Look out Cyber Crime
Its not often a police officer turns up at the BPMA to talk about crime – and in this case cyber crime. Chris White, a detective inspector who also heads up the Cyber & Innovation team at The Cyber Resilience Centre joined the BPMA’s Tom Robey to talk the need for every business to be cyber-savvy.
Chris started by flagging the huge impact when cyber attacks damage businesses and expose customer details. Revealing some eye watering stats, he went on to reveal 39% of UK organisations had a cyber security breach or attack in last 12 months with 27% of those had at least one breach or attack per week. With only 20% of businesses perform any kind of ‘cyber drills’, at least 23% of firms needed few measures to prevent further attacks. However, in the UK only a third of businesses have a cyber security policy. Revealing a very small proportion of employees get any cyber training, when you consider the most frequent threat was phishing attacks and impersonation on line, White pointed out this weakness could be many firms undoing.
Phishing is still by far the most successful tactic for a cyber attack
The ransomware landscape continues to evolve, the publication of stolen data has become a routine part of a ransomware attack with actors also encrypting or deleting backups, making recovery more difficult. Multiple sectors are still being targeted with the added concern that organisations involved in the pandemic response will be an attractive target. White described the stages taken to achieve the desired attack.
Stage 1: Survey – investigating and analysing available information about the target in order to identify potential vulnerabilities
Stage 2: Delivery – getting to the point in a system where a vulnerability can be exploited
Stage 3: Breach – exploiting the vulnerability/vulnerabilities to gain some form of unauthorised access
Stage 4: Affect – carrying out activities within a system that achieve the attacker’s goal
Protecting your assets
From up to date malware protection to a solid password policy, many firms need to take some basic steps to update and upgrade. Including firewall that cover everything including individual devices to restrictive administration rights, there was in fact a lot more support available than many realise.
Cyber resilience Centre can assist with this process and obtaining a Cyber Essentials Certification is simple with minimal cost. White explained you could assess yourself against 5 basic security controls before engaging a qualified assessor verifies information. Some eligible companies will be event entitled to free Cyber insurance.
Check sender
Looking in detail on how to spot those nasty phishing emails that can appear very convincing, key tips to look out for were looking out for expected emails and checking the sender’s email address, viewing attachments that could be malicious. Other ‘tells’ can be poor spelling or grammar, use of oddly constructed emails, names or generic addressing. Your contacts will never mind you checking it’s you and you may even alert them to a phishing attack they may be unaware of if you spot a strange email. Classic cons we have seen en mass at PM have involved the TV licenses or HMRC ‘tax refunds’ which request you to send money and click on links that at first glance can look real, where a fake website impersonates a genuine one.
With a wealth of information and guidance, the Cyber Resilience Centre provides excellent guides to help even the most prepared businesses continually improve their cyber security.
Password fails
Finishing the session with a look at the time it takes to crack your password (not long it seems), White advised everyone to check their passwords and update those that were not secure. With a four character password effectively open season for hackers, the safest password was cited as an 18 character password made up of numbers, upper and lowercase letters and symbols and would take literally trillions of years to crack.
To find out more about how you can protect your business, visit secrc.co.uk/membership to sign up for information and support.
