Morson Cyber Security recently hosted North West Insider’s cyber security seminar at the Morson Group’s Salford head office.
The seminar took place on Wednesday 20 September 2017 and saw us welcome 11 guests from a cross-section of industries including legal, the NHS and education. The resulting discussion bought up some excellent points on the situation across the cyber landscape.
A key topic of the discussion was the state of investment in cyber prevention technology. Many panellists spoke of a need for SME’s to realise that it’s not just the big boys who are susceptible to cyber criminals. In fact, as the bigger companies finally dedicate more and more money to prevention – consequently making them harder targets to hit – criminals are making more of an attempt to target those who perhaps can’t dedicate as much of their finances to protection.
A member of the NHS pointed out that the public sector spending on cybersecurity was actually dropping and being channelled into other areas at a time where the private sector are doing the opposite. Has this opened the door for more WannaCry-like attacks?
DC Paul Taylor of the Greater Manchester Police spoke about the issues his cybercrime division have in extracting information on criminal activity. A lot of companies are unwilling to give in-depth information on how exactly certain breaches happened because they fear reputational damage or fines for non-compliance to the basic cyber-security protection legislation.
A representative from a MediaCityUK-based company said one of the issues they face is the large number of freelancers on site. Often, they are given login privileges on site and then lose or share the information, leaving the systems open to attack. This kind of insider threat is also relevant with disgruntled employees using privileged information to feed criminals with ways in. A common scam involves an email going from a senior member of staff to the accounts department asking for payment to be made to a ‘client’. This email is fake, but without careful inspection could easily go unnoticed before payment is made. This makes it more difficult for the police to track as the payment was made willingly into an account.
There are similar issues with the non-business frauds that occur. If someone falls for a phishing scam or similar personal attack and loses money by giving their details to a seemingly trusted source they have been unlikely in the past to report this to the police. This could be down to embarrassment or a belief that the police are too busy. It could also have something to do with the fact that banks have been normally willing to offer reimbursements to those who fall victims of scams, especially those that might involve fraudulent versions of their own branded emails. What DC Taylor pointed out, however, was that since banks have started to phase this compensation out, more people have started to let the police know.
So what can be done to stop this happening? Legal representatives at the seminar echoed the words of the police – most companies take the attitude of ‘it won’t happen to us’ and fail to put in adequate protection until it eventually does. As soon as they suffer a breach, suddenly they put in place a dedicated cyber strategy. Why wait until the horse has bolted?
Morson’s strategic partner Assuria, provider of the military-grade security solution that powers Morson’s managed service offering, believe that a lot of people don’t realise just inexpensive cyber protection can be. Companies envisage an outlay of millions when actually, compared to the potential losses of an actual attack, it’s really quite minimal.
Democratising cyber security is really important to us, leading away from elitism and focusing on making high-end technology available to those without a high-end budget. This is going to be a focus for Morson Cyber Security as we develop and challenge the threat head on.
For more information on the Morson Cyber Security managed service, click here