Cybercriminals may not have a preference regarding whom their targets are, as long as someone takes the bait. Usually the mainstream media only reports these threats when there are massive data breaches involving prominent companies, but these attacks target everyone, including general computer users.

So how do investigations work? In order to bring an investigation to a successful conclusion, it takes a lot of hard work, research and cyber forensic analysis, which includes identifying, preserving, retrieving, analyzing and presenting data as a form of evidence. For this evidence to be admissible in formal proceedings, it must meet the highest evidential standards. In addition to all of this research, there are special technical skills that are needed when obtaining and analyzing the evidence, such as the ability to decrypt encrypted files, recover deleted files, crack passwords and more. For these more technically complicated tasks, specialized cybercrime units need to be assembled.

 

The landscape for cybercrime is forever changing due to evolving targets, impact and techniques, and as a consequence, so does the average cost of a cybercrime. The Ponemon Institute 2019 'Cost of Cybercrime Study'[1] found that cybercrime is increasing, taking more time to resolve and is more expensive for organizations. However, they also found that by improving cybersecurity protection, cybercrime costs can be reduced, and new revenue opportunities realized.

While the figures[2] for the Middle East are readily available, the total global cost of cybercrime for each company increased from USD 11.7 million in 2017 to a new high of USD 13.0 million in 2019, an increase of 72% over the last five years. The figures are eye watering, representing huge attacks that have been faced by certain companies.  Comparing the first and second quarters of 2020, the average ransom paid by a victim - when they paid - increased by 60%, rising from USD 111,605 to USD 178,254 (as reported by ransomware incident response firm Coveware[3], in a report that charts trends among its clients).

As a result of Covid-19, UAE businesses expect to see a significant change with regard to the following types of cybercrime over the next 12 months[4]:

  • Phishing scams - 61%
  • Email spamming - 54%
  • Online scams - 49%
  • Security breaches (hacking) - 44%
  • Ransomware - 42%

To cope with the growing incidence of fraudulent activity brought upon by Covid-19, the UAE Banks Federation, the Central Bank of the UAE, Abu Dhabi Police, and Dubai Police have also launched the UAE's first national fraud awareness campaign to educate and protect consumers from financial cybercrime and fraud, particularly in light of the increased use of digital banking services during the pandemic. This action is supported by the fact that a total of 98% UAE respondents to the KPMG cybercrime survey[5] expect to see change with regard to the overall level of cybercrime over the next 12 months.

The pandemic has reminded us that cybercriminals are constantly fine tuning their skills and techniques. If we do not do the same, then we will be playing catch-up.

From email-based cybercrime, such as Business Email Compromise (BEC), to phishing,  and incapacitating ransomware attacks, cybercriminals are alert to the fact that employees can easily be deceived. Using social engineering techniques, cybercriminals can steal credentials, exfiltrate sensitive data, and conduct unauthorized transfer of monies.

To combat this, businesses must consider if they are a target of choice or opportunity, how often are they being targeted, the risks that cybercrime poses, and how prepared they are for it, bearing in mind that staff education and security awareness is often the difference between an attempted cybercrime and a successful one.

When it comes to cybercrime investments over the next twelve months, nearly one hundred percent of respondents to the KPMG survey expect to see change with regard to the overall level of cybercrime, but only 78% of respondents have made a slight or a significant change to their cybercrime prevention measures. This is a clear indicator that most organizations are aware of the need to improve in order to reduce business risk exposure, financial loss and reputational damage.

The moral of this three part story remains: ‘Be prepared’.

Connect with us

 

Want to do business with KPMG?

 

loading image Request for proposal