arrow_back_ios Back View more articles

With AI cyber crime on the rise businesses must be more hacker-savvy in 2024 – Filestream

The risk posed by cyber criminals to UK businesses is greater now than ever. Businesses need to be more hacker-savvy in 2024, says Paul Day of Berkshire-based Filestream.

As 2024 arrives, the threat around cyber attacks, ransomware and hackers grows ever greater. Understanding the risks and legal responsibilities around personal data will become even more important.

It’s predicted that there will be increasing threats in 2024 around the increased use of AI by criminals – and also the increased use of AI to defend against criminal attacks.

It’s believed that ransomware attacks will become more prevalent in the SME sector, moving away from larger corporates and that hackers will go for weak links in supply chains to cause havoc. There is also worry in the world of IT globally about skills shortages and recruitment of talent to keep ahead of the criminal curve.

Here are just some thoughts around the reality of the situation we now face in our ever-connected world. As AI and technology advances – so do the criminals who wish to exploit it.

Can hackers still sell your data?

Billions of ‘pieces’ of personal information is stolen every year because of data breaches. Hackers bundle personal information with other stolen data and sell it en masse to other criminals on the dark web.

A Social Security number may sell for as little as 78p. Credit card, debit card and banking info can go for as much as £86. Usernames and passwords for non-financial institution logins are around 78p, but it can range from £15 to £156 for login info for online payment platforms.

How might that data be used?

Just two examples are: identity theft – a victim’s personal information can be used to gain benefits for a criminal at the expense of a victim. This might include taking out credit cards and/or loans in their victims’ names and another is account takeover. Here criminals steal login credentials to break into accounts that store payment details such as shopping accounts. They then change the password so that the victim can’t get into the account and then they shop at a victim’s expense.

Then there are the big hack attacks such as the MoveIt attack earlier in the year which hit many big companies. The impact of this one attack is still coming to light.

Is phishing still a thing?

The answer is yes. A phishing scam occurs when a victim is tricked into handing over data and some are extremely sophisticated now. It can be done over the phone, via a social media message or emails. Increasingly these can appear legitimate as they are from known contacts or via platforms a victim uses regularly.

According to a recent consumer study by Nat West, 37 per cent of scams in the year to October 23 were phishing scams. The bank’s fraud team interviewed 2,000 people to gather the data. Phishing scams came top followed by Friend & Family Scams (urgent texts or messages asking for money in an emergency posing as a family member) and the third is Get Rich Quick scams, usually offering a wonderful (but phoney) investment opportunity.

What are the penalties for companies and organisations which suffer a data breach?

In the UK they can be large – though the enforcement body The Office of the Information Commissioner or ICO – does prefer to work with an organisation to resolve issues if possible.

It can enforce various penalties including assessment notices, warnings, reprimands, and it can issue fines of up to £17.5m or four per cent of annual worldwide turnover – whichever is the higher.

Recent reprimands for disclosing people’s information inappropriately were issued to organisations including University Hospitals Dorset Foundation NHS Trust, Ministry of Justice and Thames Valley Police (between April and June 2023).

In recent years some of the biggest fines have been:

  • British Airways – £20m
  • Marriott Hotels – £18.4m
  • TikTok – £12.7m
  • Clearview AI – £7.5m
  • Ticketmaster – £1.5m

How can a company avoid this?

Being cyber aware, knowing the requirements of GDPR, working with trusted IT providers with good knowledge around these matters to minimise and mitigate an ever-increasing risk.

This is an ever-evolving landscape and the key is to work in an ongoing way with a trusted partner. Strong management of online data and ‘paperwork’ is needed and often free services are not as secure as business owners ‘hope’ they are.

Paul Day is technical director of specialist document management company Filestream. He is an expert in GDPR and supports his document management clients around cyber-security and keeping their data safe.

Filestream celebrates win at Document Management Awards

Read more

02.12.2024

Filestream MD to run London Marathon for children’s hospice

Read more

04.11.2024

Encryption is essential in safeguarding your data – Filestream

Read more

09.10.2024

Filestream appoints new operations director

Read more

16.07.2024

Filestream promotes long-time employee Paul Day to managing director

Read more

10.06.2024

Filestream celebrates third consecutive win at Document Manager Awards

Read more

30.11.2023

Filestream director completes Skyscraper Challenge for charity

Read more

06.10.2023

Tech specialists Filestream move to new Berkshire office

Read more

05.09.2023