Cyber Security

Cyber Security refers to how you can protect your systems, networks and data in cyberspace.

Threats to your systems, networks and data are becoming ever more prevalent and sophisticated as technology develops and user knowledge grows. The results of a risk assessment, enlisting professional cyber security help, raising awareness and cyber security training within your organisation and regularly reviewing your defences can help form the basis of strong cyber resilience.

Simply having some good anti-virus software and perhaps a firewall no longer offer anything like the kind of protection that organisations need, especially when the company / organisation grows, expands its IT infrastructure and systems, and / or adds users and links with other systems. The use of more devices by businesses e.g. the Internet of things (IoT) will mean an even greater need for cyber security.

The Risks

For most commercial organisations cyber crime is the main risk e.g. individuals or groups stealing data e.g. customer data, employee data and credit / debit card numbers, extorting money, causing serious disruption and damage to your IT systems e.g. a SYN flood attack (Denial of Service / DDoS attack), impairing or bringing down your website. Crimes such as data theft or interrupting your web server and website can mean lost revenue, lost customers, damage to reputation and loss of public and stakeholder trust, litigation and fines, and even loss of the business itself. Just as whole countries and states face unprecedented cyber war and cyber terror, ordinary businesses are also facing new and evolving threats.

High Profile Proof All Around

You don’t have to look far to see high profile examples of cyber crime:

Multiple Threats

Types of Cyber Crime

The most common types of cyber crime include:

Malware / Crimeware (malicious software). This includes:

Phishing: Attempting to deceive by posing as a legitimate and trusted third party organisation in order to extract personal details e.g. passwords and bank details. This often involves the use of fake websites and emails. This kind of crime relies upon human weakness, lack of awareness and knowledge and poor decision making. As such, the social element of this type of crime means that (along with pharming) it is often known as ‘social engineering’.

Pharming: Trying to re-direct the traffic of a legitimate website to a fake one in order to extract private personal data.

Man in the middle attacks (MITM): The cyber criminal deceives and manipulates multiple victims by impersonating the 2 end points. This could be e.g. using the connection from your smartphone to a website and impersonating your bank to you and you to your bank while you are conducting online banking.

Drive-by: This is a general description for an opportunistic cyber crime whereby the perpetrator notices weaknesses in system and exploits them without specific prior plans.

Point-of-sale (POS) intrusions: These kinds of attack are common in retail and hospitality e.g. restaurants, hotels and shops and involve compromising the POS device and remotely stealing card details and money.

Misuse of computer access privileges by insiders.

Theft of / acquiring physical devices: Stealing or the opportunistic finding and exploiting of information on e.g. company laptops, USB drives and printed materials.

Web app attacks.

Denial of Service attacks (DoS): Using botnets (taking over multiple other internet computers and platforms) and powerful servers to launch an attack on another computer / server that overloads / overwhelms it e.g. layer 7 or flood attacks.

Cyber espionage: These kinds of attacks can often happen in e.g. mining, professional services, manufacturing and the public sector.

Payment card skimmers: Card reading devices that are physically installed where customers use their cards to pay in e.g. retail outlets, ATMs and petrol pumps.

Common Protection

Some of the common ways that organisations protect themselves against the many various forms of cyber attack include:

Cyber Crime Figures

Cyber crime figures make sobering reading and emphasise the need to be proactive in prevention now. Fort example:

Ideal Crime Conditions

Cyber criminals obviously favour methods that allow them to:

It is now easier and cheaper than ever for cyber criminals to launch attacks. For example cyber criminals can buy off-the-shelf hacking software that even comes with its own support services. DoS attacks for example are can cost the criminal as little as £30 to execute but can cause huge damage and disruption. Some of the most popular systems and platforms are often the targets for cyber criminals. For example Wordpress makes up 25% of all websites and Imperva’s 2015 annual Web Application Attack Report (WAAR) shows that Wordpress is thought to be the most attacked CMS with around 3.5. times more attacks than non-CMS applications. DoS attacks make up around 13% of all the attacks involving the system.

How We Can Help You

Help With Cyber Essentials

The UK government’s Cyber Essentials Scheme can provide a solid basic framework for improving cyber security and cyber resilience of your organisation. We can help you to implement the many different measures and work towards Cyber Essentials Certification. Click here for more information on the government’s Cyber Essentials scheme >>

Penetration Testing

Finding out what your organisation’s cyber security vulnerabilities are before a hacker does gives you opportunity to proactively take the right security precautions now to maximise security, thus protecting your clients and stakeholders, and maintaining their trust. Penetration Testing involves launching simulated attacks using industry leading methodologies to discover and identify what vulnerabilities are present in your web applications, networks or devices. From this reports can be produced detailing the issues, the nature and level of the risks, and providing analysis and guidelines that can be used as the blueprint for realistically close possible loopholes and secure your IT infrastructure and systems.

Cyber Security Training

Cyber Security Training for your staff can be a real factor in reducing the risk of cyber attack by addressing a key weakness that is vital to the success of so many cyber crimes - the human element / human error. With Cyber Security Training your staff will be much more aware of the risks, and more likely to identify cyber crime attempts, and to act accordingly in a way that helps your organisation. Cyber and Information Security Skills are also valuable commercial assets that are now in demand.

Cyber Security Compliance

Attaining nationally and internationally recognised standards can mean that you and your organisation have the confidence of knowing that you are using best practice. This can feed directly into and increase the effectiveness of your organisation’s cyber security. Being able to demonstrate cyber security to a recognised level also sends a re-assuring message your organisation’s stakeholders that you are committed to cyber security, and could also help you to win new business. Achieving cyber security compliance to a recognised level can therefore be a source of competitive advantage.

We can help you to achieve compliance and to work towards your chosen standards including:

Cyber Security Consultancy

We provide professional Cyber Security Consultancy Services for any and all aspects of you organisation’s cyber security including systems, networks, data, devices and staff training.

If you are a UK business looking for help with any (or all) of your IT requirements, click here.