30th March 2016
Cyber Security: “It's not just for the IT guys.”
After a little time to reflect – and having given our brains time to recover from the overwhelming amount of information shared at our cyber security event “Ever Been Hacked…off?” hosted by NNBRF, it’s time to consider what was learnt. We’re now equipped to implement our new knowledge into our businesses and boost our online security, and what better time than now?
“It’s not a case of ‘if’ you might be a target of cybercrime, it’s a case of when.”
So, firstly – what is cybercrime? Carole Walton, from East Midlands Police Cyber Crime Unit, explained:
Cybercrime can be defined as any crime which is cyber enabled or cyber dependant. This gets confusing because in today’s day and age, as pretty much anything can have a cyber element to it.
Carole Walton was great as explaining this, and she even showed us live cybercrime traffic displaying attacks happening right there and then. This really is on a global scale, and surprisingly 80% of cybercrime attacks could be prevented if only we understood them better! It was great to hear how the police and government agencies are working closely with businesses to make the UK more resilient in cyberspace.
Maybe you’ll be surprised to know that most attacks happen on a Friday, when you and your employees are a little more relaxed. Social engineering means that threats can easily be disguised as what might look like a legitimate email from a work colleague – maybe asking for a bank transfer, or for a password change, for example.
So ask yourself a question - are your employees properly trained in recognising these threats, and understanding which email attachments are safe to open, and which might be carrying a harmful virus? It’s not just down to your IT department anymore; everyone in your company needs to be aware of the threats and understand how to properly recognise them.
After some tea, biscuits and the chance to ask some questions, Matt Sumpter was next to talk, to tell us about cyber insurance, followed by Marc Wheelhouse from Vodafone.
“Surprisingly, 70% of people arrested for cybercrime are employees!”
Do your employees really love you as much as you think they do? You need to protect your database and insure it appropriately – this means start-ups too, and there are insurance packages out there to suit a variety of business needs.
The scariest question is: are you actually going to notice a cyberattack when it happens? Small hacks build up slowly, with only small amounts of money being taken at a time but amounting to huge amounts of money overall. What if the attacks are happening in the evening or over the weekend - do you have systems in place to be able to monitor and pinpoint any unusual activity?
“3 random words for your passwords is recommended.”
Damian Walton from IntaForensics was up next, talking about his role in protecting against cyber security hacking.
Damian used a great analogy when discussing the importance of keeping your software up to date, protected and above the attack threshold. Simply think of it as an MOT - as soon as you leave the forecourt, are you still protected and safe? Should you really wait a whole year before updating your anti-virus software again?
“Try to have the lock, the scary dog, the moat and the minefields in place when it comes to protecting yourself online. You won't be the first, and you certainly won't be the last.”
William Rimington from PwC UK talked next about social engineering, phishing and spear phishing, showing the development of cybercrime and how it's much more difficult to spot a cyberattack now, as their methods have become more sophisticated.
Scarily, the hackers have industrialised practices and have the ability to bypass everything - they can even switch your malware off on your computer to further avoid detection! They can make their attachments look like something trustworthy, such as something that person is interested in, something that isn't going to cause suspicion in any way shape or form – this is all social engineering and is surprisingly easy to do if you know how.
Once the user has clicked on a link or opened an attachment, the connection back to the hacker’s server can enable them to take control, using keylogger type programmes, for example, to gain further information from your machine. It can take up to 3 to 4 weeks to gain full control, completely undetected.
“Organised crime is patient and will take its time.”
Richard Bach spoke next about living with cyber risk and preparing to respond.
He discussed the government cyber essentials scheme, and cyber streetwise, resources worth checking out as a starting point for staying safe online. He also explained how the high end threats are in the minority, and what's more common is amateurs and journalists. This includes material that is commonly available but can be used maliciously, and accounts for 80-90% of all cybercrime.
“You might catch a cold, but don't let that cold turn into pneumonia.”
Stuart Green from SJG Digital was last on the line up, and spoke about how to protect your devices.
Stuart was our final speaker, and bought it back home, showing how it's not just about the digital or monetary affect, it's about the personal affect it has too. He described how it’s worth buying the best that you can afford- like your grandfather would say: “Buy the best tools you can, it will pay off in the end.” So why would it be any different with cyber security and anti-virus software? He explained how you should invest in your staff, as they can be your biggest asset, as well as your biggest threat.
"1. Understand the threat 2. Assess the risk 3. Do the right thing."
So… with so much information it can be difficult to know where to start. Hopefully now you understand that the threat is real… and next would be how to combat it. Are your security systems up to date?
- Are your staff properly trained in understanding cyber threats?
- Do you have sufficient monitoring software to detect unusual activity?
- Have you invested in the correct cyber insurance?
- Do you have secure passwords?
- Do you have your data backed up if an attack was to happen?
For more information on cyber security, follow us on Twitter: @NN_BRF