“The cost of a cyberattack on businesses should be equal to revenue from its successful implementation”

09:00, 22.01.2021

The level of cybercrime has increased 20 times in Russia in recent years — it accounts for every seventh crime in the country. Meanwhile, it can deal no less severe blow to the economy, if not even greater, than coronacrisis, experts warn. The greatest danger is threatening businesses. According to analysts, last year 60% of medium and small businesses went bankrupt after major cyber attacks. How to resist cyber pandemia? Read more in the comments of the Realnoe Vremya experts.

“It's easy to open a door that isn't locked”

Despite the serious scale of cybercrime, Russia still does not give the threat due attention. The business sector is the most susceptible to this problem. Cyber attacks on entrepreneurs are resorted to for the sake of extortion, theft of technology, commercial information — this leads to downtime and a decrease in the quality of products and services. Therefore, it is important to take timely measures to protect the assets.

“The world is increasingly becoming digital, and every step of digitalisation, whether it's online payments, virtual meetings, or digital signatures, must be accompanied by a well-thought-out cybersecurity solution. But security problems are still often solved on a residual basis, and this is the reason for the growth of cybercrime. It's easy to open a door that isn't locked. Thus, the main measure of protection against cybercrime is the timely and high-quality organisation of the information security infrastructure," says Vladimir Dmitriev, the head of CyberART cyber security services at Innostage Group.

The interlocutor of the publication noted: experts in the field of cyber security have an opinion that absolutely protected systems do not exist and everything can be hacked. Therefore, the main task for businesses is to protect truly significant assets, while making the path to the goal as difficult as possible for potential attackers, so that the cost of a cyber attack on businesses is comparable to revenue from its successful implementation. To create such “complex paths”, Dmitriev advises businesses to turn to cybersecurity experts who can provide a range of services from behavioural analysis of incoming content to rapid response to penetration.

“Ordinary users, to protect themselves from cybercriminals, can be advised to use basic caution when working in cyberspace. Virtual world is similar to usual one: it also has “dangerous areas” and suspicious individuals. Perhaps, soon school textbooks will include a section on cybersecurity. In the meantime, the advice is the same: do not go on suspicious resources, do not report information about yourself to suspicious interlocutors," the expert reminded.

Megafon: prevention of 1.8m calls from fraudsters with number substitution

As reported to Realnoe Vremya in the press service of Megafon, the company regularly launches new services to protect customers from possible cyber threats in the created ecosystem of technical solutions in the field of security:

“MegaFon provides banks with active assistance in the fight against fraud. We have developed a solution that can protect clients of financial organisations from theft of funds in the event of fraud calls. The system detects suspicious calls received by bank clients and warns bank employees about it in real time. They, in turn, can additionally check or even suspend the operation until all the circumstances are clarified with the client. The service also gives the opportunity to inform the bank if its contact centre receives a call with the substitution of an existing customer's number.”

In 2020, the company prevented 1,8 million fraudulent calls with the substitution of a phone number for the numbers of various banks. The operator also supports the initiatives of the ministry of finance aimed at preventing telephone terrorism and takes an active part in this work as part of an interdepartmental working group.

Megafon has developed the “I Know Who's Calling” service to combat spam calls. During an incoming call, the caller sees the name of the company or a warning about an unwanted call if the organisation was seen in intrusive calls.

Cyberattacks among population

The number of cyber fraudsters has sharply increased in the context of the economic downturn and the decline in real incomes of the population. They create fake websites with payment cards and deceive consumers on social networks. People from any field of employment can become victims of criminals.

Vladimir Golovin, Russian cybersecurity expert, director general of the detective agency, said that viruses have recently been used less frequently by cybercriminals, since writing and optimising malware is a rather time-consuming process. That is, serious hacker teams do not appear often. Besides, major hacks remain in the shadows. The most popular types of fraud are scam schemes and phishing.

The speaker revealed the mechanism of working scam schemes on one of the examples: “A person meets you online. He offers to meet you. He invites you to the movies. He sends a link to buy tickets. You buy tickets by entering your card details. And the money goes to scammers. To issue a refund, you are again asked to enter your card details, and the money is withdrawn again.”

Andrey Masalovich, the president of Inforus consortium, confirmed that cryptographers have entered the corporate market. He noted what all users really need to beware of: “For an ordinary person, the number one threat is when a person calls you under the guise of a bank specialist, and for some reason you answer him. In this case, you need to immediately call back to the bank or other institution from which they allegedly call or say that you will go to the office yourself and figure it out. The second threat is emails with viruses, the third is websites with viruses, and the fourth is apps with viruses.”

Another common type of fraud is phishing. It is used to obtain data for authorisation in various payment services in order to withdraw customers' money. To do this, criminals create fake websites, hack personal accounts.

According to statistics, every day in 2020, more than 3 billion phishing emails were sent worldwide and 1,5 million phishing sites were created.

Data leaks also occur in global social networks. For example, there were thefts of information data in Twitter, VKontakte, Facebook, Instagram and other messengers. “Instagram accounts are hacked. Attackers demand for the restoration of access from 5,000 rubles. In my memory, there has been even a hacking of a page, for access to which they asked for 100,000 dollars," Golovin confirmed.

Cybercrime in business

According to Allianz Risk Barometer, in 2020, cyber threats were recognised as the #1 risk among corporate threats. According to the results of estimates by Hiscox and the National Cybersecurity Alliance, an average of $200 thousand per cyber incident costs enterprises, and 60% of medium and small businesses went bankrupt after a major cyber attack.

Ruslan Yusufov, managing partner of MINDSMITH, explained the challenges faced by corporations in 2020: “With the beginning of the COVID-19 pandemic, the number of access points located outside the company's secure loop has increased dramatically. The transfer of employees' work from the office to their homes forced them to make huge purchases of equipment and software, organise access to corporate resources, scale existing solutions and rebuild control over employee actions. Also, the source of threats is the performance and security of applications and IT solutions, many of which were created and completed already in a time of crisis and in a short time. And remote work with its technical difficulties, “inconvenient” user behaviour, increased monitoring systems and increased requirements for rapid response to incidents has become a very important factor affecting the development of processes in the field of information security.”

How to protect yourself from cybercrime?

To check whether everything is in order with your data, Vladimir Golovin advised private users to use the Have I been pwned service. On this site, you can check your email and find out if your passwords have been leaked.

Andrey Masalovich believes: “To ensure cybersecurity, permanent educational programme from authorised organisations is needed. And on the part of citizens — to be vigilant, because everything that is happening around you now can be a manifestation of fraud. You shouldn't keep all your money on just one card.”

All experts emphasise that any person in the 21st century needs to learn and follow the basic rules of digital hygiene. Do not register on dubious sites, as well as change passwords more often, invent complex options, and it is better to use online identification.

By Tatyana Novikova