Digital risks and cybercrime – developments and trends in 2021

Everyone is talking about digital progress – it is creating unimagined opportunities and accelerating global innovation. But digitization is also taking its toll: cybercrime is on the rise. Find out here which digital risks could affect your reputation management.

• Around 90% of all crimes on the Internet are not reported – and therefore not prosecuted

• 3 out of 4 companies have been affected by data theft, industrial espionage or digital sabotage in the past two years

• Approximately 250 billion euros is the annual damage caused by cybercrime in the EU

• 74% of companies surveyed say cyberattacks have increased a lot or tended to increase in the last two years

Risky consequences of increasing digitization

In recent years, global digitization has developed rapidly. Since the start of the global pandemic, digital solutions in business, education and society are no longer just “nice to have”, but “essential for survival”.

But what the world of work praises as progress also poses a risk for society. The World Economic Forum is currently warning of a social divide: “When it comes to access to technology and digital skills, there is a danger that the gap between the ‘advantaged’ and the ‘disadvantaged’ will widen”. But it is not just access to digitization that is currently making it difficult for people and companies. Particularly noteworthy at the present time are the increasing activities in social networks. Social media have been used for spreading conspiracy theories and disinformation for quite some time. However, in this decade, the use of social media to shape public opinion has once again increased rapidly. In all likelihood, this will continue to increase.

This development is additionally benefiting from the shift of social life to the Internet. Due to the prevailing contact restrictions, many people are forced to pursue their social exchanges from home. So they try to compensate for their social isolation with increased activity in social networks. What’s dangerous about this is that users disclose more personal information about themselves. This is because they simply don’t have the compensation they need in everyday contact. This shift in social life opens up all kinds of doors for digital attackers is evident from the increase in cybercrime.

Rising cybercrime in the digital environment

Many companies, in the distress of the Covid 19 crisis, have implemented tools to facilitate remote working and learning. Video conferencing, data transfer and collaborative apps are all meant to cushion what has fallen away in the past year. The rapid implementation of all these technologies has often left cyber and data security not deeply enough secured. Digital skills in professional and private contexts also had to expand so quickly that digital risk awareness in particular was often overlooked. The risky thing about this is, that cybercriminals know about the vulnerabilities that have arisen and are actively trying to exploit them.

This is also shown by current figures: A sharp increase in cybercrime was already recorded in the second half of 2020. Digital attackers have adapted quickly and flexibly to societal circumstances by switching to issues such as health, the economic situation, and employment. Specifically, criminal activity is reflected in fake websites, phishing emails, malware, and data theft. Furthermore, the ongoing rollout of 5G and the Internet of Things (IoT) opens more gateways. The establishment of 5G offers the possibility of networking more and more devices, which in turn leads to new security risks. However, it is not the technology itself that is responsible for this, but the increasing number of networked devices that are collecting more and more information.

Digital risks from smart home malware

Would you have imagined 20 years ago that your washing machine or your lamp would become a digital risk for your personal information? Probably not. Even today, the thought of being attacked via a household appliance seems relatively far-fetched. But these smart everyday helpers certainly represent a high security vulnerability. Embedded devices in the private environment simplify the household and living together, but at the same time offer a very large basis for attack. Some of their security devices are only rudimentarily developed.

For the transmission and exchange of data, smart home devices access the home router, which acts as a hub between all sent and received data. If attackers succeed in hacking into the home network via a networked device, all of the user’s private data is freely available. However, data theft is not the only risk. Particularly dangerous is the infiltration of malware that is transmitted via encrypted paths. To date, these processes are not known to the built-in virus scanners, which is why there are virtually no obstacles for attackers. Cybercriminals are therefore increasingly exploiting the vulnerabilities of IoT devices for the home to steal data and spread malware.

Novel phishing attacks as a technical threat

The lack of perspective that many people currently experience due to ongoing social isolation encourages many to share all the more personal information online. At the same time, cybercriminals are taking advantage of the public’s fears to send malicious emails. Content-related topics such as Covid 19 vaccines or financial concerns related to the lockdown are popular. The number of cutting-edge phishing attacks continues to rise, a recent study from Proofpoint makes clear: In 2020, three-quarters of companies worldwide were affected by phishing attacks.

Novel methods lead to thread hijacking and whaling attacks in particular. In email thread hijacking, emails or mailbox credentials are first stolen so that the attackers can access and reply to emails. This makes it possible to steal and misuse digital conversations by stealing data from the affected account and spreading malware. Whaling attacks particularly target high-ranking employees or other decision makers of a company and is also known as CEO fraud. The target is tricked into performing certain actions via emails or websites. Once the attackers have gained access to the corresponding computer system, data theft and/ or blackmail often follow.

It quickly becomes clear that these attack methods represent a significant reputational risk. For example, if e-mails or other information carriers are stolen and used for reputation-damaging campaigns against a company or individuals, this can lead to a complete loss of reputation in the worst case. But it is possible to prepare for this: With the help of an early risk analysis and preventive measures based on it, digital risks from phishing attacks are significantly reduced.

Ransomware on the rise

The threat of ransomware to businesses has been steadily increasing for some time. However, while this is happening, the associated data theft has been increasing at an alarming rate for the past two years. For example, successful ransomware attacks against the education sector recorded a staggering 388% growth in the third quarter of 2020. Over half of all ransomware cases are now aimed at stealing data. Once details such as usernames, passwords, financial information, and other sensitive information are stolen, victims are blackmailed with the threat of disclosure. This approach can become extremely costly: Ransom demands can reach millions of euros, depending on the size of the company.

An important trend that is fundamental to understanding ransomware attacks this year is the popular “big game hunting” of attackers. The strategy is getting more sophisticated and the targeted victims are getting bigger. It is no longer just a matter of injecting phishing emails into a single system. Cybercriminals are using new tactics to penetrate deep into an entire system to spread their ransomware across as much of the network as possible and steal all corporate data.

This approach also represents a serious digital risk for the company’s reputation. To counteract this, it is worth promoting awareness among employees and building up helpful skills. This can be achieved through training, for example. It is important that all company members are aware of the risk of ransomware. In addition, common techniques should be known in order to be able to react correctly in an emergency.

Advancing Deepfake Technology

Deepfakes have been playing a role in cybercrime for several years. AI technology is used to generate images or videos of people, whereby the gestures, facial expressions and voice of a real person can be manipulated. This creates content that looks deceptively real. It is therefore becoming increasingly difficult for viewers to distinguish whether an action or statement by the person concerned is genuine or has been falsified.

By 2021, this technology is expected to reach a quality where it can be actively used for disinformation. The risks are manifold: from damage to the reputation and blackmail of private individuals and companies to the manipulation of political debates and the creation of fake news that threatens society and the economy.

Deepfake technology mostly threatens the reputation of private individuals such as politicians, artists, or corporate executives. But entire organizations are also damaged by manipulated image and video content. Continuous monitoring is an effective countermeasure. By regularly monitoring all mentions of a person or a company on the Internet, suspicious content can be quickly identified and tracked. This means that in the event of a deepfake being published, a rapid response can be made and the damage to the company’s reputation can be limited.

Growing databases of AI-based threats

AI technologies and machine learning have seen great progress in recent years. So far, however, there is little evidence that cybercriminals are already using these methods to carry out digital attacks. Very large datasets and knowledge bases are required for AI-powered campaigns or attacks to be effective. Experts believe that these databases will be developed in the next few years. The use of machine learning is steadily increasing and the capabilities of the technology are becoming more sophisticated. Once AI can be used for offensive purposes, cybercriminals are highly likely to take advantage of the benefits that have emerged.

Hypothetical considerations are currently looking at how AI could be used for malicious purposes. For example, artificial intelligence could be used to scan social media platforms to find suitable targets for phishing campaigns. In the next step, cybercriminals could also use the technology to create personalized spam emails for the respective target victim. Today, however, it is still relatively unlikely that AI-based attacks will emerge more frequently in the coming years. However, the development has long been underway.

Increasing disinformation as a digital risk

The targeted use of fake news to manipulate public opinion is becoming increasingly popular worldwide. Especially in the political context, disinformation campaigns are used as computer-assisted propaganda. Authoritarian systems in particular use bots, trolls and other cyber troops in a professional manner to spread their views and discredit oppositional opinions. But the spread of misinformation is also becoming increasingly common in the business world. The field of application ranges from simple fake reviews and the dissemination of individual pieces of disinformation to large-scale dark PR campaigns. In the meantime, these disinformation-as-a-service (DaaS) services can even be purchased from shady agencies or private individuals with just a few clicks on the darknet.

A new trend that can be observed is the so-called readfakes. These are artificially generated texts that can now be generated in a very credible and appealing way. Now that high-quality content has become the driver par excellence on digital platforms, artificially generated texts are increasingly being used for websites and social media content. Likewise, they are being used to disseminate disinformation and for opinion-mongering purposes. Social media use in the past year has increased sharply, and young people in particular are using social platforms for information purposes. This increases the digital risk of the global spread of disinformation from artificially generated text content. This can also pose an enormous risk to companies. False information can destroy reputations, influence sales and cause share prices to collapse.

Data security threat from quantum computers

Computers based on quantum technology are currently a great source of hope for industry and science. In contrast to classical computers, so-called quantum computers are much faster, more efficient and more powerful. This becomes feasible because they are based on the principles of quantum physics. With the use of quantum computers, it will be possible to perform complex calculations and crack all code technologies. These operations exceed the previous performance of classical computers. The development of quantum computers is still in its infancy. So, there will still be a long way to go before such devices are put into operation.

Even though the future use of quantum computers will offer unimagined opportunities, the technology also poses a potential digital risk. According to a recent study by DigiCert, Inc., 71% of global companies believe that the practical use of quantum computers will lead to significant security risks. The main problem will be that many encryption algorithms, for example to protect personal data, can be decrypted using quantum computers in the future. This means that much higher costs will be incurred in the future to develop protection mechanisms. And even then, it is not certain how well conventional binary technology can be used to protect against the new types of high-performance computers.

Lack of digital business ethics

In the age of AI and Big Data, digital responsibility is high on the agenda of many companies. Despite this, most companies still lack concepts and strategies to enable a responsible approach to digital progress.

Companies see the greatest challenges in the development of ethics concepts mainly in a lack of staff competencies and a lack of awareness of the importance of the topic within the organization. Although the management levels of companies now recognize the relevance of digital ethics, many companies are acting rather hesitantly. According to a study by PwC (2019), the majority of organizations do implement policies on data protection and the handling of personal data. However, they do not have formulated standards on digital ethics issues that can serve as a guide for corporate decisions.

Corporate Digital Responsibility (CDR)

On the consumer side, the situation is similarly ambivalent. For years, consumers around the world have been calling emphatically for their data to be protected. But the digital behavior of many people speaks a different language. Particularly on social networks, consumers share a great deal of personal data every day with their usage behavior. From consumer preferences and health data to ideological opinions. Some people like to shift responsibility for the data to the organization behind the website in question. This suggests that the topic of digital ethics urgently needs to move to the center of digital responsibility. Both on the part of business and on the part of users. The data relationship between consumers and companies must improve significantly and fundamentally.

So what needs to be done in concrete terms? All organizations must anchor corporate digital responsibility in their corporate strategy, because transparent data use must no longer be optional. In the same way, users must be sensitized and incentives must be created to promote digital media competence. Digital ethics affects everyone – both in a business context and in a social understanding, and it is high time to actively commit to it.

Do you want to protect yourself from emerging digital risks? Boost your crisis readiness to emerging cyber threat with our Crisis Readiness Program!

Better safe than sorry!