Article

A-Z of cyber security part two: from hacking to privacy

Agenda magazine Agenda magazine

Being hacked is just a major challenge for IT. Right? Wrong.

We take a closer look at hacking and identify some of the tools cyber criminals use to launch attacks.

H is for hacking

The term might be overused, but hacking – any unauthorised access to information, data or systems – remains a major threat. “People traditionally think of hackers with cyber tans, sitting in their bedrooms at two o'clock in the morning, trying to attack invisible organisations,” says partner and head of cyber consulting at Grant Thornton, James Arthur. “Now, hacking is often more sophisticated than just one individual trying to hack into one system.” Hacking has even developed into a highly organised industry. “The sophistication allows criminals to mount cyber attacks against huge numbers of organisations at very low cost,” adds technical manager at the ICAEW’s IT Faculty, Mark Taylor.

I is for Internet of Things

What’s more vulnerable than a device containing your personal data? A network of interconnected devices. European vice president of cyber security at Nuvias Group, Ian Kilpatrick, says the Internet of Things (IoT) is a growing concern: “Driven by the convenience and benefits that IoT can deliver, the technology is being increasingly deployed by many organisations, with minimal thought as to the cyber security risks and potential consequences.” CEO of BullGuard, Paul Lipman, says that the mundane nature of many devices prevents them being properly protected, and smart connected devices are highly susceptible.

J is for jail terms

Among 2018’s cyber sentences1 were:

  • 10 months: Briton Gavin Prince, for a revenge cyber attack against his former employer
  • 5 years each: Ukrainians Inna Yatsenko and Gayk Grishkyan, for multiple attacks and extortion, including of a dating site
  • 9 years: American Travon Williams, for leading a gang making fake credit cards from data bought on the dark web
  • 12 years: Russian Vladimir Drinkman, for selling 160 million credit card numbers
  • 32 years: Briton Matthew Falder, for online torture of victims via the dark web

K is for hacking kits

Available cheaply on the dark web as well as through legal channels, hacking kits contain a variety of tools that a wannabe hacker might use to gain access to your system. Including items such as anonymity tools, carding software, keyloggers, wifi pineapples and malware, these are used to exploit weaknesses in your cyber security to gain access to confidential information. They can also be custom built to target particular software and databases, allowing the hacker to compromise your system or data, as well as potentially creating a back door so they can continue to exploit the company over the long-term. On the dark web, hacking kits are often sold alongside user manuals that guide people on how to use them against particular victims.

A-Z of cyber security
Part one: from assurance to Grant Thornton Find out more
A-Z of cyber security Part three: from quick response to zero day Find out more

Scamming in numbers 2

a-z-scamming-in-numbers.png

L is for liability insurance

Designed to support your business if it experiences a data breach or is the subject of cyber attacks, liability insurance may include protection against cyber extortion, costs of investigating a breach and support to mitigate reputational damage. However, insurers often use different terms and inclusions and many claims end up being disputed.

M is for malware

Malware – malicious software – is designed to do damage. “Cyber criminals create malware to exploit the vulnerability, to gain access to your systems, hold your data to ransom, or steal it. They may impersonate a well-known brand to deliver it via email, convincing you to click on a link or open an attachment,” says head of security at Xero, Paul Macpherson.

N is for National Cyber Security Centre

Set up in 2016, the National Cyber Security Centre protects the UK’s critical services and businesses from cyber attacks, improves internet security and manages major incidents. Between 1 September 2017 and 31 August 2018, it handled 557 incidents, and took down 138,398 phishing sites3.

O is for open doors

Open doors are parts of internet-facing infrastructure where personal information can be accessed by anyone who knows where to look. Web pages and databases that contain personally identifiable information, that aren’t secure or encrypted, can be a veritable goldmine for cyber criminals.

P is for privacy

Privacy is only possible if businesses ensure their security settings are up to date. Fraud prevention service Cifas advises companies to conduct regular software updates to patch infrastructure vulnerabilities that could be creating cyber security loopholes. To demonstrate the dangers of businesses not protecting their systems, insurance provider Hiscox recently staged ‘real world’ cyber attacks in collaboration with its client, the bike manufacturer Brompton4.

Highlighting the way in which websites can be duplicated, the bank constructed a complete clone of Brompton’s Shoreditch branch, named 3R0MPTON Junction, in the shop space across the street. Other than the slight spelling difference, the fake shop looked exactly the same and even hired similar looking members of staff to sell its counterfeit merchandise. A number of cyber attacks were simulated by the team, including diverting genuine stock deliveries from the real shop to the fake shop, in a similar way to phishing.

To discuss how you can protect your business from cyber attack, contact James Arthur, partner and head of cyber consulting.

References

1 Quarterly cybercrime digest: Sentencing, We live security, 2018

2 ‘Fake boss’ scams highlighted in Fraudstars awareness campaign, Get safe online, 2018

3 Annual Review 2018, National Cyber Security Centre, 2018

4 Hiscox stages 'real world' cyber attack on iconic bike manufacturer Brompton, Hiscox, 2018

 

CEO insights

Sign up to get the latest insights and stories for owners and business leaders by email