Chubb and Microsoft chart the evolution of cyber crime

A new white paper co-authored by Chubb and Microsoft tracks the mounting risks and dangers associated with cyber crime’s increase.

With an increased emphasis on cybersecurity becoming particularly important in the wake of remote working practices, the companies opted to focus on emails in particular as a gateway to risk. 

Among the statistics cited in the report to emphasise the extent of the problem are:

• 467,361 complaints forwarded to the FBI’s Internet Crime Complaint Center in 2019 alone (almost 1,300 per day).
• Over US$3.5bn in individual and business losses.
• One instance wherein $75m was redirected to a cyber criminal’s account following a Business Email Compromise (BEC) scam.

Combating sophisticated fraud

Regarding the latter point, Patrick Thielen, Senior VP at Chubb North America Financial Lines, commented, "BEC attacks serve as a prime example of how cyber crime is quickly evolving.

"As employees become savvier about not clicking on unfamiliar links or downloading unknown attachments, cyber criminals are just as quickly pivoting to different means—hijacking email accounts and impersonating executives. 

“These sophisticated fraud schemes often result in employees erroneously transferring money to criminals under the auspices of their bosses' supposed directions."

Indeed, the white paper notes that there are three primary ways to perpetrate email impersonation:

1. Brute force using specially-developed software to crack email passwords.
2. Credential harvesting by exploiting people’s general inclination to use the same (or similar) password for multiple functions.
3. Phishing the information through fraudulent emails that often request the user to change or reveal their personal information.

Therefore, Chubb and Microsoft recommend the speedy adoption of multi-factor authentication that bolster baseline password security (which alone contributes to 80% of breaches). The report notes three aspects:

1. The most simple is a password or verification code known only to the individual user.
2. Next, a registered and secure device should be linked to all restricted activities. 
3. Finally, some form of biometric authentication (such as a fingerprint) should be used, as this is the most difficult layer to overcome by remote hacking.

It makes sense that technologically sophisticated problems would require an equally sophisticated solution. Acting fast and making the investment, states Joram Borenstein, General Manager of Modern Work and Security Partnerships at Microsoft, is the optimal solution: 

"The old saw of an ounce of prevention being worth more than a pound of cure remains true in the cyber world. By layering authentication across multiple factors, consumers and employers make it harder for criminals to breach defences and get at your business and personal data."