Special risks to consider in 2020

Special risks 2020

In our increasingly globalised world, new avenues of risks are becoming apparent. New technology, information sharing and the proliferation of new threat actors have increased the risks facing both travellers and organisations. These ‘Special Risks’ require specific management, mitigation and prevention methods

Healix GSOC identify top 5 Special Risks for 2020

In 2019, there has been a decrease in jihadist terrorism impacting Western countries.

Although it is difficult to pinpoint a singular factor contributing to this decrease, the loss of the Islamic State’s (IS) caliphate in Iraq and Syria has undoubtedly had an impact. The decreased ability of the group to produce propaganda has severely impacted recruitment. Western security, intelligence and government services have expanded intelligence sharing efforts and implemented new laws, such as making it illegal to express support for proscribed organisations and tougher limitations on online freedoms. There have been no high-impact jihadist attacks in Western countries in 2019, with attacks in Utrecht and Lyon demonstrating that lone-actor incidents are commonly conducted by individuals with limited resources. The UN has warned of the potential for IS operatives to adapt and consolidate in the coming months before embarking on a new wave of attacks, but as yet, there is no evidence of jihadist terrorists extending their operational tempo in Europe.

Despite this lull in attacks in Western countries, high-profile jihadist attacks have occurred in theatres rarely impacted by jihadist terrorism.

In January, al-Shabaab demonstrated its cross-border capabilities by conducting a complex attack against an upmarket hotel in Nairobi, killing 21 people. Al-Shabaab retains significant resources in Somalia, and the attack was likely an attempt to reach a global audience; attacks in Kenya receive more media attention than in southern Somalia. Attacks by IS affiliates targeted religious sites in Indonesia and Sri Lanka. The attacks in Sri Lanka were claimed by National Thowheeth Jama’ath (NTJ), an Islamist organisation which previously favoured acts of petty vandalism. Following a claim of responsibility from IS, it demonstrated the group are pursuing a ‘merger’ strategy. Islamic State collaborates with local Islamist cells in order to augment its significant resources with local expertise and eager recruits. Owing to the relative success of this attack, this is a model IS may well attempt to replicate worldwide.

Both the Islamic State and al-Qaeda have continued to establish a presence in areas with low levels of governance and weak security apparatus.

Islamic State operatives remain prevalent in areas previously encompassed by its caliphate, and have increasingly returned to insurgent tactics in areas of north-western Iraq and eastern Syria. It is yet to be seen whether the death of leader Abu Bakr al-Baghdadi has a significant impact on IS operations in the Levant. Al-Qaeda retains significant support and capability in areas of operations, despite its potential leadership succession strategy being hampered by the death of Osama Bin Laden’s son, Hamza. The group has capable affiliates in Yemen, Syria and North Africa, and despite not conducting any significant attacks, it is successfully building support among local populations in its sphere of influence. Following the breakdown of peace talks with the United States, the Taliban increased its operational tempo in Afghanistan, undertaking numerous bombings which impacted both the security forces and civilians, particularly in the run-up to the September 2019 elections.

In 2019, the issue of foreign nationals being arbitrarily detained abroad has been an increasing issue. Arbitrary arrest is the arrest or deprivation of liberty outside of national laws or international standards in an inappropriate, unjust or disproportionate manner. The motivations for such arrests can be convoluted, but the majority of cases are due to political motivations, domestic intimidation tactics or breaching of local law practises. Individuals who have an increased risk of scrutiny from host nations have included academics, journalists, NGO workers and dual nationals.

High-profile cases involving China and Iran have garnered significant media attention. UK national Nazanin Zaghari-Ratcliffe remains incarcerated in Iran on espionage charges, despite the UK government confirming Zaghari-Ratcliffe was only in Tehran for a holiday and has no ties to the UK intelligence services. The Iranian government has not shown any inclination to release Zaghari-Ratcliffe, and it is likely that Iran do not want to be seen as weak on the international stage, and will not release Zaghari-Ratcliffe without concessions from the UK government. The detention of Huawei CFO Meng Wanzhou in Canada on the request of the US also sparked an international diplomatic issue. Ten days after the arrest of Wanzhou, Canadian nationals Michael Kovrig and Michael Spavor were detained in Beijing on suspicion of endangering national security. Ottawa condemned the arrests as an act of retaliation to the detention of Wanzhou. The pair’s continued detention has been dubbed as ‘hostage diplomacy’, and an attempt to exert pressure on Ottawa by Beijing. Other Canadian citizens have been detained in China, largely due to minor drug charges and the imposition of ‘exit bans’.

The prospect of gaining leverage over Western governments is becoming increasingly attractive to administrations worldwide. While arbitrary detentions remain rare, their usage as pawns in diplomatic games is a concerning trend. When detained abroad, apart from offering consular support, there is little recourse that the individual’s country of origin can take. Both the examples of Iran and China in the past 12 months have demonstrated how pressure can be exerted on Western governments through the detention of foreign nationals.

In September 2019, the UK police claimed that following an increase in caseload and arrests, the fastest-growing terrorist threat at present stems from the far right. This, however, is not an issue isolated to the United Kingdom. The far-right community has gained traction on a political and societal level in recent years across the globe. Far-right extremists groups continue to gain support, and extremist supporters are increasingly carrying out attacks. Attacks have taken place and plots have been foiled in a number of different countries in recent years, including in the United States, United Kingdom, Ukraine, Norway and New Zealand, demonstrating the transcontinental nature of the threat.

International cooperation among far-right extremists is becoming ever more prevalent. Far-right extremists are increasingly cooperating through online communication, financing and/or physical support. A key example of this is in Ukraine, where hundreds of foreign far-right extremists have reportedly joined the Azov Battalion, an ultranationalist militia involved in the conflict against Russian-backed separatists in the Donbas. Another notable case is in relation to Brenton Tarrant, the perpetrator of the Christchurch mosque shootings that killed 51 individuals, and Austrian far-right group Identitarian Movement Austria (IBÖ). Tarrant allegedly donated approximately €1,500 to the group following a trip to Austria in November 2018.

In today’s globalised world, far-right extremists are increasingly able to communicate and disseminate their ideological views. The number of far-right social media accounts and online forums is growing, providing extremists with increasing opportunities to disseminate far-right content and share views. While major social media companies have stepped up efforts to reduce extremist content on their platforms, a large amount of content is still available online, including on encrypted forums. This is having a significant impact on far-right recruitment and radicalisation globally, and in a number of cases perpetrators of attacks in recent years have allegedly been inspired through reading online sources and far-right manifestos.

Virtual kidnapping is the process in which criminals make a ransom demand claiming to have kidnapped an individual, without having done so in reality.

In most cases criminals will research their targets online and on social media prior to committing the crime. They will obtain the necessary contact details of the target and ‘spoof’ (change the caller ID) a phone number to make it seem like the call is coming from the hypothetical hostage. When calling the target, criminals will state that they have kidnapped a close relative or friend, threaten them with violence and/or the killing of the hypothetical hostage if they attempt to notify anyone, and then subsequently extort a ransom. This form of kidnapping has existed for decades, but in recent years, the number of reported cases has increased significantly, particularly in the Americas. While ransoms are lower than in most real kidnapping scenarios, virtual kidnapping is still proving to be a lucrative method for criminals, with ransoms in the thousands being paid. This coupled with the lower risk of detection by law enforcement makes virtual kidnapping a desired tactic.

As the number of virtual kidnappings has increased in recent years, the sophistication of attacks has evolved. Reports indicate that in certain cases kidnappers will conduct two calls. The first call will be to the person who they will claim to have as a hostage. They attempt to isolate this individual through coercion and deception, and persuade them to send a picture of themselves. The perpetrator will then conduct a second call to a contact of the ‘hostage’, and will use the picture provided to convince them that the individual has been kidnapped and issue a set of demands and a ransom. In addition, a number of cases have been found to be international in nature; an FBI investigation in 2017 reportedly found that a number of perpetrators of virtual kidnappings in Los Angeles in the United States were incarcerated in Mexico and calling from within prison. As ransom demands are often smaller sums of money, isolated international bank transaction of this nature do not necessarily get flagged by compliance tools and teams.

Likely targets for virtual kidnapping include affluent business travellers and families with a detailed online profile. While mobile telephone providers are working on ways to counter such crimes, including by blocking spoofing efforts, it is likely that criminals will adapt and use alternative communication methods in the future.

Cyber-attacks are evolving in nature and occur on a daily basis in every region of the world, increasingly affecting businesses and travellers. Cybercrime exists in multiple different forms, with different attacks serving different purposes; certain attacks aim to disrupt service delivery, others aim to scam and steal from victims, and espionage attacks are carried out to obtain and monitor data processed by targets. Each of these forms of attack can cause operational, financial, reputational and personal damage to victims. It is important that organisations and individuals take necessary steps to reduce their vulnerability to these attacks, with further sophistication in attacks likely in 2020.

While cybercrime has been commonplace for some time now, the variety of types of attacks continues to increase.

Travellers should use basic risk mitigation techniques to reduce the risk of falling victim to attacks such as the below.

Individuals should back up all sensitive and essential content on electronic devices such as an external hard drive prior to travel. As a precaution, individuals should only travel with devices containing data that is necessary for the trip. Travellers should not connect to unsecure Wi-Fi networks or leave electronic devices unattended or unlocked, and are advised not to respond to or click on links embedded in unexpected emails or emails from unverified email addresses.

The following are some of the types of attacks most commonly committed by criminals and are most likely to affect businesses and travellers:

  • Distributed denial of service (DDOS) attacks: Designed to overwhelm websites with traffic and ultimately crash the site – often linked to extortion attempts against a business or individual.
  • Phishing attacks: Email campaigns that attempt to scam users into providing personal and security information.
  • Brute force attacks: A simple method of attempting to hack accounts by selecting and inserting likely security information such as passwords and encryption keys in the hope that one is correct.
  • Malicious malware: Malware installed on a system with the aim of deleting, modifying, copying or encrypting data. Ransomware attacks, where malicious malware encrypts a user’s data and demands a ransom to be paid, usually in crypto-currencies, to decrypt it, has in recent years become the most common form of malicious malware attacks; ransomware has affected a large number of state entities, businesses, healthcare providers and individuals.
Risks report 2020

“Special Risks 2020” is extracted from ‘Risk Oracle 2020’ – our essential guide for employers with a global workforce, sharing key insights into the risk landscape in each region around the world.

Sign up to our mailing list to receive the latest news, insight and essential guides straight to your inbox