How cyber criminals could target your business - and what is being done about it
09:02 27 January 2016
Cyber crime is a growing problem and a constant threat for businesses today, often costing firms thousands of pounds a year to combat. Business writer SABAH MEDDINGS reports.
High-profile cyber attacks on multi-million pound businesses such as Sony, Ashley Madison and Talk Talk have hit the headlines over the last year.
But global firms are not the only target for online criminals. Small and medium sized businesses have reported a growing number of suspicious emails, with low-grade IT systems leaving them vulnerable to viruses which steal confidential data.
Financial costs can reach thousands of pounds, but businesses can also be left nursing a damaged reputation and dealing with angry customers.
In response, police in Norfolk and Suffolk have joined forces to form a specialist unit, based in Halesworth, to focus on cyber criminals.
Among the team involved with the Norfolk and Suffolk Cyber Crime Unit is Detective Chief Inspector Tonya Antonis, who said business cyber crime was “vastly under-reported”.
“Many businesses who have suffered a cyber crime are reluctant to approach police because they are, to a certain extent, embarrassed about what has happened,” she said. “They also want to protect their reputation.”
While police are still building a full picture, the latest figures reveal in 2014 there were 3,815 fraud and cyber crime reports in Norfolk and 3,102 in Suffolk.
In Suffolk, one business lost more than £1m through online fraud.
Attempts to hack websites and data systems or targeted attacks which crash websites by bombarding them with huge levels of data traffic are among the most common. Hackers will also target any business which stores phone numbers and other personal information, to sell on the data.
There has been a growing trend in so-called “spear phishing” attacks, where criminals target a business to gain passwords and access important data or financial information.
And smaller businesses with more rudimentary security software are often attacked.
Det Chief Insp Antonis said: “A significant cyber-attack could destroy a small business. Some small organisations are ill-equipped to identify cyber threats, so hackers can do significant damage before being detected.
“Small businesses can also be targeted to gain access to more valuable data held by their partners and vendors.
“Hackers generally want access to sensitive data that they can either sell, or some simply want the notoriety of being able to breach high-profile business systems.”
Criminals are becoming increasingly clever in the way they gain access, using false emails to inform a business a supplier has changed its bank account.
Karen Heimann, finance director at Swaffham-based Ashill Precision Engineering, said she was concerned about the number of emails claiming to be from customers and suppliers.
“On rare occasions we have had emails that purport to be from a genuine supplier. Someone had hacked into their system,” she said.
Business organisations in East Anglia are urging firms to take precautions to combat cyber criminals. Norfolk Chamber is holding a breakfast meeting next month to show businesses how to stay “cyber smart”, and has recommended employees take an online training module to help keep businesses safe.
Caroline Williams, chief executive at the chamber, said: “The increase in modern technology and the improvements in broadband for our region mean that businesses can operate on a global scale. While that brings huge benefits for business, we are increasingly reminded from news reports about the importance of being secure, both in business practices and social media.”
In chancellor George Osborne’s autumn statement, he announced £1.9bn of new money to protect Britain from cyber attacks, and make it “one of the safest places to do business online”.
But the Federation of Small Businesses (FSB) has urged the government to ensure this money will protect businesses of all sizes.
Salena Dawson, FSB regional chairman, said: “We have become more aware regionally of the concerns members are having with potential threats to loss of data, loss of assets and damage to reputation due to disruption to online services.
“My business, in November last year, became a victim when the firm’s website was required to be taken offline for a short period of time while my IT company placed further levels of security in place due to an attempted hack.”
Have you been affected by a cyber attack? Email firstname.lastname@example.org