By using this site, you agree that we may store and access cookies on your device. You can find out more and set your own preferences here.
Here at PAV i.t. we provide technical solutions to prevent data security breaches, enabling our clients to safeguard themselves against cyberattack
The stats are alarming: UK firms lost £18 billion in revenue from cyberattacks in 2015 alone, and 90% of major businesses have experienced a security breach in the past year.
Digital threats are an increasing threat to businesses and their clients and, while most of us have heard of I.T. sabotage in the form of hacking, spamming and viruses, the latest and biggest threat is now fraud by 'social engineering'.
'Social engineering', in the context of data security, refers to the deliberate, complex and elaborate psychological manipulation of people which results in them either divulging confidential information or performing particular actions which give away business-critical information, system access or allows money to be embezzled.
Human naivety is a big threat to the business community: it is this re-discovered exploitation – through increasingly sophisticated social engineering scams, and no longer about simply obtaining banking or credit card details – which enables the new breed of fraudsters to dupe their targets so effectively.
Cyberattacks and security breaches do not just cost businesses in financial terms, they can also cause serious reputational damage which is why employee awareness and education are key. Employees who are unaware of the potential for online scams, or are oblivious to the techniques used by social engineering fraudsters, will leave a company wide open.
There are many methods which enable scammers to obtain a business's confidential information for monetary gain:
Spear-phishing/phishing – involves imitating a legitimate email so that the recipient trusts that it is from someone they know; for example, when a company takes a holding deposit then scammers can create an email which appears to be from that company, asking the customer to pay the balance. The customer sees no reason to question its plausibility and subsequently transfers funds directly to the fraudster. Another example is requesting 'verification' of information via a link to a fraudulent web page.
Pretexting – the act of creating an invented scenario to engage a targeted victim which encourages them to divulge information or perform actions against standard protocol, e.g. to fool an employee into disclosing confidential customer information.
Quid pro quo – an opportunist fraudster repeatedly calling a company, masquerading as technical support for example. Eventually the scammer will hit someone with an I.T. problem, who is grateful that someone is calling back to help them. The cyberattacker will "solve" the problem and, in the process, have the user type commands that give them access to launch malware.
It is important to identify those employees most at risk – such as staff who are required to authorise payments or process cash transactions – but in no way does this mean that other members of staff should be neglected, as they could be more of a target if they are considered naïve. The following are some of our basic recommendations, although this would be supplemented with additional measures dependent on the organisation:
Fraudsters are becoming increasingly sophisticated in the lengths and means they are employing in order to infiltrate businesses I.T. security and tap into their data. One such example is the uprising of 'ransomware' – a niche form of malware which systematically encrypts files on a system's hard drive, rendering it impossible for users to access without paying a ransom.
Whilst security, anti-virus and firewall software is advancing rapidly to counteract these complex duping techniques – and this certainly provides a considerable level of protection and a deterrant effect – it is of paramount importance that companies and their employees are educated and adopt a suitably robust security policy.
To discuss how PAV i.t. services can safeguard your business, please call us on: 01273 834000