I recently attended the East Midlands Cyber Crime Breakfast, where a panel of experts outlined what they saw as the principal cyber crime threats that were affecting organisations in the East Midlands.
To respond to the growing awareness of cyber security in the region, Insider Media organised an impressive line-up of cyber experts to identify what the top cyber threats businesses faced.
Representatives from the East Midlands Police Cyber Crime Unit, KPMG, Icomm Technologies, RDS Global and Geldards outlined the following cyber crimes as important ones to be aware of:
- Social engineering – these are attacks that rely heavily on human interaction and include the unintentional opening of malicious software via links embedded in emails or social media. We heard that many social engineering exploits simply rely on people’s instinctive willingness to be helpful.
- (Distributed) Denial of Service attacks – sometimes referred to as DDOS attacks, these are designed to bring a network to its knees by flooding it with useless traffic. They target a wide variety of important resources and present a major challenge to making sure people can publish and access important information.
- Whaling – a particular type of social engineering where the “big fish” of an organisation, or influential roles, such as finance, are targeted, often as a way to getting money transferred incorrectly. There was a report of one East Midlands business losing £1.1m by fraudsters who intercepted email communications!
- Ransomware – this works by infecting a user’s computer or organisation’s network. It performs a reversible act, such as encrypting all files and requests a ransom is paid for the files’ safe return. The panel reported recent ransomware demands in both pounds and the virtual currency, Bitcoins, across a range of organisations in the region.
The overall message that came across was that it is now a case of when, not if, your organisation will be affected by a cyber breach. Organised crime syndicates were responsible for the majority of the attacks and had developed relatively advanced business models – even offering customer support for ransomware victims and developing partner referral networks for their malware!
To get colleagues and other organisations to take cyber security more seriously, one of the suggestions put forward was to view cyber security as if it were “real-world” physical security. As this can help make it more understandable.
How to protect your organisation
To help those attending know where to start, the panel suggested a Top 5 list of things to do now to improve your cyber defences:
- Look at how your organisation uses passwords – enforce a policy that makes users adopt strong passwords and make sure that accounts/passwords are not shared by multiple users;
- Ensure you are applying the latest software updates to avoid known vulnerabilities;
- Install anti-virus on all devices, including phones (where possible);
- Consider how to adopt the good cyber security practice outlined in Cyber Essentials;
- Educate your users by using resources such as Cyber Streetwise and Get Safe Online.