Posted on 11th November 2019
Organisations large and small continue to debate how to improve their cyber security awareness. Some firms, through their GDPR compliance, are making good progress, but few organisations seem able or willing to grapple with the number one cause of cyber crime; human error. Whilst many firms say they understand the risks, few take the threat seriously enough. At the same time firms cannot decide what to do, often because of the impenetrable language used by security software suppliers to describe their services, not to mention all the acronyms! (see acronym glossary)
The need for strong firewalls, anti-malware software and operating system patching is now understood; the big issue continues to be the human factor.
The top cyber insurance claim cause of reported cybers attacks is ‘human error’ through phishing emails and or social engineering scams. It seems we just cannot stop ‘clicking’ those links and attachments. The majority of these are caused by basic mistakes that with a little cyber security awareness tuition would be corrected. The statistics from many credible sources show that every day firms up and down the country are being robbed of their hard earned income. Sometimes referred to as ‘fund transfer fraud’, it accounts for roughly 35% of all cyber insurance claims.
A real life cyber insurance claim this year took place at a firm of Conveyancers who were robbed of £250,000. This type of fraud has been given many names from ‘man-in the-middle fraud’, ‘business email compromise fraud’ and the old favourite, ‘funds transfer fraud’, each with its own acronym of course! This particular example also falls into the category of ‘social engineering’ which is often used for this type of more sophisticated fraud.
The incident was initiated in early 2019 with a phishing email purporting to be from the solicitor’s back office and billing systems supplier with an urgent request for the user to sign-in to run a system update, which the user duly did landing on what appeared to be a genuine page. It wasn’t, and the ciminals gained full access to the firm’s computer network, but kept quiet whilst they monitored various transaction trails. One caught their eye that mentioned a very specific instruction from a seller to post the sale proceeds rather than BACS them.
Having found a big enough target, the cyber criminal prepared his attack. He already had a lot of inside information on the firm from his social engineering enquiries and launched a sophisticated phishing attack. On the agreed date the conveyancers posted their letter and cheque to the sellers. At the same time the criminal sent his clever phishing email pretending to be from the seller, saying that they had changed their mind and would prefer to have the funds by BACS transfer, for which he supplied bank account details, the criminal’s bank details!
You can see where this is going. The seller’s email addressed looked correct and to the firm the communication appeared perfectly genuine and they transferred £250,000!
At a time when we are all ‘going digital’ our transactions are vulnerable to attack, and increasingly sophisticated ones, that if we are not really really careful will catch us out.
Cyber security breaches are never the result of something that could not be prevented
Contact us for advice on cyber security awareness talks and training Phone: 01342 301325 Email: firstname.lastname@example.orgImproving your Cyber Security Awareness
"I am delighted to have a long-standing relationship with the BHBPA. Since its foundation the Association has gone from strength to strength and there is no doubt that it has brought huge benefits to its members and the business community as a whole through the partnerships it has formed with the local authorities, Sussex Police and local organisations. It is paramount that Burgess Hill businesses have an effective collective voice."
"“We have been members of BHBPA from its inception, and seen the organisation steadily grow and expand into the dynamic entity it is today, bringing positive benefits to all its members.""
"“Sutton Winson have been members of the BHBPA for around 7 years. We have found it a great way to keep in touch with Burgess Hill businesses and to meet with likeminded people. It’s not just another “networking” group, as it tackles the real issues and gets things done”"
"This association was started with a lot of effort from a few local businessmen and has proved to be a very powerful and useful tool for our business. The BHBPA has influence at the top level; when action is needed, the BHBPA gets it done. We are kept in touch with all that is happening on our doorstep and will often act because of what is published in the weekly emails / newsletters."