Five things we learnt about cybercrime at Norfolk and Suffolk Police’s Project Breach event
PUBLISHED: 16:16 20 April 2017 | UPDATED: 17:45 20 April 2017
It is a business’s people, not its technology, which are most likely to be compromised by cybercrime.
That was the warning from a police expert at Project Breach organised by the Norfolk and Suffolk Cybercrime Unit.
The event, held at The Space in Roundtree Way, Norwich, saw representatives from around 150 businesses and organisations hear from Norfolk and Suffolk Police’s cybercrime security adviser Paul Maskall.
He said: “Amateurs hack technology, professionals hack people, because it is much easier.
“Computer service fraud is a major one, someone rings up and says ‘hello, I am from Microsoft...’ and people give them information.
“Another big one is chief executive fraud. Someone sees they are away on holiday and they email the business to say to transfer money to an account.
“All it takes is a policy to say that they will always confirm transfers by a text or a call and it is dealt with.”
According to a Norfolk Chamber of Commerce survey published last week nearly one in five firms in the county had suffered digital breaches in the last 12 months.
Here are five things we learnt from project Breach:
Small businesses are most at risk
Around 80% of firms hit by cybercrime are small.
Although it is the large multi-nationals which make the headlines when they are breached many businesses which do not think they are big enough to target are on the receiving end.
Companies with out of date websites which were often made a several years ago and then ignored can be easy targets as they have not updated their protection.
The bad grammar in those phishing emails is intentional.
Most of us will have received an email asking us to send money for spurious reasons, and these are often easy to spot due to the spelling mistakes.
Mr Maskall said: “People think it is because the persons ending it can’t speak English but actually it is intentional.
“If you are sending out a million emails and getting 126 responses, you know those people who haven’t noticed the errors are more likely to be susceptible.”
Rubber duckys, LAN turtles and wifi pineapples exist.
Despite their colourful names these devices all have potential to cause harm. A rubber ducky looks like a USB drive but can take control of your computer remotely or install software without you knowing, within seconds of being plugged in.
A LAN turtle is disguised as a USB ethernet adapter for you to plug in your internet cable and can access all the information sent through it.
A pineapple allows a hacker to disguise it as a trusted wifi connection, for example your favourite coffee shop, then asks you to pop in an email address and password.
By the time you detect the breach it may already be too late.
The average time between a business being compromised and the discovery of an attack is 140 days. Often these discoveries are made by third parties such as the media or a company’s clients.
If you only used pornographic websites you would be safer on average.
While adult websites may have a reputation for being dodgy, in actuality you are more likely to pick up malicious software or viruses from other sites which have been compromised themselves.
Last year several reputable websites, including the BBC, had infected adverts placed on them which installed ransomware on visitors computers.
These programmes lock a user’s harddrive and victims must pay the hacker to remove the programme or risk losing their files and data.