No organisation is exempt from being a target for cyber criminals, and indeed in the East we have seen some impactful cyber-attacks.  A sporting goods online retailer, based in Norwich, was hit by a cyber-attack in November 2021 which saw its website taken down and loss of access to its social media accounts.  In July 2021 a Cambridge based law firm was the target of an attack which saw sensitive data exfiltrated from their systems and staff email accounts being compromised. 

No matter what sector you operate in, or the size of your organisation, if cyber criminals think that they can successfully infiltrate your systems (and potentially benefit financially), they will.  Often we see that attackers apply the principal of one to many, whereby they will hit multiple targets with the same attack method with the aim of finding routes in to poorly protected systems.  Let’s now bring some of this to life by looking at 5 of the main ways this could happen.

Phishing

With email being an unavoidable part of running a business and engaging with customers and clients, cyber criminals continue to deploy multiple attacks through sending seemingly trustworthy emails to staff in the hope that they will be able to gain access to sensitive and valuable information.  Once a recipient clicks on the links in the email they will be directed to pass over information to what seems like a legitimate source but will in fact be sending things like passwords and access codes to criminals who will access company systems to either steal information or infect it with malicious software that can do the same.

Ransomware

Ransomware is any malicious software that infects computer systems or networks and operates by displaying messages that demand fees for the system to function normally again. It is a type of malware cyber-criminals use as a money-making scheme. Malicious cyber actors install ransomware through links sent via email or websites without the knowledge of the user. It has the capability of locking access to data through encryption, targeting sensitive files. Being targeted with ransomware can bring a business down incredibly quickly, often putting immense pressure on them to pay the ransom to the attackers in order that they can hopefully get back to normal with the least impact.

Email Spoofing

This is a form of email-based cyber-crime most commonly used to trick email recipients into releasing money or information by posing as a known and trusted sender – maybe someone you make regular invoice payments or bank transfers to.  Typically an email spoofing attack will identify a specific employee or role in the targeted company (often through freely available public information- scraping names and job titles from social media or networking websites for example) then send them a spoofed email that appears to be from Senior Management or a familiar and trusted customer making an urgent request for payment or information.

Social Engineering

This attack method covers a number of approaches that cyber criminals use to manipulate people in to giving away sensitive information which will enable attackers to access restricted information & systems.  The approach taken is to gather information on the intended victim(s) via building a personal relationship, to discover personal insights and also find any possible routes through which they can gain the desired information or access.  The clever thing about social engineering is that it relies on human error as a result of trusting a manipulative criminal – the attacker doesn’t necessarily need sophisticated technical knowhow to access secure systems. 

Access and device security

Leaving the front door, or a window, open gives criminals very easy access to physical locations – it’s the same when it comes to cyber and information security.  Organisations must ensure that the devices used by their staff to access sensitive information and systems are as secure as possible.  There are a number of ways to achieve this and two of the simplest to implement are restricting the devices that can be used, and ensuring that multi-factor authentication is in place. 

There are a growing number of businesses across the East of England providing cyber security services to organisations of all types, all with a central aim of helping better protect businesses and their staff from all of the above, and more.  It can be overwhelming knowing where to begin, and whether you are talking to the right partner.

Whether you are providing cyber security services to businesses, or are a business seeking information and support on how to better protect yourself, we all have an increasingly important role to play in better protecting ourselves, clients and customers.  

Bringing together cyber security businesses across the region, alongside providing support and insight to the wider community of businesses and organisations who need to better protect themselves, is something that will go a long way in building a network of connected people and organisations all with a focus on better protecting themselves and their customers.