When it comes to kidnappings and ransoms, many likely first associate it with a Hollywood action movie where a handsome and charismatic hero defeats villains with strength and intellect, thus saving the world, his family, and the damsel in distress… However, kidnappings, in this case of money and/or data, have become a real threat, part of the everyday life of modern companies and systems. For example, a medium-sized company in Zagreb faced an attack from a cunning hacker who demanded as much as 120,000 euros in ransom in exchange for stolen valuable data. The ICT company Setcor, which was engaged in this case to take on a ‘detective’ role, found that the attacker had been present in the system for more than six months before launching the actual attack. During that time, not only did he lurk for the ideal moment to strike, but he also gathered data, and then based on the available information determined the ‘best’ ransom price that he estimated the attacked party would accept and pay. Setcor’s security team managed to halve the price in negotiations, and although in this case the data was returned, payment is not always a guarantee that the attacker will honor their part of the agreement. – Thus, the cost for the attacked party is not over as they also had to pay a hefty fine to the AZOP and ultimately implement solutions that protect against such attacks. As you can see from this case, by far the most expensive option is not to care about the security of your systems – said Setcor’s sales director Krešimir Jurić, adding that there are thousands of such examples, and they were particularly impressed by the time the attacker spent in the system, completely unnoticed. Stronger than drug trafficking Indeed, attackers, or hackers, have become increasingly sophisticated, aided by AI technology that enhances their attack skills. According to estimates from Cybersecurity Ventures, the global cost of cybercrime will grow at an annual rate of 15 percent over the next five years. For comparison, in 2015, this type of crime cost companies three trillion dollars, and by next year, that amount will increase to 10.5 trillion. The extent of the damage is evidenced by the fact that this cost exceeds the damage caused by natural disasters and is more profitable than global drug trafficking. Moreover, there are no institutions or companies that are safer than others – due to digitalization, everyone is vulnerable, and besides direct financial damage, which can include, for example, the cost of resolving incidents, loss of productivity, legal costs, compliance costs, training, and prevention, there is also direct, immeasurable reputational damage and potential loss of intellectual property, which has long-term negative consequences for a company’s competitiveness. In this sense, the threat is not only from attackers, cybercriminals, but also from company owners who are unaware of the dangers. As Jurić says, in the sales process, they often hear the phrase: ‘Who would attack us, we are not interesting to anyone.’ 2371535 – This is completely wrong, as there are already quite a number of concrete cases, if we disregard the communication of the profession, that refute such thinking – Jurić warned. Expensive prejudices In the domestic market, the danger is perceived differently in larger and smaller companies. In large companies, there is care for risks, and accordingly, they invest in IT, viewing it not as a cost but as an investment in the development and protection of the business. – In smaller companies, unfortunately, the awareness that investing in IT is not a necessity still prevails, outdated traditional business models are applied, and in the security segment, the false belief prevails – when the equipment is ‘under his feet’, it is the safest, and the stance that they are small, thus uninteresting. Setcor, with its constant presence in the market, is making efforts to educate and understand and advises on how to prevent undesirable consequences. Very often, with smaller users, we initially fail to gain trust, but we are also often called when it is time to ‘put out the fire’ – emphasized Jurić, who does see progress, as digital transformation brings a certain degree of compulsion. Also, in domestic companies, price is often the main and only factor for making any decisions, not only in IT but also in other sectors. Thus, for example, in Setcor, it is not a challenge to gain the understanding of the profession, but those who control the budget. – Often, the need is defined with the profession, an adequate solution is proposed and offered, but the person who needs to put a ‘signature’ does not accept the arguments of the profession, completely rejects the proposal or turns to alternative solutions that do not meet the need, thus consciously or unconsciously significantly increasing the risk factor in the name of savings. Then an undesirable situation occurs that could have been prevented by implementing the solution, which always leads to an unexpected and serious financial blow. And that is the most expensive option – Jurić pointed out. Human error: Attacks occur through the weakest link According to data from the University of North Georgia, as many as 95 percent of cyber attacks are realized due to banal human error. Hackers manage to infiltrate the system through the weakest link in the company, and that is almost never employees in IT departments. This data was confirmed by the sales director at Setcor, Krešimir Jurić, who highlighted phishing campaigns they conduct for their users as the best example. – The percentage of employees who thoughtlessly open such an email is devastating. I believe we have not had a case where that percentage was less than 50 percent. We constantly tell users that protection systems greatly help and reduce risk, but for the whole story to be rounded, it is extremely important to conduct internal employee training, i.e., to conduct it continuously. It is necessary to establish the awareness that caring for security is not a one-time action but a continuous process, and for that, internal resources are usually not enough; external experts need to be engaged for that process – emphasized Jurić. Content created in collaboration with the ICT company Setcor
Explosion of Cybercrime: Companies Are Not Threatened by Hackers, but by Unaware Owners
