Computer Security Technology Ltd

+44 (0)20 7621 7836 LinkedInTwitter

+44 (0)20 7621 7836 CSTL LinkedInCSTL Twitter

May 18, 2014

Cyber attacks - coming to a business near you!

The fact that 2013 saw a surge in cyber attacks shouldn't come as news to you. The fact that an increasing number of small businesses in the UK are being targeted is a more worrying headline.

Is your business protected against cyber criminals? Here are a few reasons why cyber security should be top of your agenda.

Cyber security isn't a new or novel invention, but it's fast gaining recognition as a necessity for today's businesses, irrespective of their size.

Both Santander and Barclays were subject to highly developed attacks. Branches were targeted by a bogus telephone engineer who tricked his way past reception and installed equipment on their computers. This resulted in the attackers gaining remote access to the banks' finance systems and in the case of Barclays, over £1.3 million was lost.

Small UK businesses actively targeted

If you thought cyber criminals were only interested in big businesses, then think again. Small companies across the UK are being actively targeted. In 2013 AEV Ltd, a Birkenhead based varnish producer, lost £100,000 when its banking codes were stolen. Similarly, Truffles Bakery, a small bakery business in the south east, lost £20,000 when its online banking system was hacked.

These are just a couple of examples of seemingly low profile businesses that never suspected their online bank accounts would be hijacked. Perhaps even more surprising and worrying is the fact that whilst the banks are sympathetic, they won't accept liability or cover any losses. In the case of Truffles Bakery, Natwest blamed the business for what it called a 'sophisticated fraud' and only offered a £20,000 loan by way of assistance.

Of course, it's not just financial loss that you need to worry about. A cyber attack can cause data loss, information corruption, regulatory failure, denial of service, shareholder assurance and loss of customer confidence.

Most recently the Mumsnet organisation revealed that user accounts had been hacked via the ‘Heartbleed’ loophole in its security software, resulting in 1.5million of its users having to change their passwords. The lapse was first flagged up by Google and online security experts, who described the problem as a catastrophe for the internet, and consumer trust.


So, why is cyber crime on the increase and what can you do to help prevent it? There are three main reasons why cyber attacks are now not only more prevalent, but affecting all businesses:

1)

RAPID & RELIANT IT EVOLUTION - Businesses are relying on, and trusting IT systems more than ever before. Systems such as online banking, which used to be considered a 'good to have', are now essential. The opportunities for cyber criminals have therefore increased tenfold in the last five years.

2)

Interconnected world - The traditional boundaries of a business have been obliterated. Today's business networks are extended to third parties, such as suppliers, business partners and consultants. Unmanaged staff devices have also increased the vulnerability of a company's systems and data. Managing security across these borderless boundaries is a complex business.

3)

Multiple threats - Today's Internet based attacks are extremely sophisticated. They are well resourced and use multiple, in-depth and skillful techniques to avoid detection and assure success. As a result, traditional security methods cannot deal with these new types of ingenious threats.


So how can you protect your business from cyber attack? Here are few steps worth following:

Set secure passwords and don't share them with anyone. Avoid using common words, phrases, or personal information and update regularly.

Keep your operating system, browser, anti-virus and other critical software up to date. Security updates and patches are available for free from major companies.

Verify the authenticity of requests from companies or individuals by contacting them directly. If you are asked to provide personal information via email, you can independently contact the company directly to verify this request.

PAY CLOSE ATTENTION TO WEBSITE URLS Malicious websites sometimes use a variation in common spelling or a different domain (for example, .com instead of .net) to deceive unsuspecting computer users.

FOR EMAIL turn off the option to automatically download attachments.

Educate staff. Ensure that  staff understand the threats and risks of cyber-attacks and the do’s and don’ts of using on-line finance systems.


Worth mentioning is that an established insurance market now exists. It allows businesses to insure themselves against cyber attacks and losses, and although it is currently largely US based, our prediction is that it will creep into Europe soon (largely by the proposed EU’s disclosure laws).

CST can also assist you with your cyber security. Our Cyber Resilience Assessment is an onsite service that assesses the critical gaps between your current and desired state, as well as the key areas of focus for cyber defence across your organisation. We will then provide a cyber improvement plan with our recommendations for prioritised tasks.

For more information on our Cyber Resilience Assessment service visit... http://www.cstl.com/Cyber