Computer Security Technology Ltd

+44 (0)20 7621 7836 LinkedInTwitter

+44 (0)20 7621 7836 CSTL LinkedInCSTL Twitter

Don't bank on recovering cyber losses

October 24, 2013

Don't bank on recovering cyber losses

According to the government department for Business, Innovation & Skills (BIS) small to medium enterprises are becoming increasingly susceptible to cyber attacks, putting their confidential information at risk.

In its 2013 Information Security Breaches Survey, the BIS reported that a startling 87% of all SMEs have been hit by a security breach of some description in the past year. Needlessly, this is costing those businesses affected up to 6 per cent of their annual turnover - a figure far higher than what it would cost to invest in preventative measures.

With most SMEs using the internet to do business, make purchases, sell their services and market themselves, all are vulnerable to attacks. So if you haven’t already you must instill basic security practices.

WHAT'S AT STAKE?

Failing to take sufficient precautions could pose a threat to your website, your in-house IT systems, your bank accounts, and sensitive company information.

This could have a disastrous impact on your finances in many ways - either through cyber criminals gaining access to your accounts and making purchases through it, through a financial loss due to a disruption to trading, or through the costs involved in remedying the damage of an attack. You could also incur fines should any personal data you have on record be compromised or lost.

WITH MOST SMES USING THE INTERNET TO DO BUSINESS, MAKE PURCHASES, SELL THEIR SERVICES AND MARKET THEMSELVES, ALL ARE VULNERABLE TO ATTACKS.


PUTTING A SECURITY PLAN IN PLACE

Firstly, you need to run a risk assessment. Consider what sensitive information you have that is critical to your business and what threats it could be exposed to. What legal stipulations and compliance regulations must you adhere to? It may be worth investigating whether any businesses in your sector have been subjected to any attacks so that you can learn from their experiences.

Look at investing in security controls that can be implemented to increase your defences. Malware protection will minimise the threat of virus infection. Network security is paramount and can be enhanced through the use of firewalls, access lists and proxies.

Manage user privileges to restrict access to IT equipment, systems and information only to those for whom it is vital. Ensure that data is encrypted for mobile workers and those using their own devices. Liaising with us to put a disaster recovery solution in place will ensure you remain productive should the worst happen.

The message form the BIS is clear. Making that investment now may require time and money, but it will save you a fortune in the long run.

 DON'T BANK ON RECOVERING YOUR LOSSES

The last few months have seen an upsurge in cyber-attacks leading to financial loss, for instance Birkenhead-based varnish producer AEV Ltd were subject to a phishing attack that enticed their financial control staff to inadvertently divulge the access codes to the online banking systems, the scammers then created bogus payee accounts and transferred over £100,000 of the Company’s money. A similar loss was experienced by a Baker “Truffles Bakery” who were subjected to a sophisticated virus attack that was originated from a bogus email from HRMC , the virus provided remote access to the fraudsters who used the information to access the firms online bank account and transfer some £20,000. These are a few examples of seemingly low profile businesses that have probably never thought they would be worth targeting by Cyber criminals discovering the hard way that anyone with an online business account makes them a target!

What makes this interesting is that the banks for both businesses although sympathetic to the firms loss, are not refunding the money or accepting liability, so be warned if you use internet banking and you’re the victim of fraud don’t expect your bank to make good - prevention is definitely better than a costly court battle with a rich bank.

And whilst talking of banks, they have also had a bad time of late; with both Santander and Barclays Bank being subject to highly developed attacks where outlying branches were targeted with a bogus telephone engineer tricking their way past reception staff to install equipment on PC’s, that in turn allowed the attackers to remotely control and access the banks finance system, in Barclays case over £1.3 million was lost.

BELOW ARE THREE SUGGESTIONS TO MAKE YOU MORE RESILIENT TO A CYBER-ATTACK

1) Ensure staff are informed of cyber threats, educate them in how to identify the risks and what they should do to limit the threat, coach them not to trust electronic communication, layout the do’s and don’ts for financial system access – make your staff part of your defence.

2) Ensure you malware protection is robust – use all the features your solutions has available (virus scanning is no longer sufficient) and have multiple lines of malware defence such at the gateway and the endpoint - detect the threat at the earliest possible opportunity.

3) Tighten up your system configuration to have a ‘least privilege access policy’, actively check for and remove vulnerabilities - deny hackers the ability to infiltrate your systems.

And lastly if you want to do more and not sure where to start then consider taking on our Cyber Assessment Service: where we undertake an assessment of your cyber security defences against the 20 best practice controls for cyber security, reporting on what needs improving and identifying key gaps in your defences, please email nigel.lewis@cstl.com if you would like to know more about this service."