Posted on 11th November 2019
Organisations large and small continue to debate how to improve their cyber security awareness. Some firms, through their GDPR compliance, are making good progress, but few organisations seem able or willing to grapple with the number one cause of cyber crime; human error. Whilst many firms say they understand the risks, few take the threat seriously enough. At the same time firms cannot decide what to do, often because of the impenetrable language used by security software suppliers to describe their services, not to mention all the acronyms! (see acronym glossary)
The need for strong firewalls, anti-malware software and operating system patching is now understood; the big issue continues to be the human factor.
The top cyber insurance claim cause of reported cybers attacks is ‘human error’ through phishing emails and or social engineering scams. It seems we just cannot stop ‘clicking’ those links and attachments. The majority of these are caused by basic mistakes that with a little cyber security awareness tuition would be corrected. The statistics from many credible sources show that every day firms up and down the country are being robbed of their hard earned income. Sometimes referred to as ‘fund transfer fraud’, it accounts for roughly 35% of all cyber insurance claims.
A real life cyber insurance claim this year took place at a firm of Conveyancers who were robbed of £250,000. This type of fraud has been given many names from ‘man-in the-middle fraud’, ‘business email compromise fraud’ and the old favourite, ‘funds transfer fraud’, each with its own acronym of course! This particular example also falls into the category of ‘social engineering’ which is often used for this type of more sophisticated fraud.
The incident was initiated in early 2019 with a phishing email purporting to be from the solicitor’s back office and billing systems supplier with an urgent request for the user to sign-in to run a system update, which the user duly did landing on what appeared to be a genuine page. It wasn’t, and the ciminals gained full access to the firm’s computer network, but kept quiet whilst they monitored various transaction trails. One caught their eye that mentioned a very specific instruction from a seller to post the sale proceeds rather than BACS them.
Having found a big enough target, the cyber criminal prepared his attack. He already had a lot of inside information on the firm from his social engineering enquiries and launched a sophisticated phishing attack. On the agreed date the conveyancers posted their letter and cheque to the sellers. At the same time the criminal sent his clever phishing email pretending to be from the seller, saying that they had changed their mind and would prefer to have the funds by BACS transfer, for which he supplied bank account details, the criminal’s bank details!
You can see where this is going. The seller’s email addressed looked correct and to the firm the communication appeared perfectly genuine and they transferred £250,000!
At a time when we are all ‘going digital’ our transactions are vulnerable to attack, and increasingly sophisticated ones, that if we are not really really careful will catch us out.
Cyber security breaches are never the result of something that could not be prevented
Contact us for advice on cyber security awareness talks and training Phone: 01342 301325 Email: email@example.comImproving your Cyber Security Awareness
"The BHBPA is the most effective and dynamic business organisation I have ever worked with in over 30 years in Local Government. It has a very active and large membership whose points of view are taken seriously by all government structures. Peter Liddell does an excellent job in providing unique and enjoyable networking opportunities where members interact and discuss points of mutual interest. It provides a forum for businesses to discuss common issues, to share experiences and to play a powerful and meaningful role in the Burgess Hill community. The BHBPA provides important and credible support for all its members and ensures that their best interests are represented where necessary. "
"Regular, well organised events, excellent updates and information by email along with a warm welcome from the Chair and Coordinator are just some of the positives at BHBPA."
"As MP for Mid Sussex I believe passionately in the importance of a vibrant local business community in order to create and sustain fantastic opportunities that enable people to meet their responsibilities, prosper and fulfil their potential. I am committed to collaborating with BHBPA and others to be an effective collective voice for Burgess Hill."
"If Carlsberg did networking they would do it the BHBPA way. Each event is packed with great ideas, thought provoking presentations and fun. As a small business we feel supported and part of the community. We have built friendships and business relationships and there is always plenty of advice on hand to benefit us all so don’t hesitate to join whatever the nature of your business. "