To tie in with International Cyber Security Month, which launches on the 1st of October, we wanted to take a closer look at the growing trend of cyberattacks and how businesses can look to build resilience and protect themselves online.

In the last 12 months, we know that 39% of UK businesses have identified cyber attacks, with ,31% of businesses estimating they were attacked at least once a week. When looking at businesses that face loss of money or data, the average estimated cost of all cyber attacks in the last 12 months was £4,200. But when you look just at medium and large businesses; the figure rises to £19,400.

Phishing

The most common threat is where targets are contacted by email, telephone (vishing) or text message (smishing) by an attacker who poses as a legitimate company/organisation - NHS, Amazon, Post Office, HMRC or similar. Their intention is then to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details or passwords.

At the Cyber Resilience Centre, we can run a ,Simulated Phishing Exercise, which helps to raise your staff's awareness of phishing emails and guards your business against the growing trend of social-engineering threats. By training your employees about what a phishing attack looks like, they are more likely to identify and report scams.

Ransomware

Ransomware is a type of malicious software (malware) that prevents a user from accessing a computer or the data that is stored on it.

The computer itself may become locked, or the data on it might be stolen, deleted or encrypted. Some ransomware will also try to spread to other machines including any backup storage devices connected to the network.

Ransomware attacks are typically carried out using malware disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. A popup message or note is left on the computer asking for a payment to be made to regain access to the data.

Business Email Compromise (BEC)

Business email compromise (BEC) is a form of phishing attack where a criminal attempts to trick a senior executive (or budget holder) into transferring funds or revealing sensitive information.

The criminals behind BEC send convincing-looking emails that might request unusual payments or contain links to 'dodgy' websites. Some emails may contain viruses disguised as harmless attachments, which are activated when opened.

Unlike standard phishing emails that are sent out indiscriminately to millions of people, BEC attacks are crafted to appeal to specific individuals and can be even harder to detect. BEC is a threat to all organisations of all sizes and across all sectors, including non-profit organisations and charities.

Account Compromise

Whether it's your email, social media or some other type of online service, many things can alert you to the fact that someone else is accessing your account.

Being locked out of the account is an obvious indication that something has gone wrong, but the signs can be more subtle. Things to look out for include logins or attempted logins from strange locations or at unusual times. Changes to your security settings and messages sent from your account that you don't recognise are also indications.

Social media hacking / unauthorised access

This type of threat whereby cybercriminals sabotage and exploit victims often through Instagram and Facebook, causing damage to their online profile. Being locked out of the account is an obvious indication that something has gone wrong, but the signs can be more subtle. Things to look out for include logins or attempted logins from strange locations or at unusual times. Changes to your security settings and messages sent from your account that you don't recognise are also giveaways.

How can you stay secure?

• Strong passwords and password managers - strong passwords on your devices are a crucial component to keeping attackers out. Keep passwords unique to each account and take advantage of password managers (Apple and Google now have their own) to save your passwords and take advantage of the suggested password feature.
• Enable Two-Factor Authentication (2FA) - use this in your email and social media accounts especially - as it prevents criminals from gaining access to your accounts, even if your username and password are part of a data breach.
• Review your ,social media settings – keep your personal information private so that criminals don’t have a raft of information to use as part of a phishing attempt.
• Keep your software updated – cybercriminals can use known flaws in your software to gain access to your system so keeping it up to date helps to withstand hacking technologies and methods. Having automatic updates turned on will help with this.
• Backup sensitive data – ensure you have backups not only in the cloud but with an external, offline, storage device. This could save you if your business has to deal with a ransomware attack.
• Setup a Cyber Incident Plan - this plan would help support your business in its response to a cyber incident. We have a free ,Cyber Incident Response Pack which has been designed to complement any existing plans or assist you in creating one.

Putting these simple measures in place is a great place to start planning or re-evaluating your current security strategy. We provide guidance, tools and assistance with our ,free-of-charge membership, join us today!