How to beat cyber criminals
Our Regulatory and Criminal Investigations team has a long history
of defending those accused of fraud and has handled some of the
biggest cases ever prosecuted in the UK. More recently its services
have extended into internal corporate investigations and advising on
potential risks faced by businesses.
The increasing use of online services and the computerisation of businesses in general pose significant risks for
the unprepared, and recent crime statistics should make everyone sit up and evaluate their practices.
Valentine’s Day 2017 saw the Queen open the National Cyber Security Centre (NCSC), a part of GCHQ, at
Victoria in London. Businesses were critical of the protections offered by GCHQ saying that the organisation was too
secretive so the NCSC is seen as being more public facing and accessible. This is part of the Government’s £1.9bn
investment in cyber-security to take place over the next five years with the intention of protecting and responding to
high-end attacks on government, business and individuals.
This follows recent reports that Britain’s security has been threatened by 188 high-level ‘cyber attacks’ since
November 2016. The wider figures are staggering in that the UK’s security services have reportedly blocked 34,550
potential attacks on Government departments and members of the public in the last six months. This is an average of
around 200 per day and the NCSC is intended to make the UK the hardest target to infiltrate. Members of the private
sector have been seconded to the NCSC in order to help identify threats. The NSCS is also looking to use its activities to
protect the Government as a blueprint to extend to industry on a national scale with results being published to enhance
the collaboration between the public and the private sector to tackle the wider problem.
Mindful of how cyber-crime is now being prioritised at a national level, the recently published Crime Survey for
England and Wales 2016, for the first time, has measured the impact of cyber-crime in relation to fraud and computer
misuse offences. Astonishingly there were found to be 3.6 million cases of fraud and a further 2 million cases of
computer misuse between June 2015 and June 2016. This is a frightening prospect when one considers the amount of
undetected or unreported crimes of this nature. It is believed that only 13.2% of incidents were reported to the Police or
Action Fraud. A recent BBC report by Dominic Casciani suggests that the overall level of crime has been generally falling
for the past 25 years in the industrialised world but whilst the incidence of more traditional crimes such as burglary and
theft have fallen, criminal gangs are looking for new opportunities by exploiting gaps in online and banking security.
In a BBC broadcast Sir Tom Winsor, the Chief Inspector of Constabulary for England and Wales, said that the amount
of fraud taking place is probably in “epidemic proportions” and individual police forces have been required to work
extremely hard with capabilities and specialisms which are “quite skeletal”. This is a highly specialised and expensive
area and there is a real danger of demand significantly outstripping supply in terms of dealing with the volume of work
in the cyber-crime area. It remains to be seen, therefore, how the opening of the NCSC and the intended collaborative
approach in tackling these problems will work in practice.
Getting cyber aware
It is often a lack of knowledge, inadequate security or a combination of both that precipitates an attempted online
fraud or other form of cyber-attack. There is an abundance of ways in which businesses can be targeted from outside
and within, with the following becoming particularly common threats:
|
‘Mandate’ fraud, where employees are tricked into changing a direct debit or standing order by pretending to be a
supplier.
|
|
‘CEO’ fraud, otherwise known as a ‘Whaling Attack’, is where the employee is tricked into making a payment by
means of an email purporting to be from a senior manager. Action Fraud has reported an increase in the number
of these attacks on medical practices in recent months.
|
|
Extortion - files on a computer or network are rendered inaccessible by ransomware until a release fee is paid.
Hacking is one of the main issues facing businesses where private and often commercially sensitive company
information is obtained through the hacking of a company’s server, an employee’s computer or even access
through email or social media.
|
|
Retail fraud is the most regularly reported online crime affecting businesses with refund and label fraud being the
most prevalent along with the obtaining of goods with no intention of paying for them.
|
Measures need to be devised to prevent, detect and respond to such potential security threats. It may be that outside
expertise needs to be considered in this regard. As a bare minimum, experts suggest that businesses take the following
steps to try to combat this threat:
|
Introduce structured, regular and updated employee education and awareness training. All employees need to
understand their individual roles in keeping the business secure. It is no longer just the remit of the IT department.
|
|
Install internet security software on all systems including mobile devices. An attack can be made via a company’s
‘mainframe’ or individual employee’s mobile phones and tablets where these are linked to the company’s main
system.
|
|
Introduce regular security updates for all operating systems, applications, mobile and browser software.
|
|
Police a strict and enforced password policy for all employees and contractors.
|
If you are unsure or have no measures in place then getsafeonline.org is a very useful site with advice for individuals
and businesses about cyber-security and awareness with headings including hardware and devices, information
security, online security and safety, rules, guidelines and procedures, software, ways you work
and personal commentary. Should you or your business be the victim of a cyber-attack then it is
recommended that you engage with the authorities as soon as possible. The cyber divisions of
the National Crime Agency can be contacted directly on 0370 496 7622.
Published: 16 May 2017
Focus on Manufacturing - Edition 5
Sign up for updates from Irwin Mitchell
For general enquiries
0808 291 3524
Or we can call you back at a time of your choice
Phone lines are open 24/7, 365 days a year
