What is cyber crime?
The term ‘cyber crime’ refers to criminal activity that involves ICT (information and communications technology).
Internet crimes range from automated cyber attacks carried out by unskilled opportunists to cyber warfare campaigns directed by state-sponsored APT (advanced persistent threat) groups.
Public awareness of cyber crime is increasing, but many organisations remain unsure about:
- The nature and volume of the cyber threats they face;
- How to protect themselves from those threats; and
- The financial and reputational damage a successful attack could cause.
Find out about cyber security solutions to help you reduce your risk
On this page, we examine the current state of cyber crime, and explain why your organisation is at risk and what criminals hope to gain by attacking it.
The scale of cyber crime
Cyber crime is pervasive, and many organisations are struggling to adapt to the modern threat landscape.
Types of cyber criminals
Cyber attacks are carried out by both individuals and organised groups. Threat actors include:
- State-sponsored groups – those that carry out cyber warfare campaigns targeting critical national infrastructure.
- Hacktivists – politically motivated attackers who target organisations to promote their ideology. Their activities often relate to human rights, free speech or freedom of information issues.
- Insiders – those with privileged access to target systems, including negligent and malicious insiders, as well as external actors who gain access via user credentials.
- Script kiddies – unskilled attackers who use off-the-shelf scripts and exploit kits.
What do cyber criminals hope to gain?
Cyber criminals usually aim to gain financially, extract data or cause disruption by (among other things):
- Obtaining personal data to commit ID theft and financial fraud (cyber theft);
- Obtaining banking credentials to steal money, or intellectual property to sell to competitors;
- Installing ransomware to impair your operations and extort money from your organisation (cyber extortion); or
- Installing malware to gain access to your systems in order to steal confidential or sensitive data.
Why every organisation is at risk of a cyber attack
High-profile incidents, usually experienced by larger organisations, receive considerable press coverage.
However, all organisations – including small and medium-sized enterprises – are at risk of computer crime.
No organisation is too small to be attacked. Often, cyber scams are automated and indiscriminate, as they tend to target specific vulnerabilities rather than specific websites or companies.
The volume of such scams also tends to be high, as automated cyber attacks require practically no skill to execute, and are cheap and easy to run.
Learn more about the cyber threats you face
Cyber crime and GDPR and DPA 2018 compliance
Under the GDPR (General Data Protection Regulation) and DPA (Data Protection Act) 2018, organisations that process personal data must implement appropriate technical and organisational measures to protect that data and the individuals it belongs to.
If you suffer a cyber attack that results in a personal data breach, you could be fined by the ICO (Information Commissioner’s Office) if you are found not to have implemented appropriate security measures.
A breach could cost your organisation up to 4% of its annual global turnover or €20 million (about £18 million) in regulatory fines – whichever is greater. That’s on top of remediation costs, reputational damage and lost business due to service unavailability.
Find out about our data privacy solutions
Fighting cyber crime
According to a National Audit Office report, 80% of cyber attacks can be prevented with basic cyber hygiene
The UK government’s Cyber Essentials scheme sets out five security controls that provide organisations with that basic cyber hygiene. Its assurance scheme gives organisations the opportunity to demonstrate that they have implemented these measures via independent certification.
Learn more about Cyber Essentials
Staff awareness training
People are widely acknowledged to be the weakest part of any security system. Even if you implement the best technological measures and put processes in place to ensure they are properly deployed and kept up to date, their effectiveness can be compromised by poorly trained users, putting your organisation at risk.
Learn more about staff awareness training
Assess your systems and networks for any potential weaknesses caused by poor or improper system configuration, known and unknown hardware or software flaws, and operational weaknesses in process or technical countermeasures.
Find out more about penetration testing
Start your journey to being cyber secure today
IT Governance has a wealth of experience in the cyber security and risk management field. We have been carrying out cyber security projects for more than 15 years and have worked with hundreds of private and public organisations in all industries. All our consultants are qualified and experienced practitioners.
Our services can be tailored for organisations of all sizes in any industry and location. Browse our wide range of products below to kick-start your cyber security project.