Cybercrime is on the rise, and as more of life and business relies on computer technology, the chances that your business will experience a cyberattack (if it hasn’t already) will only increase as time goes on. A recent report has suggested that as many as 50% of SME’s have already experienced a cyber-attack in the past 12 months. Despite this, many organisations underestimate the threat that cybercriminals pose to their organisations.
Although there has been a recent string of high-profile stories in the news, such as the hacking of the US elections and the “WannaCry” ransomware that affected over 100 countries, many people and organisations have only a surface-level understanding of the various forms that cybercrime can take. Combine this relative unfamiliarity with the fact that cybercrimes are significantly underreported, it is perhaps not altogether surprising that the first time a person truly appreciates the risk, it is already too late.
The digitisation of the world has proved itself to be a double-edged sword. While it has clearly benefited us to be able to store, share and access information so easily, it has also allowed unscrupulous individuals to reach out from the across the world and seize your information, with shocking ease.
If, in days past, you had ever been inclined to rob a bank; the planning, resources and luck involved in a successful heist, would have been vast. These days, a tiny number of people can cheaply devise a computer program or hacking strategy and in a matter of hours, rob the equivalent of 100 banks across multiple geographies without fear of being caught. With the expected global costs of cybercrime forecast to reach $2 trillion by 2019 the incentive and the ability to engage in cybercrime has never been higher.
Specific Threats for Private Equity
While the threat is not unique to any one industry, private equity houses are a particularly attractive target for cyber criminals. The large amounts of sensitive financial, legal and proprietary data as well as the routine transfer of large transfers of money, means that a breach, however brief, is a potential goldmine.
Aside from the short-term losses, the reputational damage is often more difficult to repair and can quickly erode the value that it has taken years of investment to build. In late 2015, a variety of New York firms were attacked by a trio of Chinese hackers. From the other side of the world, these individuals used Partner’s email addresses to obtain access to the firm’s computer network, and quickly gain access confidential information about upcoming mergers. This insider information allowed them to perform trades on the stock market that netted them over $4 million dollars (source: https://fortune.com/2017/06/22/cybersecurity-business-fights-back/).
Beyond the obvious cost of being a victim of corporate espionage, what this example also illustrates is that criminals do not simply exploit technological weaknesses, but psychological ones. Even companies with relatively sophisticated security technology such as law firms, banks and private equity firms, can still be breached if their employees are not as vigilant or sceptical as they need to be. In this instance, the firm’s partners were a victim of what’s known as “spear phishing” (or “whaling”). While most of us know enough not to send our bank details to anyone claiming to be from the Bank of Nigeria, we are much more vulnerable to requests appearing to be from trusted friends or colleagues. “Spear-phishing” is insidious and typically involves monitoring a person, collecting information on them and then picking the right moment, under a guise of familiarity of authority, to trick them into disclosing passwords, money or other sensitive information that can be ransomed, sold or otherwise monetized.
Given the potential rewards of cybercrime, every firm should expect an attack and for these attacks to come with increasing variety. As advised by a recent article in Real Deals, the only way to deal with the threat is close both the technological and psychological gaps in your companies, and that can only come from the top down. Business leaders need to instil a culture of vigilance, as well as investing in technology and recovery plans.
Unless businesses take the necessary precautions, adopting a holistic approach of technology and policy, they will be easy prey for the increasingly sophisticated cyber-criminal.