For those who visited the Digital Pathway’s Cyber Security Seminar on 1st March 2016, there was a lot of important information to take away. Held at the Harlow Enterprise Hub, the afternoon was one of the astute presentations around the cyber security threat and inquisitive questioning from the visiting crowd. One speaker who quickly grabbed the attention of the audience was Donell Henry, a representative from Barclays Bank. His presentation centred on cyber fraud, and ways that his bank was helping customers to alleviate the risk.
Donell began by ‘setting the scene’, pointing out some quite frightening statistics based around UK cyber fraud. These included the fact that the cost of fraud in the private sector amounts to £21.2bn, and that one in four businesses have been victims of fraud. Equally important was the percentage of businesses who didn’t invest in prevention measures against such attacks, which Donell informed us stood at 39%. The point was further hammered home with the statistic that 82% of firms believe they are ‘too small’ to be a victim of cyber-attacks.
Moving forward, Donell then outlined the two main starting points for fraud; malware and password acquisition. He explained that malware provides access to private information, giving criminals the ability to record account details, monitor key logging and even watch the victim’s screen remotely. He listed the main access points for malware as removable storage, infected networks and embedded documents. How fraudsters obtain passwords was shown to be equally tricky, with Donell citing deception, brute force and spyware methods as the most common.
Further on in the presentation, examples were shown as to how fraudsters have tricked and deceived individuals with emails and letters. The first was on the subject of ‘obeying orders’, with an email supposedly from a superior instructing a member of staff to transfer money. In actual fact, the account had been hacked and the money transferred to a criminals account, losing thousands. The second was a letter which gave details of a change in bank details, again from a fraudster as opposed to the actual organisation. Donell urged everyone in the room to always confirm directly with the organisation requesting a change before every sending money or making the amendments.
The above were examples of Phishing, where the correspondence is sent supposedly from a legitimate source, usually banks. They ask for personal details or have a link and attachment that releases malware onto your system. Vishing too is a similar attack, only rather than a written letter or email, it comes through a phone call. The premise is the same, where the criminal pretends to be from a reputable source and looks to either gather personal info or force you into transfers.
Donell finished with both some tips on keeping safe, including terminating suspicious calls and never releasing personal passwords or authorisation codes and outlining the Barclays Promise. The whole talk was incredibly valuable and out thanks go our to Donnel for his time. Other speakers at the event included Essex Police Crime Commissioner, Nick Alston CBE who was the keynote speaker, Caroline Garrow from SEIB Cyber Insurance, who looked at the importance of robust cyber insurance, Michael Tye from Infinigate, who tackled the Insider Threat and our very own Colin Tankard, Managing Director of Digital Pathways who focused on ‘How They Hack’.