This immersive workshop, held on the 13th March at The Hive, was developed by the South West Regional Cyber Crime Unit and sponsored by Barclays, required business owners/professionals to work in teams managing the cyber security of a fictional organisation, and compete against each other in the process.

Players faced various scenarios based on real life cyber threats, which develop and evolve as the exercise goes on. Participants used their leadership, communication and collaborative expertise to collectively decide how best to protect their company’s reputation, assets and profit.

By the end of the session, participants had learnt how to effectively prioritise different technical, procedural, and physical controls that their organisation can employ to enhance their cyber security.

We have had a report that criminals are using our name in a phone scam. The report is that criminals are pretending to be from the South West Regional Cyber Crime Unit, and calling people using an automated message that says their internet has been compromised and will be shut down within 24 hours, and if they want to speak to the technical team they should ‘press 1’.

This is a scam, if you do receive a call like this, hang up the phone immediately.

The South West Regional Cyber Crime Unit do not operate an automated call service. If we do contact you, we will provide you with a way of verifying that it is us, such as a collar number which you can then give to a 101 call handler if you need to confirm the caller’s identity.

If you are concerned that you have been a victim of this or any other type of cyber crime, report to Action Fraud on 0300 123 2040, or online at https://www.actionfraud.police.uk/

For advice on protecting yourself against this type of scam, visit the Take Five campaign website at https://takefive-stopfraud.org.uk/advice/

Current threats

Business Email Compromise (BEC)

A targeted form of phishing where criminals impersonate senior executives, or departmental authority figures, in order to get others to transfer funds or sensitive information to the imposter.

BEC can happen in different ways, but generally speaking a criminal will either hack into an executives email account, or they will ‘spoof’ the account (i.e. email from a lookalike account which is very similar to the original account). If an email has been spoofed then email filters may be able to help prevent these from reaching employees.

If an account has been hacked, then this is much harder to combat, as requests are coming from a legitimate account so detection software won’t be much help. This type of BEC allows a criminal the opportunity to directly alter invoice attachments, and even set up rules which will redirect emails into folders to cover up their tracks.

Advice

  • Check all correspondence and documents for inconsistencies in spelling, grammar, content, and for signs of social engineering. These include urgency, authority, intimidation or emotional appeals. If something doesn’t feel right, Take Five to think about whether it is a legitimate request.
  • Educate and train staff to defend against Phishing attacks – see the NCSC’s guide on this at https://www.ncsc.gov.uk/phishing . This guidance also includes information for IT staff on configuring email filters effectively, which can counter certain types of BEC.
  • Minimise the amount of sensitive data available online about your organisation. Criminals will use any data that they can to make their phishing attempts more credible. For example, are your suppliers referred to on your website? Do your employees advertise their job title and other sensitive data via social media?
  • Agree secure processes between employees internally and externally for your organisation to confirm certain purchases. For example, calling to double check when a change in payment details is requested, or contacting suppliers through separate channels to confirm orders etc.
  • Install and frequently update antivirus and anti-malware software to protect against malicious software looking to compromise email accounts.
  • Every Report Matters – if you have been a victim of fraud or cyber crime, report it to Action Fraud (either online at www.actionfraud.police.uk or call 0300 123 2040).

Useful Links

NCSC Black Friday CyberChat
Not sure how to securely set up your devices? Wondering about how to create the ultimate password? This Friday the NCSC’s Twitter account (@NCSC) will be hosting a Q&A, so get your questions in beforehand using #cyberchat.

Cyber Essentials
Cyber Essentials is a government backed scheme which helps to ensure that your organisation is protected against the most common cyber threats. Find out more about the scheme at https://www.cyberessentials.ncsc.gov.uk/

 

 

Wales tops the league of UK regions when it comes to businesses implementing measures to protect against Cyber threats. The regional ‘Cyber Secure Table’ published by the IASME Consortium utilises their own figures for businesses successfully certifying against the Government backed Cyber Essentials scheme.

You can get the full league table and some background on its compilation on the IASME website here.

“Cyber security is absolutely a hot topic right now,” says Mark Barnett, subject area manager for computing at Weston College. “Worldwide, we will spend around £70bn on cyber security in 2017. Big organisations like banks and law firms are looking into it more and more, and that means we need skilled people to be able to interpret and work in the industry. It’s absolutely key to jobs currently.”

It is for this reason that Weston College, working in conjunction with UWE, has developed a degree apprenticeship in Digital and Technology Solutions, which will see students leaving the course with a Bachelors of Science, alongside several years of industry experience, working as an apprentice in the field. It’s one of the first degrees of its kind in the UK, and one that meets both the needs of the modern age, and the needs of young people approaching higher education.

“It’s a full degree, but it’s all very tied into the industry and potential employers,” Mark continues. “Students learn the core skills and theory that they’ll need, including programming skills and project management, but they’ll also be developing business skills and working with big organisations, from day one.”

There are many advantages to this model of learning, Mark says. “Often, retention rates are higher with students on apprenticeships, because they are embedded in an organisation, and in the industry that they want to break into, from the very start. That link between business and academia is established and only goes on to increase in value.”

The setup is beneficial for both parties: students don’t pay any tuition fees to participate in the course, and are paid a wage for the work they do as apprentices. In return, employers get a steady influx of bright new things, ready and willing to learn on the job and often feel loyal to the firm that trained them and stay on as permanent members of staff.

“It’s a high calibre opportunity that is very different to the traditional graduate pathway,” Mark says. “It essentially guarantees students a four-year job, which, in the current climate, is unheard of.”

More apprentice degrees are popping up as alternatives to the traditional higher education route, and with tuition fees prohibitively high to many prospective students, alternative options are being embraced. And it isn’t just for young people, straight out of A-levels or a college BTEC course – Mark also sees this course as an excellent opportunity for those changing careers or wishing to attain a full degree. “It’s a chance for people to upskill within organisations,” he says. “You can study without the financial worry.”

The first intake of students joined the course in September 2017, but Mark is the first to realise that over the years that the cohorts will be studying, the world will be rapidly changing around them. “It’s quite a strange thing, writing a course for ideas and technology that sometimes does not even exist yet. But it’s a great challenge. It really does feel like we are at the forefront of some exciting stuff.”

Fraud affects 1 in 4 businesses every year; according to Action Fraud.

Have you invested time in risk assessing your activity?

You and your staff may be the weakest link when it comes to cybercrime. Social engineers or shall we call them confidence tricksters exploit you. They use techniques linked to everyday human behaviour to obtain information about your organisation.

New, often fledgling businesses may believe they are too small to be targeted, yet the very fact that you are pre-occupied with the setting up of your business leaves you wide open to a sting.

Understand how fraudsters work, train your staff, expect it to happen to you…protect your new business.

For more information..

https://www.cifas.org.uk/
https://www.financialfraudaction.org.uk/businesses/