A new report by SJL Insurance and carried out by YouGov has found 1 in 5 UK businesses have suffered a cyber attack that has cost them financially. 59% of those who knew how much the business had suffered financially as a result of their most recent cyber-crime attack had between £1,000 and £250,000,000 worth of damage done.
Talking on Business Breakfast, Rob Shapland, Head of Cyber Awareness at Falanx Cyber, describes who might be behind the hacking and how, as an ethical hacker, he could break into a companies systems:
“Organised criminal groups that might have traditionally robbed banks or jewelry stores are now moving into cybercrime as it’s more profitable and less risky. They might try and influence someone within the company. The easiest way might be, for example, to bribe a cleaner to take a USB stick with them to plug into the network, logging keystrokes and now I have the passwords. I could log in as someone that works there, steal information from the network. Imagine that at a big pharmaceutical company, selling plans for drugs could potentially be worth millions.”
It’s not like what you see in the moves:
“A lot of the times it’s the companies employees, rather than doing as you see in the movies where you got a hacker in their basement listening to metal music and tapping away. You actually target the people that work at a company so a typical way to do it is to send them a phishing email so something like a link or attachment, you go on social media to look through their Instagram photos you find out they’ve been to a hotel recently. Then, pretend to be from the hotel and send an email saying you’ve left valuables in your room click on these photos to see. Via these photographs, I now have access to their computer at work and I can do whatever I want with it. I can steal information from it, I can turn the webcam on and look at them if I really want to.”
On how trusting employees within office environments can be and being an inside man:
“People are very, very trusting – which is a nice thing but it often makes it very easy for me to dress up (as a security guard) and get into their building. Once I’m inside I’m normally trusted, especially in a big company. If you got 1000’s of people working in an office, you wear a suit and tie, you look comfortable, you go to the kitchen to make a cup of coffee you sit down in a hot-desking area -everyone just thinks you work there and it’s possible to hack away from the inside.”
“It’s quite rare to actually use someone on the inside to do it. It’s normally done by phishing which is why most cybersecurity education is about being careful what you click on. Even if it happens, most companies have systems in place to detect these attacks before they even happen.”
Watch the interview on Falanx Cyber Official YouTube here
About Rob Shapland, Head of Awareness, Falanx Cyber
Rob Shapland is an ethical hacker with 12 years’ experience attacking the defences of hundreds of organisations, from small businesses to major international organisations. His specialism is ‘red teaming’, or full simulation of criminal attacks, combining his hacking knowledge with his other hobby of dressing up and breaking into buildings. He uses stories of these intrusions to deliver engaging and exciting cyber security training courses to companies all over the world. He is also a regular speaker at events and conferences around Europe, and appears on both BBC and ITV as a cyber security adviser.