Online criminals target both people and businesses

2020 08 20 · 2 min read

The internet is opening up various possibilities for everyone: from making video calls between Lithuania and England, to discovering new recipes. There are also plenty of opportunities for companies to find new employees or partners, as well as to expand their customer base. However, it is worth noting that these new opportunities are accompanied by new threats.

“When you are diving into the digital space, you should be as careful as diving into an unfamiliar body of water on a hot summer’s day,” said Darius Dužinskas, Chief People & Marketing Officer at Baltic Amadeus, an IT solutions and consulting company. When advising his business clients, Darius and his colleagues always raise the issue of the security of IT systems.

Four recommendations

We communicate with companies that operate in various locales in the US, Scandinavia and Lithuania – both in large cities and in smaller towns.

After assessing the cybersecurity issues of foreign companies and Lithuanian businesses, Dužinskas said that our country is not unique in this regard: in the digital age, we are facing the same challenges as the rest of the world.

“The online space is shared and open to everyone, so no one is completely immune to small-scale and large-scale cyber attacks. Malicious software does not select its targets based on the country or city. It simply scans everything in turn, looking for security vulnerabilities,” said the Baltic Amadeus spokesman. He recommends that businesses should pay attention to several key issues:

• Constantly and periodically update your software
• Use only legal software
• Use a two-step authentication system
• Periodically backup your data

False belief

“The biggest mistake that any business or person can make is to believe that they are too small to be a target,” added Dužinskas.

By believing that they are irrelevant to attackers, most entrepreneurs are blind to the cybercriminals attempts to attack their company.

Ill-intentioned individuals will often simply try to steal information – and the more important that information is, the more valuable it is. “Therefore, the importance of information usually determines what kind of ransom a criminal can demand for its return,” explained Dužinskas.

Justas Kidykas, one of the participants in the Create Lithuania programme and the manager of the “Raising the Cybersecurity Awareness of Small and Medium-Sized Enterprises” project that was carried out by the Ministry of National Defence, says that attention and awareness are the foundations of security.

At the end of last year, the Create Lithuania team conducted a survey and found that almost half (44%) of the small and medium-sized enterprises (SMEs) they surveyed did not think that they could become the targets of cyber attacks.

A criminal act may only be noticed too late

The same study revealed that, during the last 12 months, almost one in two (46%) companies had received fraudulent emails seeking to extract personal information, spam and misleading or offensive information (44%). “In short, it is only a matter of time before your employees will encounter the scammers,” said Kidykas. He emphasised that the cybersecurity of a company depends not only on that company’s CEO, but also on each employee. Also, the key aspects in creating a cybersecurity culture are clear procedures, know-how and practical skills.

The Baltic Amadeus Chief People & Marketing Officer also drew attention to international statistics which show that a company typically notices data theft only 80 days after the fact, or later. During this time, criminals can cause enormous damage.

“When communicating with our clients, we always emphasise the fact that many threats can be prevented – it is simply necessary to take proper care of the security of your systems and to complete a certain amount if homework. There is no one-size-fits-all solution; instead, we delve into the situation and needs of each client. We also communicate openly, to achieve mutual trust by sharing our experiences and our thoughts on past and present challenges,” said Dužinskas.

Shame in admitting you were tricked

Kidykas pointed out that almost half of all data breaches occur due to unintentional human error or system breaches. “First of all, people are not always willing to admit their mistakes. Secondly, even if a mistake or deception becomes apparent, companies will avoid making such stories public, as the managers feel ashamed,” he noted.

Having examined the experiences of such companies, the participant in the Create Lithuania programme can describe quite a few cases where a company’s accountant executed the instructions emailed by the company’s CEO to transfer funds – only to find out some time later that the email was a scam, and the transferred money could no longer be recovered.

According to Kidykas, if businesses shared more information on their encounters with cybercriminals, the public would have a better understanding of the dangers and would be better able to protect itself. In addition, companies can always get free advice from the specialists at the National Cyber Security Centre (NCSC) in the event of an incident, and can use the tools offered on the website.