Upload File

secure wall - how should companies protect themselves from cyber crime?

  • Home
  • Technology
  • Secure Wall - how should companies protect themselves from cyber crime?
3
ADVICE insider MAY 2016 15 How big a threat to business is cyber crime? Gary Sirrell It’s a huge threat that’s mas- sively under reported. We can’t do anything unless it’s reported. Report it to the Action Fraud, the national central agency for fraud, or the local police. Phishing (when hackers send emails or set up websites in the hope of ensnaring a naïve computer user) is huge. People think they should spend a lot of money on protecting their IT. I would advise some basic training of your staff; they’re your greatest asset but also your greatest liability when it comes to cyber crime. Ransomware (which hackers use to block a company’s access to vital data until the business pays a ransom) is an effective business model because they ask for the kind of sums – usually a few hundred pounds – where companies seriously consider paying the ransom to quickly regain access to their data, and many end up doing just that. A hospital in the US recently paid a few thousand dollars to a ransomware hacker. But you’re funding organised crime if you do this. Ian Batten There’s an easy way to avoid this: have data backups. Businesses that don’t have backups don’t care about their data. This just doesn’t protect them against that sort of crime, but a wide range of IT threats, including hard drives going bad. Helena Wootton One of our clients had a secretary who copied the inbox of one of the directors and then threatened to pass out sensitive information. A report by PwC found 60 per cent of small businesses were attacked from inside last year. SECURE WALL HOW SHOULD COMPANIES PROTECT THEMSELVES FROM CYBER CRIME? PANEL ONE IAN BATTEN lecturer in computer security, University of Birmingham HELENA WOOTTON partner, Browne Jacobson GARY SIRRELL detective sergeant, West Midlands Police Cyber Crime Unit “Your staff are your greatest asset but also your greatest liability in when it comes to cyber crime.” Gary Sirrell Why is the level of reporting to police so low? Sirrell There are some issues with Action Fraud at the moment and there’s time delays built into the system. The police are quite good with victim care when it comes IAN BATTEN HELENA WOOTTON GARY SIRRELL SPONSORED BY p15-17 Cybercrime breakfast.indd 15 07/04/2016 15:41

Upload: browne-jacobson-llp

Post on 12-Apr-2017

91 views

Category:

Technology


0 download

Report

TRANSCRIPT

Page 1: Secure Wall - how should companies protect themselves from cyber crime?

ADVICE

insider MAY 2016 15

How big a threat to business is cyber crime?Gary Sirrell It’s a huge threat that’s mas-

sively under reported. We can’t do anything unless it’s reported. Report it to the Action Fraud, the national central agency for fraud, or the local police. Phishing (when hackers send emails or set up websites in the hope of ensnaring a naïve computer user) is huge. People think they should spend a lot of money on protecting their IT. I would advise some basic training of your staff; they’re your greatest asset but also your greatest liability when it comes to cyber crime. Ransomware (which hackers use to block a company’s access to vital data until the business pays a ransom) is an effective business model because they ask for the kind of sums – usually a

few hundred pounds – where companies seriously consider paying the ransom to quickly regain access to their data, and many end up doing just that. A hospital in the US recently paid a few thousand dollars to a ransomware hacker. But you’re funding organised crime if you do this.

Ian Batten There’s an easy way to avoid this: have data backups. Businesses that don’t have backups don’t care about their data. This just doesn’t protect them against that sort of crime, but a wide range of IT threats, including hard drives going bad.

Helena Wootton One of our clients had a secretary who copied the inbox of one of the directors and then threatened to pass out sensitive information. A report by PwC found 60 per cent of small businesses were attacked from inside last year.

SECURE WALLHOW SHOULD COMPANIES PROTECT THEMSELVES FROM CYBER CRIME?

PANEL ONE IAN BATTENlecturer in computer security, University of Birmingham

HELENA WOOTTONpartner, Browne Jacobson

GARY SIRRELLdetective sergeant, West Midlands Police Cyber Crime Unit

“Your staff are your greatest asset but also your greatest liability in when it comes to cyber crime.” Gary Sirrell

Why is the level of reporting to police so low?Sirrell There are some issues with Action

Fraud at the moment and there’s time delays built into the system. The police are quite good with victim care when it comes

IAN BATTEN HELENA WOOTTON GARY SIRRELL

SPONSORED BY

p15-17 Cybercrime breakfast.indd 15 07/04/2016 15:41

Page 2: Secure Wall - how should companies protect themselves from cyber crime?

CYBER CRIME BREAKFAST

16 insider MAY 2016

to traditional crime, but not so good when it comes to the technical side. But things are improving.

Wootton Businesses are concerned about being honest about breaches; they may not want to report anything to the police be-cause of the nature of the data that’s lost. They also may not want to report it because it’s an inside job.

Batten The argument that there’s a huge undercurrent of cyber crime not being reported may be true, but it’s unknowa-ble. It seems strange the British Crime Survey, seen as the gold standard of crime reporting, doesn’t actually back up these claims. These crimes can be protected against fairly easily using old-fashioned data processing hygiene. When I worked in industry the big focus was on stopping the corrupt employee in accounts receivable

How can cyber crime be best brought to the forefront of directors’ minds?Wootton What’s coming out of the new data

protection legislation is the threat of being fined up to €20m, or four per cent of global annual turnover. There’s also obligations on businesses that process customer data. All this is going to be more enforced rigorously.

Batten Very few companies recover from an IT disaster. What concerns me is that the narrative about cyber security is frighten-ing people away from storing data in the cloud, when there’s far more of a risk of a fire or power failure in their building. If you lose your accounts receivable or accounts payable you’re dead.

Sirrell A lot of victims are being subject to basic attacks which could be put right by taking simple measures. If you make it harder the bad guys will go elsewhere.

“The narrative about security is frightening people away from the cloud when other risks are far greater.” Ian Batten

from colluding with the corrupt employee in accounts payable and setting up a fake supplier, which was made much easier be-cause they all had each other’s passwords. Dealing with those problems is much more realistic than worrying about being attacked by scary cyber hackers.

p15-17 Cybercrime breakfast.indd 16 07/04/2016 15:41

Page 3: Secure Wall - how should companies protect themselves from cyber crime?

ADVICECYBER CRIME BREAKFAST

insider MAY 2016 17

What are the main measures businesses should take to protect themselves?Mark Lomas Everybody is a target online,

no matter how big the business. It’s about having the right policies in place, before you even think about the technical solu-tions. Staff must be properly trained and be made aware of the risks.

Susan Hallam Once you know the risks look at what you need to do to address them. Don’t try and avoid using the internet, because that would be impossible.

Gary Sirrell Back up your data as often as you can, keep data at multiple sites and practice restoring from backups. Keep your most important data in the safest place.

Is using the cloud more dangerous for SMEs than storing data traditionally?Hallam Many of us are in the cloud already,

but we don’t realise how actively we’re using it. Don’t take a sledgehammer ap-proach in trying to avoid the cloud. Instead take a scalpel approach to make sure you’re appropriately addressing the issues. Small businesses are typically exposing themselves to 400 different apps via staff, so you need to know the risks you are taking by allowing staff into the office with a smartphone every day. Seventy-seven per cent of apps are not ready to be used in a secure fashion and are actually borrowing data from other apps. So the biggest risk is insider incompetence, by not knowing what the risks are.

Hallam A lot of businesses are thriving because they’re working in the cloud, so they want to continue to use it and make the most of it. But you should use two-step verification to protect yourself. Also, many businesses don’t realise that if someone tries to get into your Dropbox who isn’t recognised it will notify you.

How important is an ISO mark when it comes to cyber security?Lomas If we all hit those high standards

then we’ll make life so much harder for the criminals. It’s like vaccination; it doesn’t take too many children not to be vaccinated to cause the outbreak of a disease. Ransom-ware wouldn’t be spreading on the internet if everybody was universally protected. We can strive for that by meeting certain standards in the industry.

Sirrell The ISO 27000 series is not the whole answer, but it’s important. The Cyber Es-sentials package, introduced to cover very small companies that don’t have resources to go for an ISO standard, is a cyber health check for a business, which will give you report on where to go next. It costs £400 to £500 and you do it once a year. The gov-ernment is saying it won’t do business with you or your supply chain if you’re not signed up to Cyber Essentials.

Hallam There are government grants availa-ble for businesses that are striving to meet these standards.

PANEL TWO SUSAN HALLAMmanaging director, Hallam Internet

MARK LOMASIT consultant, Icomm Technologies

GARY SIRRELLdetective sergeant, West Midlands Police Cyber Crime Unit

Lomas We’ve seen the emergence of stand-ards when it comes to the cloud, especially in the area of security. This includes ISO 27017, which many providers are looking to certify themselves against. This gives a level of assurance and clarity. A reason you may go to the cloud for security is because providers are going to be more obsessive about applying best practices around se-curity in a strict manner. This is something businesses struggle with. Emails aren’t necessarily secure either. You need to look at what you’re using to transfer data, such as Dropbox or WeTransfer. Staff are using them through their own personal accounts, which can have security implications. You need to have a degree of control with people in your organisation about what they can and cannot do.

Sirrell There’s got to be an element of safe help and investing in training of staff. There are some very simple measures you can take to protect against these threats. There’s a vast amount of resources available to help you, and it’s all free.

“You need a degree of control in your business about what people can

or cannot do.” Mark Lomas

“The biggest risk to business is insider incompetence, by staff not knowing what the risks are.” Susan Hallam

SUSAN HALLAM MARK LOMAS GARY SIRRELL

SPONSORED BY

p15-17 Cybercrime breakfast.indd 17 07/04/2016 15:41


Cyber Law And Cyber Crime

Cyber crime and cyber security

Crime and Cyber-crime

Pp cyber crime & cyber law

Cyber crime

Cyber Crime & Cyber War

“Cyber Crime in India” n. Contents What is Cyber Crime? History of Cyber Crime. Types of Cyber Crime. Mode and Manner of Committing

Cyber-Crime, Cyber- Warfare, Cyber- Conflict › wp-content › uploads › cybertalk … · What is Cyber-crime? Cyber-warfare? “Cyber” –Computers and machines Cyber-crime

Cyber Crime

cyber crime and cyber laws

Cyber Crime and Computer Crime

Cyber Crime: Cyber-Bullying

cyber crime & cyber law