things stand, our front doors aren’t just unlocked. They’re unlocked and wide open, and the cushy red carpet is rolled out.
It’s time to do more about it.
It’s not just us who believe in this mission. Organizations around the world share this commitment. Take for instance the Internet Crime Complaint Center (IC3) and National Cyber Security Centre (NCSC). Together, we’re paving a super-smooth highway to a digitally secure future.
That’s why we’ve built GUIDE, PHISH, and RESPOND. Three distinct, powerful, groundbreaking products. Here’s your lightning-quick tour.
GUIDE your personalized security awareness training solution. Measure and improve 100+ security behaviors, get expert nudges, deliver accredited training, and achieve compliance. Plus, it’s user-friendly and free for up to 100 employees.
PHISH reduces risky phishing behaviors through intelligent simulations. It reveals the ‘why’ behind user behavior. And it offers insights into social engineering threats and positive consequence management. And naturally it’s science-backed and user-friendly.
RESPOND simplifies security with event-based workflows, real-time risk response, and third-party data integration. It quantifies employee risk, reduces the burden on your team, and preempts security risks. Plus, it integrates seamlessly with GUIDE for a comprehensive approach.
These tools are made for folks like you who are passionate about security awareness and want to help people take better security actions.