The growing cybersecurity risks in digital banking

Digital banking has seen meteoric growth since its introduction in 2007, growing year on year to reach its current peak – where 80% of bank account holders access their accounts at least partially online.

Indeed, it’s predicted that living with the COVID-19 pandemic will have further accelerated online banking adoption for many consumers.

The reasons for its widespread adoption are clear – digital banking has always offered convenience when it comes to checking balances, making transfers and managing accounts whilst on the go.

However, a large proportion of consumers have previously been reluctant to use digital banking, for reasons such as lacking the appropriate technology, skills, or simply preferring to stick with what they know and trust.

The pandemic not only increased the urgency to use digital banking on the consumer end, but also forced banks to look closely at their investment levels in those digital solutions in order to provide consumers with amazing experiences.

Where there are financial transactions, however, there are criminals looking to profit, and that’s certainly true when it comes to digital banking.

What are the cybersecurity risks in digital banking?

Although there are so many benefits to digital banking, for both the bank and the consumer, there is one major negative: the increased cybersecurity risks. The finance industry is a top target for cyberattacks due to the information they process, not to mention financial systems that can be illegitimately accessed to steal money.

As account holders are using mobile devices, websites, apps and public internet connections to access their online bank account, these entrypoints provide weaknesses for hackers to exploit.

Which? recently analysed 15 banks and building societies’ online banking and mobile app banking platforms, and found “worrying security flaws”. These included insufficient password policies and the lack of two-factor authentication for critical actions. Some of the banks also lacked adequate software that was able to block dangerous emails.

The financial sector has been investing heavily in cybersecurity, with developments for enhanced cybersecurity tools being introduced on a regular basis to protect systems from hackers.

As well as making changes to improve their online security processes and tools, another important aspect of protecting the digital banking sector from cyberattacks is to implement a stronger cybersecurity training programme.

Many companies in the financial sector roll out “off-the-shelf” compliance training courses. Unfortunately, these courses fail to deliver the key outcomes that are required to develop a culture of cyber awareness among employees

Traditional compliance training is typically dull and disengaging, with employees not developing the required behaviours that will help protect the bank from attacks such as phishing emails in the future.

Bob’s Business provides a unique approach to online training by providing engaging courses and interactive phishing simulations. Our training helps to change employee behaviour, rather than simply providing generic information and tick-box questions. Our courses can also be tailored to suit the specific organisation, in order to target any weaknesses that the organisation has.

Find out more about Bob’s Business cybersecurity awareness training and boost your digital banking cybersecurity today.

Cyber risks: what are the impacts on the insurance industry?

To fail to plan is to plan to fail, and so every organisation is in a constant state of planning for both the best and worst-case scenarios.

Increasingly, cyberattacks are a significant risk to businesses across all industries but particularly the finance sector, including insurance providers. The COVID-19 pandemic has accelerated digital transformation projects for many companies, who have relied more on digital solutions during this time than ever before.

However, the insurance sector has seen heightened threat levels. So why is this the case, and what is the impact on the industry? Join us as we break down the facts and figures.

Why finance and insurance are high risk for cyber attacks

Finance companies are at a higher risk of being targeted with cyberattacks owing to the large amount of personal data, including financial data, that they process. Insurance companies will gather substantial information from policyholders to calculate the risks and premium prices.

In addition to collecting name, address, date of birth and bank details, insurance companies hold data such as car registration and value, property, and possession details.

This data is collected so that the insurance underwriters can assess the level of risk and set the premiums at the right price, to try to ensure that the company makes a profit. Where there’s sensitive data, however, there are criminals looking to steal it.

With most insurance companies now offering online services, some companies are even operating completely online, the opportunities for hackers have significantly increased from when the majority of transactions happened in a branch or over the telephone.

The same connectivity that allows employees to access company systems from home, or from different locations around the world, has increased the potential for a data breach.

Ransomware attacks have become a growing concern for insurance companies. Last year, an incident in the US forced CNA Financial Corp. to pay $40 million to regain control of its network. Hackers locked the company out of its system for two weeks, causing massive disruption before finally deciding to pay the ransom money.

Another high profile cyber-attack took place in 2015 targeting Anthem Insurance Companies, which exposed the records of almost 80 million customers. Not only did the organisation have to pay $260 million for security improvements and remediations, they also had to pay out $115 million in lawsuits from customers.

What can insurance companies do to protect their business and policyholders?

When a cyberattack targets an insurance company, there are a number of negative consequences. Policyholders can become identity theft victims. In the case of ransomware disruption, the insurance services that policyholders have paid for are not available when they need them – as the company cannot access the necessary policy data to resolve claims.

When the systems are unavailable, the cost to the business is profound. They may end up paying a ransomware release amount in the millions, just to gain control of their systems again. Add this to the compensation that will have to be paid to customers, and you can see how the cost quickly mounts up.

In addition to these costs, data breaches are a significant threat to the reputation of your business. An astonishing 70% of people would stop doing business with a company that experienced a data breach.

As a result, it’s crucial that businesses in the insurance sector and beyond must invest in their cybersecurity strategy to keep their systems as well protected as possible.

The key to a successful cybersecurity strategy is the understanding that the risk of cyberattacks must be owned across the business. For cybersecurity experts cyberattacks are not considered to be an issue simply for IT, but the responsibility of every employee. Developing a culture of cyber awareness within our employees is by far the best protection for any organisation and should be developed through regular, engaging training.

At Bob’s Business, we build innovative, engaging cybersecurity awareness training solutions with industry high engagement rates. Make sure your employees are getting tailored cybersecurity training fit for your insurance organisation, book your free consultation with a Bob’s Business expert to find out more about our highly effective training solutions.

How Bob’s Culture changes cybersecurity behaviours

Changing behaviours isn’t easy – just ask anyone with a kid – but when it comes to cybersecurity, it’s often essential. Research suggests that 90% of breaches start with human error, and so no matter how sophisticated your hardware and software cybersecurity solutions are, they can’t account for a member of your team making a simple mistake.

That’s why our training solutions are designed to reduce those behaviours that put organisations at risk.

To measure exactly how behaviours and knowledge levels are changing within businesses, we utilise our bespoke Human Vulnerability Assessment. It shows you exactly how your organisation is progressing in reducing human error in a simple, easy to understand format.

Now, with a full year of data from organisations of all sizes, we’ve anonymised and collated our data to show the effects that just one year with Bob’s Culture has on businesses just like yours. Here’s what we have found:

Behaviour

  • 7.8% of users admitted to sharing passwords, down from 12.7% in the opening baseline – a 39% decrease
  • 62.3% of users claimed to follow their organisation’s cybersecurity procedures, up from 43.1% – a 45% increase
  • 14.4% of users admit to storing company data on personal devices, down from 20.0% – a 28% increase
  • 15.8% of users admitted to downloading material without verifying its authenticity, down from 25.5% – a 38% decrease
  • Users reporting having sent emails to the wrong recipient was reduced from 34.1% to 25.1% – a 26% decrease
  • Users admitting to clicking on links in emails from unknown sources were reduced from 13.8% to 10.9% – a 21% decrease
  • 58.2% of users admit to reusing passwords, down from 66.7% – a 13% decrease

Confidence

  • 6.6% of users felt unconfident in their ability to recognise phishing emails down from the initial 13.2% – a 50% decrease
  • 5.1% of users were not confident in their ability to browse the web safely, down from 10.3% – a 50% decrease
  • 6.9% of users lacked confidence in their ability to manage passwords, down from 11.0% – a 38% decrease
  • 5.9% of users were not confident in handling sensitive information online, down from 11.3% – a 48% decrease

Attitudes

  • 16.8% of users believed they did not have to worry about cyber security risks on work networks, down from 18.1% – a 7% decrease
  • 40.3% of users believed it’s the IT team’s responsibility to protect their organisation from cyberattacks down from 46.3% – a 13% decrease

Phishing

  • Baseline phishing email open rates were reduced from 14.8% to 10.4% – a 29% decrease

Results after one year with Bob’s Culture and based on a randomised selection of 4053 respondents across 39 organisations.

Ready to start your journey with Bob’s Business? Book a chat with a member of our team and learn how we can help reduce your risk in an engaging, effective and affordable way.

What are the top cybersecurity myths in the workplace?

Cybersecurity has become a top priority for businesses in all sectors,. As you can imagine, raising awareness about cybersecurity and the different types of threats is crucial to protecting your data and systems.

As part of the education process, separating the facts from the fiction can help employees to form a better understanding of not just their responsibilities, but the actions they should take when faced with a potential cyber threat.

As cyber education specialists, we work with companies every day to make the most of their training and we encounter no shortage of cybersecurity myths. Join us as we share some of the biggest myths about cybersecurity in the workplace we encounter:

“Only dodgy websites can give you viruses”

While visiting unsecured and “dodgy” websites will certainly increase the chances of being infected by a virus, legitimate sites can also be a risk.

Hackers can compromise genuine sites and infect them with malicious code that can infect the devices of website visitors. The key to risk reduction, in this case, is ensuring that employees know the telltale signs of a compromised website or emotionally manipulative web copy.

“Our business has already been attacked, it won’t happen again”

This is one of the biggest myths of all and, unfortunately, businesses who take this approach to their cybersecurity are likely to be targeted again and again until adequate cybersecurity solutions are implemented.

Therefore, once one attack has occurred, employees should receive immediate communications and training to not only help them recognise what the different types of attacks look like, but to also understand what to do if there is a repeat attack.

“Cybercriminals only target large businesses”

Another big (and costly!) myth is that small and medium-sized businesses aren’t a target for cybercriminals. After all, why go after a smaller company when the likes of Apple, Amazon and Facebook are out there with billions of pounds on the line?

The truth is that SMEs are often more at risk of an attack; this isn’t simply because they have lower budgets to spend on cybersecurity, there is often a lack of focus on the issue at board level too.

In comparison, larger businesses and organisations will usually have heavily invested in their cyber resilience, making the process of breaching their defenses significantly harder.

“Investing in cybersecurity technology keeps us completely protected”

Unfortunately, even if you have anti-virus and anti-malware software installed, your business is still highly vulnerable to cyberattacks. Analysis of the Government’s own data on cybersecurity breaches indicates that 90% of recorded breaches had their roots in human error, highlighting just how important the human element actually is.

“Cybersecurity is the responsibility of the IT department”

Another misconception we see among many staff members is that cybersecurity is solely the responsibility of the IT department. While the IT department are responsible for setting up the right IT infrastructure to protect your business from cyber threats, every single employee also has a responsibility to protect the business from cyberattacks.

Additionally, HR, Internal Communications alongside Learning and Development teams should be involved in creating a culture of employees who know how to protect the company from cyberattacks. Having a strong cybersecurity framework is a collaborative effort across the business.

How to protect your business from cyberattacks

In addition to investing in cybersecurity solutions such as anti-virus, anti-malware and firewalls, your organisation must have a comprehensive cybersecurity awareness training strategy that puts your teams at the heart of your cyber resilience.

Bob’s Culture is our flagship online training solution. It includes our unique Human Vulnerability Assessment to assign training where it’s needed, our award-winning phishing simulations, full access to an engaging and effective course library – even your own organisational LMS.

Curious to learn more? Book a consultation with a member of our team to find out how we can help your organisation reduce its risk, and put an end to the myths.

Why organisations should opt for a tailored cybersecurity training approach

Hands up if you’ve ever suffered through workplace training that feels like it was designed for somebody else. I’m willing to bet there’s more than a few of you out there.

Traditional training approaches for topics such as cybersecurity tend to be of a ‘one-size-fits-all’ variety, with little to no consideration towards the requirements of the organisation they’re deployed within. While one set of courses might be required for employees at one company, that same training may be totally unnecessary at another company.

It’s a situation made worse by the importance of cybersecurity training for organisations of all sizes. Weaknesses in their training programme can cause significant problems for businesses. With cyberattacks happening on an increasingly regular basis (up 50% in 2021!), having the most effective cybersecurity training approach can be the deciding factor in whether a major cyberattack is successful or not.

Your organisation is unique, it has different weak spots and vulnerabilities depending on industry and infrastructure. You may have legacy systems that are more likely to have security weaknesses or a high turnover of employees – and newer employees lack experience and training in cybersecurity. In fact, many organisations simply have overly complacent staff, placing them at higher risk of breach.

Other weaknesses include the types of technology solutions that an organisation uses, which can increase the likelihood of being targeted by a cyberattack. For example, companies with e-commerce websites offering online card payments have a higher risk of being targeted as they handle financial data.

As you would imagine, these organisations benefit greatly from our comprehensive PCI-DSS compliance training while people working for the government need more training in areas such as email etiquette.

How Bob’s Business tailors training to your organisation

At Bob’s Business, we believe that training is more than just a box to tick. We believe that a good training programme should build a positive cybersecurity culture that actively protects your organisation from the 90% of breaches that occur as a result of human error.

WIth Bob’s Culture, we deploy our proprietary Human Vulnerability Assessment to make our training as tailored and relevant to your organisation as possible. It’s why Bob’s Culture revolutionises cybersecurity training and, along with our uniquely engaging and entertaining content, why we have industry-high engagement rates.

The Human Vulnerability Assessment uses a Phishing Baseline and Awareness Questionnaire to determine where the weaknesses are within your organisation; your training programme is then tailored around these insights. An organisational analysis call is also arranged, with the relevant personnel, to ensure an in-depth understanding of your organisation and its unique requirements.

This information is then used to develop a more effective training approach that is bespoke to your organisation and will boost cybersecurity protection, through empowered employees who have learnt how they can become the tip of the spear in your organisation’s defence against cyberattacks.

Find out more about how Bob’s Culture can help your organisation to strengthen the specific areas of weakness that cyberattackers will be looking to expose, and turn your employees into the first line of defence.

Does using a VPN prevent cyberattacks?

Nowadays, it’s virtually impossible to find an organisation or sector that hasn’t dramatically changed through digital transformation.

Whether it was the slow creep of technological improvements across your organisation or the pandemic, we’re willing to bet that your data is among the most valuable things you own today.

Naturally, this has changed the way businesses perceive risk and has ensured that the biggest threat to many businesses is a cyberattack on their systems.

Unfortunately, no silver bullet solution guarantees your business will be safe from attacks, but there are measures you can take to reduce the chances of it happening.

Investing in malware protection, network perimeter defences, and patch management can help prevent cyberattacks – as can using a VPN within your business. However, what is a VPN and is it enough to prevent a cyberattack on its own? Join us as we answer your most burning questions.

What is a VPN?

A VPN is a virtual private network that creates a ‘tunnel’ between the user and the internet to encrypt your internet connection. This can prevent cybercriminals from being able to read your internet activity or from being able to view your IP address and location.

There are VPNs designed especially for the needs of businesses, they provide secure connections for both remote access and site-to-site for businesses operating over different offices or branches.

A VPN will protect remote connections from public WiFi, so if employees work from a café, hotel, or airport using the public WiFi, they would not be exposing the business to the same level of threat as using no VPN.

Due to the pandemic, many businesses switched to working from home – a change which may never fully reverse. When employees log onto devices remotely, they usually have fewer security solutions compared to working from the business workplace. This opened opportunities for hackers to compromise security vulnerabilities and steal data.

Now that many businesses are still offering employees the choice to work from home more often, using a VPN is one of the cybersecurity solutions that can help to protect your business from hacking attempts when employees work from home.

Is a VPN enough to prevent cyberattacks?

While using a business VPN will certainly boost your cybersecurity, there are still weak areas that hackers are able to target. As such, a VPN should be used in conjunction with other solutions.

Firewalls, anti-virus and anti-malware software, cloud backup software, and SSL certificates on websites provide different layers of protection; but one of the most important ways to protect a business from cyberattacks is to ensure employees have effective cybersecurity training.

Research from Stanford University found that almost 90% of data breaches are a result of human error, with phishing scams and poor password management being common reasons behind the breaches. Hackers are generating increasingly sophisticated scams to target employees, tricking them into clicking dangerous links or sharing sensitive data.

As such, it’s important that employees are provided with high-quality cybersecurity training, with training courses that really engage them and change their behaviour upon receiving suspicious communications.

Bob’s Business is an award-winning training provider that helps keep your business protected from cyberattacks by not only providing employees with the knowledge to identify cyberattacks, but also the necessary skills to prevent them.

Find out more about our range of interactive training courses or speak to one of our cybersecurity experts today.

How to tell when your website is hacked (and what to do about it!)

Once upon a time, it seemed like it was only big corporations who were vulnerable to hacking attacks. 

Today, 30,000 websites are targeted daily and 64% of businesses globally have experienced some attack. 

Unfortunately, most businesses find out they’ve been breached when the harm has already been done, losing them valuable data and money. 

But how do you know whether your website had been hacked, and how do you prevent further intrusions? Join us as we share everything you need to know.

What are the most common causes of a website breach?

A website can be compromised in a variety of ways, but while a breach may be difficult to detect, at times it may be obvious to others.

These are the most common causes of website breaches:

How to check if your website has been hacked

Worried your website has been hacked following a security alert? Or are you just worried because something doesn’t seem right? In either case, keep your cool. By attempting to solve the problem you are already ahead of the game.

It is in a hacker’s best interests to minimise the symptoms of their attack. A major issue with website breaches is that they can be very common or very strange symptoms, which are tough to spot. Checking your website using a Google search to see what users see on it is the first step in determining whether it has been hacked.

If there is anything unusual occurring, it is a good indication that your website has been hacked. Google will usually detect malware and publish a warning notice on your website, to warn visitors not to use the site. Every week, Google blacklists over 20,000 websites and flags 50,000 websites for malware. Have the meta descriptions on your website changed? This is another indication that it has been hacked. Pages offering a contest or prize, that then encourage the visitor to click a link and provide information, are one of the main tactics used by hackers. Hacks like making spam popups, spam pages, and link redirects are also popular.

How to prevent a breach

Now that we have established the first steps for determining if your site has been hacked, let’s talk about what to do if it has been breached. The best way to prevent a website breach is to install the highest level of security solutions.

Here are some of the most effective website security options:

  • SSL certificate

As a minimum, all business websites should have an SSL certificate in order to protect the website. These can be purchased through your web host.

  • Regular website updates

When a software update for your website is available you should install it as quickly as possible, because these frequently include bug fixes and other critical security improvements.

  • Install anti-malware software

Your website should have anti-malware software that scans your website to check for any malicious attacks. 

  • Use difficult passwords

Using passwords that are easy to guess will make your website very vulnerable to attacks, so make sure that you use a password that is difficult to guess, using a mix of character types. Take a look at one of our past blogs to learn how you can create strong passwords hackers won’t be able to cut through.

  • Backup regularly

Having regular backups for your website will not prevent an attack, but it will make it much easier to recover your website if you do get hacked.

What else can I do to improve the cybersecurity of my organisation?

Digital security solutions are critical for securing your website, but your employees must also be cyber-aware in order to detect hacking, phishing scams, and other digital dangers.

At Bob’s Business, we offer effective and comprehensive cybersecurity training programmes for your business, helping to reduce the risk of security breaches.   

Book a free consultation with one of our cybersecurity experts to discuss how we can help you reduce risk within your business.

Why is communication in cybersecurity so important?

Today, it’s virtually impossible to imagine a sector where digital technologies haven’t led to remarkable improvements in productivity and profits. As such, it’s equally hard to imagine parting ways with those technologies.

It’s a reliance which has become commonplace in industries across the globe, and while there are obvious benefits, it also presents many security risks.

As technology evolves, cybercriminals are increasing the frequency and severity of cyberattacks on businesses. Indeed, new techniques are being developed daily to catch businesses out, with a recent report from CrowdStrike finding that ‘cybersecurity across the globe grew 400% in 2019 and 2020 combined’.

Over 85% of cyberattacks have a human element, whereby the attack takes advantage of human vulnerabilities. This is mainly executed by tricking people into providing data or clicking dangerous links that allow the attacker to penetrate the security systems.

Often, businesses mistakenly rely solely on their IT department or Risk Management Team to protect them from cyberattacks. However, this approach does not always account for individual employees, and businesses can still leave themselves open to being targeted.

It only takes one person to cause a data breach which can have enormous financial and reputational implications for an entire company. Therefore, cybersecurity must be the responsibility of all employees at all levels.

Among cybersecurity professionals, you’ll often hear the virtues of communication extolled, but why? Join us as we explain everything you need to know.

How communication prevents cyberattacks

Communication, in regards to cybersecurity, comes in many flavours. The first, and arguably most important, is training.

Put simply, effective cybersecurity training is essential.

Everyone in your organisation, from the cleaners to the board of directors, has a direct role in protecting the company from cyber-attacks. However, like any form of communication, the wrong approach can torpedo any chance of success.

Cybersecurity training is at its very best when it focuses on making cybersecurity simple and relatable. Short-form training that utilises storytelling will always trump long, dry and technical content.

Alongside regular training, it always pays to reduce staff turnover so that your team can develop a consistent culture of positive cyber risk awareness. If experienced employees are leaving after they have received training and new employees are brought in, it takes time for them to develop adequate knowledge about cyberattacks and to understand their role in preventing them.

The other crucial element of communication in cybersecurity is ensuring employees feel empowered to communicate any attempted attacks or mistakes they make.

Frequently, individuals will hide their mistakes because they’re concerned they’ll be punished for them. In turn, this gives cybercriminals a window in which to wreak their havoc. By building a culture in which employees feel comfortable reporting their mistakes and suspected attacks, your chances of surviving an attack go up dramatically.

Finally, it’s important to note that internal reinforcement communication methods such as intranet posts and videos, email updates, and team briefings can be an integral part of an organisation’s cyber risk management strategy.

At Bob’s Business, we can help you make your cybersecurity training the focus.

With our cyber awareness courses, phishing simulations, and compliance training, we give businesses and their employees the tools needed to protect themselves and your business.

Book a free consultation with one of our cybersecurity experts to boost employee awareness, keeping your business protected from the full range of cyber threats.

What is the future of cybersecurity?

Despite being an integral part of modern life, there are still many people (and companies!) who don’t understand the value of cybersecurity. Indeed, even the US Government didn’t consider cybersecurity an issue worthy of a national strategy until around 2003.

In recent years, due to lockdown restrictions, businesses have increased their reliance on technological and digital solutions faster than ever. They have allowed businesses to operate in new ways in order to not only survive but also to thrive. However, they have also created new avenues for attack.

Cybercriminals are adaptable and often ahead of the curve, in a rapidly changing world, they are constantly developing new methods of deception. Just last year, fake NHS emails and texts were sent out by scammers taking advantage of the COVID-19 pandemic.

Because criminals are constantly developing new scams and more sophisticated attacks, businesses must invest more heavily in cybersecurity solutions and processes. But, what does the future hold for cybersecurity?

The future of cybersecurity

Many of us are playing catch-up in the war against cybercrime. Take the increasing problem of ransomware and finding solutions to protect businesses from these attacks, for example, or closing the skills gap within the cybersecurity industry.

The International Data Corporation even estimated that worldwide cybersecurity spending will reach around $175 billion by 2024.

The future of ‘The Cloud’ and Artificial Intelligence

Cloud computing has provided numerous benefits, including cost savings, efficiency, and sustainability. However, because of the large amounts of data and personal information stored, it is another service that cybercriminals are targeting. As cybercrime evolves, it is a service that necessitates ongoing security training and awareness.

Artificial intelligence (AI) will greatly assist in cybersecurity; AI technology can identify threats and patterns much faster than traditional security processes. The downside of AI’s rise is that it is also being used by cybercriminals to help improve their strategies. As a result, as AI is used more in attacks, we can expect to face more severe and frequent cyber threats in the future.

Read our recent blog for more information on the impact of AI on cybersecurity.

But what does this mean for you?

As the world around us continues to advance technologically, we must also remain vigilant and aware of cybersecurity trends.

Human error is one of the top risks that criminals target, so businesses must continue to develop stronger cyber risk management frameworks; this means having highly effective cybersecurity training for all employees.

Regular updates should be included within training solutions to not only incorporate the most recent cyberattack trends but to also raise employees’ awareness of the most pressing cybersecurity concerns that are emerging.

At Bob’s Business, we provide tailored and innovative training products to make sure your employees are armed against the cybersecurity revolution.

Book a free consultation with one of our specialists to discuss your training needs today.

What are the most common crypto scams?

It’s impossible to overstate just how buzz-worthy cryptocurrencies and the blockchain that enable them have become over the last 10 years. From an obscure but promising alternative to fiat currencies to “digital gold”, they have become a controversial mainstay in the financial world.

Over 100 million people are now using cryptocurrency exchanges, with the total value of all cryptocurrencies adding up to almost $2 trillion – although this figure has proven volatile as markets enter a state of flux.

Investing in cryptocurrencies comes with a number of risks beyond mere market fluctuations though, as the security of cryptocurrencies and NFTs have proven to be woefully lacking. Just last year, there was over £11.8 billion worth of stolen crypto, according to blockchain analytics firm Chainanalysis.

So what are the ways in which scammers separate people from their crypto? Join us as we share the facts.

How cybercriminals are stealing crypto

Where there’s money, there are scammers. It’s no different with cryptocurrencies, and the consequences can be financially catastrophic.

One recent hacking incident involved the theft of over £433 million from Poly Network, before all but £25 million was transferred back. There have been many more similar incidents, with Binance losing $41 million to hackers in 2019. Just last week, actor Seth Green had his ‘Bored Ape Yacht Club’ NFT stolen, pausing production on his TV show which utilised the character.

Many online scams target new investors who are keen to hop onboard a particularly hot market.

These scams utilise the fact that cryptocurrencies are still complex and not all investors have an in-depth understanding of how the systems around them work. Due to this general lack of knowledge, investors are more likely to fall for scams that enable cybercriminals to steal their money.

A common type of scam is where scammers pose as celebrities or well-known investors encouraging people to invest in crypto, but once they pay the money they receive no crypto tokens in return.

However, the most common type of attack is good old fashioned phishing. By far the most common attack type across cybersecurity in general, it’s also a popular attack type in crypto scams.

Put simply, phishing attacks involve sending emails purporting to be from legitimate sources, but are in fact from scammers.

An example might be an email that appears to be from your crypto exchange, requiring an update of passwords for security purposes. Once you click through and input your details it’s too late – the scammer has your account and can effortlessly transfer your tokens and NFTs to another wallet.

How to protect yourself and your businesses from crypto scams

With more businesses offering digital currency payment options, and more people investing in the market, reducing the risk of falling victim is a top priority.

With 90% of successful attacks occurring as a result of human error, the only truly effective tool against attacks is education about what the attacks look like and what to do if you think you spot one.

With cybercriminals continuously developing new scams and techniques to penetrate system vulnerabilities and to trick people, it is important that individuals receive regular training to receive updates on the latest methods criminals are using.

That’s why, at Bob’s Business, we have over 50 engaging cybersecurity awareness training modules covering everything from malware to phishing, alongside compliance topics like GDPR and PCI-DSS.

Book your free consultation with a Bob’s Business expert to find out more about our highly effective training solutions.