Crime will never go away

I got a couple of reports in my inbox at the same time about the same thing: cybercrime.

Putting this in context personally, I got an email from British Airways saying that SITA had been hacked.

Dear Customer,

We take the protection of your data very seriously (really?). We have been notified of a data breach at global technology company SITA, an IT services provider to many airlines around the world. SITA is not British Airways’ booking and reservations system provider and SITA’s breach does not involve our customers’ financial information or password as SITA does not have access to this data. Please be reassured that this incident was not a breach of British Airways' systems.

This was followed shortly after by the news that Microsoft Exchange, the email system used by many companies, had also been hacked.

At least 30,000 organizations across the United States — including a significant number of small businesses, towns, cities and local governments — have over the past few days been hacked by an unusually aggressive Chinese cyber espionage unit that’s focused on stealing email from victim organizations, multiple sources tell KrebsOnSecurity. The espionage group is exploiting four newly-discovered flaws in Microsoft Exchange Server email software, and has seeded hundreds of thousands of victim organizations worldwide with tools that give the attackers total, remote control over affected systems.

Oh dear. This is not good.

In fact, Bloomberg estimates more than 60,000 businesses have been affected and the BBC reported one of them is the European Banking Authority.

It makes you realise the fragility of our world when a system can collapse overnight … or a country (Venezuela)  or a government (Myanmar). The world is not stable, but it is people that make the world unstable. Whether it be climate change, human rights or just day-to-day living, the world is unstable.

So, when it comes to online shopping and banking, is it any surprise that it is not stable?

In this context, I got a couple of really interesting reports during the last week. Frist, an interesting report from Comply Advantage: The State of Financial Crime 2021, which notes:

• Suspicious Activity Reports (SARs) filing was on the rise with 74% of respondents saying they filed more SARS in 2020 than the previous year
• While several countries are in the process of introducing critical updates to their AML regulations, only 19% of respondents felt that AML regulations needed to be strengthened
• 93% of respondents stated that real-time AML risk data would improve their compliance operations
• Improving fraud detection ranked highest with 69% of respondents indicating fraud as a significant driver of financial crime in 2020

Second, a bunch of cybersecurity stats via Web Hosting Professional:

• Coronavirus has been blamed for a 238% rise in cybersecurity attacks on banks in 2020 (ZDNet)
• 80% of businesses have seen an increase in cyberattacks following Coronavirus (RiskIQ)
• 27% of all cybersecurity attacks are targeting banks or healthcare industries
• Human error accounts for 22% of cybersecurity attacks (Duo)
• 41% of customers said they wouldn’t buy from a business who was the victim of a ransomware attack (Metro)
• 94% of cyberattacks start with an email (CSO Online)
• Organized crime gangs account for 55% of attacks
• 48% of malicious email attachments are Microsoft Office files (Symantec)
• 56% of IT decision-makers say phishing attacks are their biggest security threat (CSO Online)
• The financial services industry incurs the highest cost from cybercrime with an average of $18.3 million per company (Accenture)
• Security services are expected to account for 50% of cybersecurity budgets in 2020 (Gartner)
• The average cost of a data breach is $3.9 million (IBM)
• It’s estimated that damage relating to cybercrime will hit $6 trillion annually (Cybersecurity Ventures)

SIX TRILLION DOLLARS? That’s three times the American bailout package!!!

Shocker.

But then cybercrime, crime, criminals and criminology is here forever.