One area of Digital Media which many companies overlook in their quest to harness the power of the internet, is the very real and present threat of a cyber attack on their network. We hope this article will raise your awareness of the subject and illustrate why it is such a vital area for UK business to take responsibility for.
Cyber attacks are no longer solely the domain of genius geek hackers who will see it as a “badge of honour” to hack their way into a major network but are now more likely to be well planned attacks by organised crime.
DME STAT: It takes 210 days on average for a company to detect a cyber attack on their network
Reconnaissance – Infiltration – Exploitation – Exit
An Organised crime attack will involve initial reconnaissance involving an in-depth scan of your network for any vulnerability, this will include weaknesses in your supply chain and clients’ networks, to look for a “back door” into your system.
Once they have infiltrated the system they will often sit for months on the network without being detected and looking for ways to exploit the data they have access to, be it a “fishing” exercise for valuable names, emails, addresses, passwords or credit card details to allow them to clone an identity to commit fraud or even access other networks on the system and get even deeper.
The final part of the “hack” is the exit, usually using a piece of software called “ransom ware” which will ask for a payment for a private key which will then restore the files and computer. However, once the payment is made and the private key entered the software also deletes all trace of how the attacker got into the system.
Information That “Hackers” Will Regularly Use To Set Up A Cyber Attack
The amount of personal data which is freely available on the internet about individuals and companies is staggering and a well organised search of Companies House can reveal home addresses for Directors of companies.
DME TIP: Make sure you mask your correspondence address at companies house and switch off location services on your social media.
Social Media “location services” on apps such as Instagram, Google+, Twitter and Facebook can reveal exactly where you have been and when, creating a pattern of movement which can be exploited by criminals.
How To Minimise The Chance Of An Attack
The secret to good cyber security is that “prevention is better than cure” so ensure you follow these simple rules to reduce the chance of falling victim to an attack:
- Hardware – always ensure your servers and network are fully protected by boundary firewalls, internet gateways and encryption software. Your anti-virus and malware protection software should be commercial spec paid software, do not rely on free antivirus to protect you.
- Software – Always keep your software up to date with the latest updates. Updates regularly contain “patches” for vulnerability that has been detected by software producers, so always get the latest version and updates. One other tip on software – Only use legitimate software – do not be tempted into downloading cheap or “unlocked” copies of software, as this is a regular technique for hackers to get into your system.
- Knowledge – Constantly get reliable information on the latest threats and how to avoid them (see below).
Above all you must change the culture in your business, your clients and suppliers and take responsibility for network monitoring and vulnerability scanning.
Resources To Help You Manage & Control The Threat Of Cyber Attack
We recommend you utilise these two resources to raise awareness and education in your business:
- Apply To Become A Member of CiSP – There are huge benefits to becoming a registered member of CiSP (Cyber-Security Information Sharing Partnership) run by Cert-UK. This joint industry government initiative was set up to reduce the impact and threat of cyber attacks on UK business. By joining CiSP you will gain access to a valuable resource of up to date information on cyber threats, a trusted community and forum to ask questions, and receive information direct from Cert-UK before it is released to the public giving you a competitive advantage over your competition. As a member of CiSP you can even receive free Network Monitoring Reports which will alert you of any malicious activity on your network.
- Join The Cyber Essentials Scheme – Set up in June 2014, the Cyber Essentials Scheme was set up by the government and supported by industry to help organisations protect themselves against cyber attacks. You can find out more here – Cyber Essentials Scheme Overview. As you can see the scheme enables you to adopt a set of best practice technical controls to prevent cyber attack and by doing so display a badge on your websites to endorse the fact that they are safe, either the Cyber Essentials or Cyber Essentials Plus Badge (See Below)
Other Resources & Downloads:
Download your free 10-page pdf overview of the Cyber Essentials Scheme Here – Cyber Essentials Overview PDF
Check out this Government Resource on the Cyber Security Information Sharing Programme
How secure are you?
We hope that has been a useful article for you and if you would like any advise on cyber security or for us to complete an in-depth digital media audit on your business, please get in touch here or send us a message on Facebook or Twitter.