To tie in with International Cyber Security Month, which launches on the 1st of October, we wanted to take a closer look at the growing trend of cyberattacks and how businesses can look to build resilience and protect themselves online.
In the last 12 months, the 2023 Cyber Security Breaches Survey showed that 32% of UK businesses have identified cyber attacks, with 40% of businesses estimating they were attacked at least once a month. The average annual cybercrime cost for businesses is approximately £15,300 per victim.
Phishing
The most common threat is where targets are contacted by email, telephone (vishing) or text message (smishing) by an attacker who poses as a legitimate company/organisation - NHS, Amazon, Post Office, HMRC or similar. They intend to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details or passwords.
At the Cyber Resilience Centre, we can run a Simulated Phishing Exercise, which helps to raise your staff's awareness of phishing emails and guards your business against the growing trend of social-engineering threats. Training your employees about what a phishing attack looks like makes them more likely to identify and report scams.
Ransomware
Ransomware is a type of malicious software (malware) that prevents a user from accessing a computer or its stored data.
The computer itself may become locked, or its data might be stolen, deleted or encrypted. Some ransomware will also try to spread to other machines, including any backup storage devices connected to the network.
Ransomware attacks are typically carried out using malware disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. A popup message or note is left on the computer asking for payment to regain access to the data.
Business Email Compromise (BEC)
Business email compromise (BEC) is a form of phishing attack where a criminal attempts to trick a senior executive (or budget holder) into transferring funds or revealing sensitive information.
The criminals behind BEC send convincing-looking emails that might request unusual payments or contain links to 'dodgy' websites. Some emails may contain viruses disguised as harmless attachments, which are activated when opened.
Unlike standard phishing emails that are sent out indiscriminately to millions of people, BEC attacks are crafted to appeal to specific individuals and can be even harder to detect. BEC is a threat to all organisations of all sizes and across all sectors, including non-profit organisations and charities.
Account Compromise
Whether it's your email, social media or some other type of online service, many things can alert you to the fact that someone else is accessing your account.
Being locked out of the account indicates that something has gone wrong, but the signs can be more subtle. Things to look for include logins or attempted logins from strange locations or unusual times. Changes to your security settings and messages sent from your account that you don't recognise are also indications.
Social media hacking / unauthorised access
This type of threat whereby cybercriminals sabotage and exploit victims often through Instagram and Facebook, causing damage to their online profile. Being locked out of the account indicates that something has gone wrong, but the signs can be more subtle. Things to look for include logins or attempted logins from strange locations or unusual times. Changes to your security settings and messages sent from your account that you don't recognise are also giveaways.
How can you stay secure?
Strong passwords and password managers - strong passwords on your devices are crucial to keeping attackers out. Keep passwords unique to each account and take advantage of password managers (Apple and Google now have their own) to save your passwords and take advantage of the suggested password feature.
Enable Two-Factor Authentication (2FA) - use this in your email and social media accounts especially - as it prevents criminals from gaining access to your accounts, even if your username and password are part of a data breach.
Review your social media settings – keep your personal information private so that criminals don’t have a raft of information to use as part of a phishing attempt.
Keep your software updated – cybercriminals can use known flaws in your software to gain access to your system, so keeping it up to date helps to withstand hacking technologies and methods. Having automatic updates turned on will help with this.
Backup sensitive data – ensure you have backups not only in the cloud but with an external, offline storage device. This could save you if your business has to deal with a ransomware attack.
Setup a Cyber Incident Plan - This plan would help your business respond to a cyber incident. We have a free Cyber Incident Response Pack, which has been designed to complement any existing plans or assist you in creating one.
Not sure if you need one? Here's why having a Cyber Security Plan in place is important.
Putting these simple measures in place is a great place to start planning or re-evaluating your current security strategy. We provide guidance, tools and assistance with our free-of-charge membership.
