You may find it strange for a financial planner to write about this topic, but I felt it was important to share what I have learnt following my attendance of cybercrime presentation by Gallagher’s – commercial insurance brokers.
The presentation was given by one of their security analysts, who highlighted the global threats that all businesses face. Yes, we have read in the papers about the attacks on high profile companies and government agencies although those on the smaller companies rarely hits the news.
Cyber risks mean data breaches, malicious attacks, fraud, social engineering, human error and, the failure of a service provider.
He describes this type of event like a “sniper as the most dangerous cyber security threats are the ones you never see coming.
The presentation centred around email addresses and passwords. As part of his demonstration he went onto a well-known site to register his interest in a product. He entered his email and an extremely complex 10-digit password. On the next screen, was the Dark Web – the part of the World Wide Web that is only accessible by means of specialist software, allowing users and website operators to remain anonymous and untraceable.
Within 5 seconds, the “Dark Web” had access to his email address and his extremely case sensitive password – this is scary stuff. Now imagine a small company with 15 employees dealing with hundreds of emails every day. Some of this could be related to their customer base, new orders, invoices, etc.
Fraudsters/hackers target company email accounts using phishing techniques. In a nutshell, phishing is a fraudulent attempt to elicit sensitive information from a victim in order to perform some type of action (gain access to a network or accounts, gain access to data, get the victim to perform an action such as a bank transfer).
Another term you could be familiar with is malware. In general terms, malware is any type of malicious software, program, or file that is harmful in nature. Frequently in headlines accompanying words like “data breach,” “cyberattack” and “ransomware,” malware is a word that has rapidly become commonplace in the digital world.
Ransomware is a type of malware that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid. More advanced malware uses a technique called “crypto viral extortion”, in which it encrypts the victim’s files, making them inaccessible and, then demands a ransom payment to decrypt them.
Finally, the presentation returned to the “live page” of the Dark Web and this highlighted the number of attacks on the global stage and there were thousands in the space of one minute.
For any victim of these malicious activities the costs can run into millions of pounds for a business. Unfortunately, a lot of vulnerable people fall for these tricks so please be vigilant and take remedial action to make sure your systems can deter these attacks!
This information is provided strictly for general consideration only. No action must be taken or refrained from based on its contents alone. Accordingly, no responsibility can be assumed for any loss occasioned about the content hereof and any such action or inaction. Professional advice is necessary for every case.
Nigel Taylor Cert PFS, Dip FA