Keep your business safe from cyber fraud
Although the increased use of digital solutions has undoubtedly profited businesses throughout the world, the reality is that with great opportunities comes risk. With the recent global cyber attack which impacted many organisations throughout the UK, including the NHS, it’s become clear that businesses can no longer afford to ignore the importance of precautionary measures to minimise the risk of becoming a victim.
We take a look at how financial crime is impacting the UK, and what businesses can do to protect themselves.
The cost of inadequate cyber security within businesses
According a court system report which was recorded by accountants at KPMG, the value of fraud committed in the UK last year topped £1bn for the first time since 2011, prompting a warning about the increasing rate of cyber crime, as well as the risk of more large-scale scams as the economy comes under pressure.
Although the 55 percent year-on-year rise in the value of fraud showed that the cost of fraud was higher than in previous years, the number of incidents was lower. The accountancy firm also found £900m worth of fraud from just seven ‘super cases’, with a value of £50m or over, compared with £250m one year ago.
Hitesh Patel, UK forensic partner at KPMG, said: “The figures for 2016 tell us two things. Firstly, that we can expect more of these super frauds as challenging economic circumstances place pressures on businesses and as technology becomes more sophisticated.
“Secondly, that this is going to put even more strain on law enforcement agencies who don’t have the resources to investigate every report of fraud that they receive: getting the large, often cross-border and complex frauds to court is extremely time consuming and resource intensive. This places much more emphasis on businesses and consumers to protect themselves from fraudsters who will take advantage given the opportunity.”
Through the rapid rise of technology and online platforms, more people than ever are being targeted by fraudsters who have unrestricted access to a larger pool of victims. However, we are also seeing the internet being used by consumers who are being tempted to obtain goods and services that they have, or perhaps should have, a fair idea are not legitimate.
The most common threats to businesses
As technological tools and digital solutions become more sophisticated, so do the criminals that master them. According to Brian Faint, Detective Sergeant of the Cheshire Constabulary’s Economic Crime Unit, here are a couple of the most common threats to businesses:
1. Compromising subscribers with social engineering, phishing or malware
Brian notes that these classic techniques remain popular and can easily be mastered by entry-level cybercriminals. “However, the past year has seen changes in how more sophisticated attackers conduct their campaigns. Growing numbers of cyber-attackers now combine data sets from different sources, including open sources, to build up detailed pictures of potential targets for blackmail and social engineering purposes,” he cautions.
2. Insider threat is growing
Brian also highlights how detailed profiles of targets are often used to recruit insiders to help perpetrate cybercrime, saying, “Some insiders help voluntarily, while others are coerced through blackmail. Insiders from service providers are recruited mainly to provide access to data, while employees working for Internet service providers are chosen to support network mapping and employee attacks.”
“Our intelligence also shows that vulnerabilities in network devices, consumer or business USBs and routers, as well as root exploits for Android phones, all provide new channels for attacks – involving malware and technologies that individuals, organisations and even basic antivirus solutions cannot always easily remove,” he adds.
The way forward
While large companies often grab the cyber news headlines and act accordingly, it is – unfortunately – common for small businesses to bear the brunt of most cyber attacks. In part, this is because small businesses tend to have more limited security than larger enterprises and more digital assets than individual consumers. In today’s digital climate, every small business should put the necessary precautions in place.
Here are 4 steps you should take to mitigate the risk of cyber fraud:
1. Remember that SMEs can be worth a hacker's time
Robert Hadfield, Technical and Training Director at getsafeonline.org, believes small businesses’ naivety can make them easy targets: “They [small businesses] don’t feel that they have anything that is worth stealing and yet, lots of small businesses have intellectual property that they may not realise has a lot of financial value”.
Furthermore, given the impending General Data Protection Regulation, employers must recognise the costs associated with stolen or lost sensitive data - such as names, addresses and contact details – and prioritise ensuring that they take the necessary actions to ensure that their personnel, operational or customer data remains secure from hackers.
2. Train staff to be vigilant of spear-phishing and avoid using USB sticks
Daniel Driver, Head of Perception Cyber Security at Chemring Technology Solutions, thinks small businesses need a “sensible approach to cyber risks” and should begin by “training staff not to fall for phishing schemes.” He says:
“Combined with some basic IT policies, such as restricting access to certain data to only those that need it, and not using USB sticks (hackers drop infected sticks in public places for unsuspecting, helpful or just curious people to pick up), will save most businesses from the majority of common attacks. From there on, you can get away with not resorting to multi-million-pound firewalls with all the bells and whistles, so long as you make sure you have the ability to carry out some network security basics”.
3. Put a response plan in place
According to Stephen Wright of the Cyber Skills Centre, training should extend to knowing what to do if the worst happens. “Don’t forget to be prepared for a breach. Know who to call, how to reassure your customers and your staff, and how to get back on your feet swiftly.” He says that cyber security firms should be “big enough to have the right protections in place, have a convincing incident response plan, and be able to demonstrate it with a certification.”
4. Get a free cyber security assessment
For those worried about straining budgets, Nicola Whiting of Titania suggests utilising information that is already widely available:
“Small businesses with a limited budget can stay protected. The UK Government has launched the industry-supported Cyber Essentials scheme, which reduces risk and contains simple steps business owners can follow to make their systems more secure. Business owners can then complete a free cyber security risk assessment to find vulnerabilities and fix them easily”.
In order to fully reap the rewards that technology provides, businesses must invest in cyber security. While some may drag their feet in protest, the reality is that in the long run, those who acknowledge and address the pitfalls along with the benefits will be the businesses that survive and thrive.
Are you a cyber security wiz looking for your next role?
Are you a tech nerd with a thorough understanding of what it takes to elevate a company's cyber security? At Search, we recruit for a wide range of tech-driven roles which include, but are not limited to cyber security. If you are looking for your next role, you can contact our cyber security recruitment specialist, Charlie Delaume on [email protected]
You may also like