Cybercrime is Skyrocketing: 10 Things You Can Do to Reduce Your Risk

By Jim Harris

Cybercriminals are costing businesses trillions of dollars globally.

I was on a TV show discussing the topic of artificial intelligence (AI) recently, and the host, who is in the public eye, shared a cautionary tale. There are hours of video of her on the TV station’s site and YouTube, scammers had trained an AI on her voice. Her family received a phone call that sounded EXACTLY like her that went something like this:

“I’ve had a car accident and rolled the SUV. I got out okay, but the car burned, and my wallet was inside. I’m in the hospital and am starving. Can you please send $100 right away to nursebetty@gmail.com so that I can get some food in the cafeteria?”

Her family has a safe word. If a family member doesn’t use it in this kind of emergency phone call, everyone knows that it’s not them. For this example, I’ll make one up: “jalapeno peppers.” If it’d really been her, she might have said, “I’m in the hospital and am starving and want to have a pizza with “jalapeno peppers.” Her family then would have been certain it was her.

From 2018 to 2028, the annual estimated cost of cybercrime globally increased more than 16-fold. Cybercrime is often underreported because companies are embarrassed about being hacked and are worried about reputational risk.

Kelly Bradshaw, the former Chief Superintendent of the Royal Canadian Mounted Police (RCMP), notes that only 10% of fraud is reported.

And it’s not just companies that are at risk; individual Canadians lose $500 million every year to cyber fraud.

Some Questions to Consider

Do you have a safe word for your family? (Grandparents are particularly susceptible to this kind of scam).

What about every employee in your company?

Has everyone in your firm received cybercrime, phishing, and ransomware training?

While working with a TEC group a few years ago, I spoke to one of the CEOs who mentioned they took the expert advice from one of their speaker sessions. They partnered with a training firm to educate every employee on cybersecurity. The initiative focused on unveiling the tactics behind phishing and spear phishing, empowering employees with the knowledge to recognize and respond to such threats effectively. This is just one example of how TEC Canada provides CEOs access to leading-edge knowledge and resources to protect and enhance their businesses.

Phishing scams are generic attacks. Spear phishing is where the hackers have researched you and your company. It’s customized phishing. If you’re in accounting, for example, you might get an urgent message from the CEO asking you to transfer $2,500 to a supplier because they have complained to him, and he wants to keep them happy.

Two weeks later, the training firm launched a fake phishing attack. Even after this highly effective training, a staggering 20% of employees keyed in their login details. For me, this highlights three key takeaways:

1) Every employee needs cybercrime, phishing, and ransomware training.

2) This training can’t be just a one-and-done but should be an ongoing initiative.

3) It only takes one employee to fall victim to this and your systems can be compromised and shut down.

As a leader of your organization, you need to consider the consequences if your company can’t operate for three weeks.

TEC Canada, Jim Harris, Cybercrime AI

Image source: https://www.statista.com/chart/27097/most-expensive-types-of-cyber-crime-us/

Why is this Important Now?

The number and cost of cyber attacks are increasing,

The bad actors are now using AI tools to make their attacks appear more legitimate and increase their success rate. Here’s two examples of recent cyber attacks:
• The cyber attack on the Newfoundland and Labrador healthcare system in 2021 took the system down for weeks.

• The LifeLabs data breach in 2019 resulted in class action suits of up to $10 million and a huge reputational risk.

Cybercriminals don’t only target large organizations that can pay millions in ransomware. A 2021 report by the Insurance Bureau of Canada (IBC) highlighted that 41% of small businesses that suffered cyberattacks incurred costs of $100,000 and more.

2) This training can’t be just a one-and-done but should be an ongoing initiative.

3) It only takes one employee to fall victim to this and your systems can be compromised and shut down.

As a leader of your organization, you need to consider the consequences if your company can’t operate for three weeks.

Does this Apply to Every Company and Every Industry?

The executive team of a construction company I was recently working with wasn’t worried about cybercrime. They thought companies in the digital space, like banks and insurance companies, would be the main targets. However, with the amount of information communication that is now kept online, every business can be a target of cybercriminals.

In August 2017, MacEwan University in Edmonton, Alberta, fell victim to a sophisticated phishing scam, resulting in the loss of $12 million. The fraudsters impersonated Clark Builders, a construction company working for the university, by sending emails that closely resembled legitimate communications from the vendor. These emails requested changes to banking information, leading university staff to unknowingly transfer $12 million of funds to fraudulent accounts.

As John Chambers, the former CEO of Cisco, used to say, there are only two types of companies: those that have been hacked and those that don’t know that they’ve been hacked. In other words, this means that companies must be eternally vigilant around cyber security.

Summary: 10 Things You Can Do To Protect Your Bottom Line & Reputation

  1. Ensure onsite and offsite automatic backup procedures to protect your data.
  2. Invest in mandatory cybersecurity training for every employee.
  3. Include cybersecurity training as a mandatory part of onboarding before granting new employees access to IT systems.
  4. Implement multi-factor authentication (MFA).
  5. Have your training firm run simulated phishing attacks.
  6. Hire an outside firm to perform vulnerability testing.
  7. Make sure your IT team regularly updates the software with security patches.
  8. Gamify it: reward employees who pass the test with a free company-branded coffee mug.
  9. Have different employees lead the training every quarter. The best way to learn something is to teach it. Stephen Covey, who wrote The Seven Habits of Highly Successful People, promotes learners becoming teachers.
  10. Get cybersecurity insurance in your company. Insurance firms can give lower rates once they conduct penetration testing and cyber readiness testing for your company.

About Jim Harris

Jim Harris has been working with TEC Canada for more than 30 years, making him the longest-serving Canadian TEC resource. In February 2024 he was recognized as the TEC Speaker of the Year due to the highly regarded sessions that he’s been leading focused on artificial intelligence (AI) and Generative AI (GenAI). In 2025 he will begin offering TEC groups a new topic on Cyber Security given the rise in Cyber Crime.

Jim has led a strategic planning exercise for the CIOs and CTOs of Canada’s largest hyper-scalers (Amazon, Google, and Microsoft) and leading IT firms in the security space like Palo Alto Networks for the Canadian Forum for Digital Infrastructure Resilience (CFDIR) for Innovation, Science and Economic Development (ISED) for the Government of Canada at the Canadian Centre for Cyber Security.

© copyright 2024 by Jim Harris. All rights reserved. This article cannot be republished without the written permission of the author.

You can reach Jim at jim@jimharris.com or follow him on Linkedin.com at https://www.linkedin.com/in/jimharrisprofile/

For the latest updates, visit Jim’s website at www.JimHarris.com