With the daily use of technology in business and personal life, the rise of cyber crime is a serious problem.
Earlier this year, The Guardian (25.2.16) reported on findings from PWC that described the UK as a hotbed of economic crime but not enough companies were taking it seriously.
The article explained, “Approximately 55% of UK firms have fallen victim to economic crime in the past two years, according to the PwC global economic crime survey, compared with a global rate of 36%.”
Research from Proofpoint Inc found that in 2015, people willingly downloaded more than 2 billion mobile apps that steal personal data and furthermore, email banking Trojans accounted for 74% of malicious document attachments.
Todays Cybersecurity Workshop brings together a panel of industry experts to discuss tactics of organized cybercriminals targeting companies and employees. The panel includes Joshua Bass of ProofPoint; Gavin McWilliams from the Centre for Secure Information Technologies; Will Semple at PWC; Detective Chief Inspector Douglas Grant from the PSNI Cyber Crime Centre and Richard Davis also from ProofPoint.
Gavin McWilliams, started off by looking at the jargon surrounding cybersecurity. He explained three reasons he thinks are behind this (1) the fact that it has come from America and their use of language around this is quite different to how we speak in Belfast (2) cyber security involves the tech industry who are experts in gobbledygook and finally (3) the connections to the U.S military. Managing the risks and promoting confidence are key for businesses to respond, so forget the jargon and focus on that.
Det, Chief Insp. Douglas Grant explains 53% of crimes recorded now have a cyber link. The most recent cyber attack was this morning so it is a real issue and threat, it is a daily problem. Something previously accessed by hackers and computer software experts, it is now used by ‘ordinary’ criminals. Ransomware has increase by over 3000% (Ransomware is defined as ‘a type of malicious software designed to block access to a computer system until a sum of money is paid.’) Douglas stressed to take down the infrastructure of cybercrime business and police need to work together.
Richard Davis from Proofpoint added to the point on Ransomware that campaigns which previously would have been sending 500,000 emails at one time, this has raised to 50 millions emails now sent in one go. Training and awareness on the weak links are important if we are to reduce cybercrime.
Internal training and awareness of the threats of cybercrime was picked up by Will Semple from PWC. Cyber crime is an industry worth millions globally. Beyond awareness raising and training, Will says we need to ask why the attacks keep happening and why do people click on the links. We can either train them and wrap them in restrictive controls or use a cultural and behavioral based approach on why people should not click on the link, use an external USB on their computer or visit unknown risky websites. This change would make the biggest difference.
“Everyone is responsible for cyber security”
Detective Chief Inspector Douglas Grant from the PSNI Cyber Crime Centre
“Solutions need to reflect how people work and the range of devices they use.”
Richard David, ProofPoint.
Practical advice & links: