We all know that cyber attacks are on the increase, but not many of us actually know what it is, or how it effects us. So, I would like to share two examples with you.
Cyber Attacks Example 1 – Know who you are dealing with.
A large UK multinational centralised their finance function. As part of this, all payments to third parties were collated in one office. Part of their role, was to collect payments from other divisions within the business and pay the third parties. Our nasty little friend ‘Mr Hacker, managed to get access to the Financial Controllers (FC) email inbox and setup a shadow function. They even started to send emails out as him and then deleted the sent items to cover their tracks. By doing this, over a period of months, they found out who the FC was dealing with and when payments were made. And, how much was paid.
Then Mr Hacker, made contact with 5 of their divisional contacts and advised them the finance team was moving. As part of this move, the email address of the Financial controller would be changing and all contacts would need to be to use the new email address. Which of course, was fake. A week later, new account details were sent out from this fake address along with invoices for work done. All five divisions excepted this ruse and transferred a total of £1.3 million pounds!
Cyber Attacks Example 2 – Phishing.
A client received an email from their bank. This email gave details of a new deal. It then went on to say don’t trust this email but logon to your bank account in the normal way and gave then the link. Once there they could review the new rates and deals. The user clicked the link and put in their username and password, so far so good. However, embedded in that link was a mirroring virus that allowed Mr Hacker to see all the keystrokes on that PC. That meant the hacker had all their account details and could access their account at will. The hacker then accessed the account and transferred £130k to their account.
What can you do to protect your business against cyber attacks?
Cyber attacks are becoming more elaborate and clever and not all are immediately obvious. This means you have to be more alert and ensure you have taken all means to help you protect your users and IT systems.
One of the new initiatives is cyber insurance, where you insure against the above crimes. This will give you piece of mind. However, no insurance company is going to insure you unless you have taken reasonable steps to protect your IT systems. This is where Unleashed come in.
Unleashed can provide you with a full security audit to make sure you are compliant. In addition, we can arrange network penetration testing and Phishing exercises. These are particularly good to see the knowledge of your staff. In addition, we can do cyber security training for your staff.
For security piece of mind, contact Unleashed www.weareunleashed.com 0333 240 0565 or email cyberaudit@weareunleashed.com