Social engineering, spear phishing, whaling….the latest trends in cyber-crime
Cyber-crime is on the increase. The UK’s 5.4 million small businesses are collectively attacked more than seven million times a year, costing the UK economy a staggering £5.26 billion for 2014 and 2015, according to a survey by the Federation of Small Businesses.
With British companies reporting a 22% increase in cyber- crime in 2016, cyber security should be a top priority for all businesses.
So, firstly you need to understand the current terminology relating to cyber and how it can affect you:
Phishing is a fraudulent attempt to uncover confidential information by masquerading as a reputable company in an email or phone call. An employee in a construction firm fell victim to a targeted form of phishing known as spear phishing, responding to an apparently genuine email request from a trusted source. The victim clicked a malicious link and, in a single email response, provided hackers with full tax records of every employee who’d worked for the company during 2015.
Whaling is now big business, where criminals attempt to ‘land a big fish’ by targeting a CEO or managing director with a sophisticated scam. Last year, Austrian aerospace parts maker, FACC, was swindled out of £37m by hackers using a whaling scam, tricking them into making a large payment for a fake acquisition.
Distributed Denial of Service (DDOS) or Denial of Service (DOS) is an attempt to bring a website or network to a standstill by flooding it with data requests.
Social engineering attempts to trick people into disclosing confidential information, using a ‘baiting’ email linking to free software or a fake phone call.
And what about the people who are involved in cyber-crime: a Black Hat Hacker is a ‘gun for hire’ who works for personal gain, whilst a White Hat Hacker is the opposite, alerting companies to potential vulnerabilities.
Also, if you thought your data was safe as it is automatically backed up on the Cloud, then think again. When a power grid in Belgium was struck by lightning, data was wiped from a Google Compute Engine, resulting in customers losing access to their Cloud files. Google now advises you to ‘back-up your back-up’.
Many small businesses believe cyber cover is too expensive and that their existing insurance provides adequate cover. When a retail company found their Twitter feed had been hacked and they were consequently broadcasting pro-ISIS propaganda, they incurred over £180K of forensic costs. Luckily for them, they had taken out Cyber Insurance.
If you are hacked and your customer records compromised, you will need to write to your customers reporting the situation. At 65p per stamp, this could work out costly.
You should also report the breach to the Information Commissioners Office (ICO), who could potentially fine you, as a charity found recently, when they were fined £70k for ‘avoidably’ compromising customer records. Personal record management will become more into focus for all companies with the introduction of the General Data Protection Regulations (GDPR) which replaces the current Data Protection Act in May 2018.
A cyber policy provides protection and support against these and various other cyber-crime scenarios, providing a level of cover not offered by standard business insurance. To ensure you are adequately protected, talk to us today.
Federation of Small Businesses (FSB) Cyber Resilience Report 2016 (QBE and Pen pdf supplied by Michael Ware, Bayliss & Cooke)