THE BLOG

The Battle Against Cybercrime Continues

25/11/2015 10:14 GMT | Updated 24/11/2016 10:12 GMT

Sophisticated cyber attacks continue to make the headlines. Following the recent arrests in relation to cyber-attacks spanning the last five years on key financial newswire organisations, including Business Wire, Marketwired and PR Newswire, US prosecutors have been able to break up an international trading ring of hackers reported to have made millions of dollars. The hackers broke into the computers of companies distributing corporate press releases, obtaining sensitive financial information before it was made public and using the information to make successful trades.

Such high-profile attacks make it clear that hackers are continually looking for new ways to conduct cybercrime, based on society's ever-growing dependence on the Internet. The vulnerability of confidential information only amplifies the threat.

Let's take this particular case. Vital and confidential information was stolen and used to buy and sell shares, giving them an unfair advantage over legitimate players in the stock market. In fact, it's believed that the team of hackers made a huge $100 million (£64 million) in illicit profits.

This is not the first time that news organisations have been targeted. In 2013, the Associated Press revealed that its Twitter account had been hacked. The attackers, the Syrian Electronic Army, used the hacked account to post bogus claims about explosions at the White House: this, in turn, affected the Dow stock market index. Our dependence on Internet connectivity has not only provided opportunities for cyber-dependent crimes, but has offered new ways to perpetrate 'traditional' offline crimes.

Unfortunately, these can now have a more widespread impact and don't necessarily leave a 'paper trail'.

The number and scope of attacks makes it clear that no organisation or individual is immune. The potential motives driving cyber-attacks include financial gain, the desire to make a social or political point, cyber-espionage or even cyber-terrorism.

Essentially, the bigger and more complex a company becomes, the harder it is to protect its infrastructure. No system can be 100 per cent secure. So if an attacker is able to identify a vulnerability that provides them with a foothold in a company (and time and time again in targeted attacks human fallibility provides this foothold), they can extend their control to other parts of a corporate network, regardless of its size.

There are things we can all do to avoid jeopardising our own security and that of the organisation we work for. These include encrypting private data, creating unique, complex passwords, securing devices and networks and using only trusted Wi-Fi networks for confidential transactions.

With the Internet now reaching into almost all aspects of society, it has undoubtedly enriched our lives. But there is a flip-side to this. Technology can also be exploited for criminal purposes - and it's clear that theft of sensitive data can be potentially very lucrative. So organisations must ensure that the data they hold is held securely. Notwithstanding the successful arrests in this and other cases, there are no signs of cybercrime declining, so prevention is most definitely better than cure.