There has been a significant shift in the methodology used by cyber criminals over the past couple of years, in particular. Whilst traditional ‘hacking’ and malware are still prevalent, there has been a boom in other types of attack, in particular Ransomware and Social Engineering. So, why has this happened?

Most profitable types of cyber attack

There is an old saying, “follow the money”, and nowhere is this more pertinent when considering cyber-crimes against UK business. Look at the number of cyber-attacks over the past 12 months from the Beaming Breaches Report in May 2017 - the usual cyber-attacks still feature highly:

  1. Phishing - 1.3m businesses affected
  2. Viruses - 1.28m businesses affected
  3. Hacking - 1m businesses affected

However, to understand why these emerging threats are becoming so popular, we need to look at the revenues generated:

  1. Ransomware - £7.4bn (388k businesses)
  2. Phishing - £5.9bn
  3. Social engineering - £5.4bn

Whilst there were more than three times as many instances of Phishing against UK businesses in 2016, when compared to Ransomware, it yielded just 80% of the revenue. So, Ransomware appears to be 20 times more profitable, per incident, than hacking attacks, and five times more lucrative than other forms of Malware.

More targeted attacks are, by their nature, a lot more labour intensive but, for the criminal gangs who are willing to put in the effort, the rewards can be huge.

Common cyber security myths

There are a number of myths surrounding cyber security, which are impacting on businesses’ decision-making:

  1. Skilled hackers targeting businesses

There is still a perception that there are darkened rooms full of highly skilled hackers targeting UK businesses. If you are a high value target, e.g. a high-profile business, or you are dealing with high value intellectual property etc., then this may be the case.

However, against the majority of businesses, the investment required to carry out such attacks just isn’t worth it- after all, skilled labour is expensive! A large proportion of the non-automated attacks are carried out by a relatively low skilled labour force, who simply find a ‘victim’, load a weaponised attachment into an email, and click ‘send’.

Methodology used by cyber criminals
As safeguards become harder to breach, cyber criminals need to get creative if they want to get in to our systems
  1. I don’t have anything that hackers want

Unless you are in the “high value target” category, mentioned above, you may not feel that your business has anything valuable to hackers, or to anyone else outside your organisation. However, the data your business holds is extremely valuable to you.

Without data, many businesses could not operate. So, if you lost access to all of your company data, how much would you be willing to pay to get it back? This is why Ransomware is becoming so popular.

  1. Cybercrime is an IT issue

The technical safeguards which have traditionally kept us safe are still vitally important. However, as these safeguards become harder to breach, cyber criminals need to get creative, if they want to get in to our systems.

The beauty of these targeted attacks is that, because they aren’t automated, they don’t always have the indicators which allow them to be detected by anti-virus/anti-malware software, so are more likely to find their way in to employees’ inboxes than traditional mass-mailings.

  1. It’s someone else’s job

If fraudulent emails get past your IT defences, your staff are the only thing standing between you and a potentially significant loss. Now imagine that the employee in question had no knowledge of cyber-attacks, and believed instead that the IT department were solely responsible for stopping cyber-attacks…

The truth is that nothing is 100% effective, so it is everyone’s responsibility to be vigilant. Education, and good business management is just as important to preventing cyber-attacks as the IT infrastructure itself.

Embedding a cyber security culture

Cyber security is not simply an IT issue, and there is no “magic box” to plug in. There are three elements to any system, and cyber security is no exception. Effective cyber security can only be achieved when all three work in harmony.

Technology – your IT ‘estate.’ By ensuring that you have all the necessary IT safeguards in place on ALL your IT assets, including mobile devices, printers, access control systems, CCTV (basically anything connected to your network), you reduce the risk of something getting through.

You also need to ensure that these safeguards are regularly updated – the threats are constantly evolving, your systems need to evolve too

Embedding a cyber security culture with best practices
Effective cyber security can only be achieved when technology, people and process work in harmony

People – your staff. A properly briefed, situationally-aware workforce are your last line of defence, should something get past your technical security measures. They need to understand the risks to the business, and their role in preventing cyber-attacks. Training should be done in three strands:

  • Training for directors – awareness of the risks, governance requirements etc
  • Training for all
  • Training for high risk groups – more focused training for people within your organisation who are more especially at risk, e.g. the Accounts department

However, training is not a one-shot deal. This needs to be an ongoing programme of work, with regular refresher and update sessions.

Process – how you let your staff use your IT. Just as you wouldn’t let every employee have access to your banking and accounting software, cyber risk can be significantly reduced by limiting the ability of staff to access unnecessary areas of your network. By only giving staff relevant permissions to do their jobs, you reduce their ability to inadvertently (or intentionally) do something wrong.

With the proliferation of mobile devices, we need to ensure that users are doing so responsibly. So, we need to ensure that the same security standards are maintained when working remotely, via laptops, tablets and smartphones.

The key to protecting your business against cyber-attack is to view the digital risks in the same context as the other risks to your business

It doesn’t stop at IT policies. Criminals “follow the money”, so it is important that there are financial policies in place to reduce the risk of accidentally sending money to the wrong place. ‘CEO Fraud’ happens when a criminal, pretending to be the CEO of a business, sends an email to the accounts department requesting a payment be made to a nominated bank account.

In some cases, accounts staff have transferred many thousands of pounds to fraudsters, when a simple process of confirming all financial transaction requests in person, or via telephone, would have identified the fraud straight away

Securing your business in the digital age

Could it be that the very word “Cyber” is turning us off? The mere mention of the word “cyber” security may cause the non-technically minded to glaze over, dismiss it as “an IT issue”, and leave it to the IT staff to deal with. At board level, this default cascading of cyber security to the IT department is one of the most significant barriers to achieving cyber resilience in business.

If the “C” word puts you off, think of it as ‘Digital’ Security, and consider: Do you understand your digital risks in the same way as you do your physical risks? Or your legal or compliance risks?

And therein lies the fundamental truth: The key to protecting your business against cyber-attack is to view the digital risks in the same context as the other risks to your business, and treat it the same way, instead of dismissing it as an IT issue.

If you understand where the digital risks are, how they can affect your business, and what you would need to do in the event of an incident - in exactly the same way as you would for everything else on your risk register - you have taken your first steps to securing your business in the digital age.

Download PDF version

Author profile

In case you missed it

Six reasons security integrators should adopt cloud technology today
Six reasons security integrators should adopt cloud technology today

As technology advances, the world is becoming increasingly connected, changing the way users think about and interact with security systems, which continue to evolve across all verticals and applications. With this change comes new opportunity for security integrators; security systems are advancing, creating new needs for products and services — some of which can be met through the adoption of cloud-based service systems. Cloud technology is no longer a dreamt-up version of the future of security — it’s here. If you’re hesitant to make the move to the cloud, consider these six reasons to embrace this new technology now.Cloud technology has created an opportunity for integrators to offer managed services to their customers Increased RMR Cloud technology has created an opportunity for integrators to offer managed services to their customers, producing a new business model that generates more stable and predictable income streams. By offering managed services on a subscription basis, integrators can build a part of their business to provide recurring monthly revenue (RMR), allowing them to scale faster. This business model is especially beneficial for customers who prefer to pay a fixed monthly or yearly rate for services rather than a large upfront fee, which can help attract new business while growing revenue from current customers. Stickier customers Providing managed services fosters a more involved relationship between integrators and their customers, which can help boost customer retention. This is primarily the result of three factors. Firstly, customers who buy managed services are committed for a specified term, which helps develop an ongoing business relationship between them and the integrator. Secondly, providing managed services creates an opportunity for more customer contact — each interaction is an opportunity to build rapport and monitor customer satisfaction.While the functionalities of each system vary, their potential is evident in the cloud-based services available Third, customers who purchase managed services generally tend to do business longer than customers who purchase products or services individually; with the monthly purchase of their services on autopilot, customers get into the habit of receiving these services, which helps reduce the chance that they’ll cancel their subscription while also building customer loyalty. High gross profit margins Cloud managed services create an opportunity for a service and technology to be purchased together, helping to generate a higher gross profit margin from the beginning of the customer relationship. On an ongoing basis, cloud service platforms offer a new level of accessibility to integrators, helping to provide better insight on activity trends to identify opportunities to continuously grow their revenue through subscription-based streams. Easier to provide managed services Traditionally, serving more sites required integrators to hire more technicians to meet the needs of their growing customer base, but the cloud has helped overcome this demand. While the functionalities of each system vary, their potential is evident in the cloud-based service platforms that are available today. When a problem occurs on a site that is managed by a cloud-based system, the integrator can receive a real-time notification regarding the issue The Avigilon Blue™ platform, for example, is a powerful new cloud service platform that helps integrators address the needs of their customer sites using fewer resources by offering the ability to administer system upgrades, fixes, health checks, and camera or system settings adjustments remotely.  The Avigilon Blue platform automatically sends, and stores video analytics highlights in the cloud, which can easily be accessed from any PC browser or mobile device. This data can be used to efficiently manage customer sites and maintain the health of those sites, helping to increase speed of service and expand the capacity to have more sites up and running. Cloud service platforms have the potential to revolutionise the security industry by providing new opportunities for integrators Not only does this help integrators scale their business faster, it creates an opportunity to provide added value to the customer at a lower cost as new upgrades and services come out. Proactively fix problems before they occur In addition to automating notifications and tedious maintenance tasks, cloud service platforms help provide integrators with the information and abilities they need to keep their customer sites running smoothly. When a problem occurs on a site that is managed by a cloud-based system, the integrator can receive a real-time notification regarding the issue — possibly before the customer even notices a disruption in service. They can then identify the problem and determine whether it can be resolved remotely or requires a technician to be deployed. By having the capacity to pinpoint service needs and make certain adjustments via the cloud, integrators can streamline their customer service processes and lower their response times to provide better, more efficient service. Increased valuation of business Companies that utilise cloud technologies are experiencing as much as 53 percent higher revenue growth rates The ability of cloud service platforms to help integrators manage more sites remotely and expand their revenue through subscription-based streams offers a competitive business advantage. Security innovators have harnessed the power of the cloud to enhance integrator efficiency so that they can spare their attention, resources and effort for where it’s needed most. As a service that helps offer scalability and a high gross profit margin while requiring fewer resources to maintain customer sites, cloud service platforms have the potential to revolutionise the security industry by providing new opportunities for integrators that may ultimately increase their business valuation. According to a study by Dell, companies that utilise cloud, mobility, and security technologies are experiencing as much as 53 percent higher revenue growth rates compared to those who do not such technologies. Integrators who adopt cloud service platforms can benefit from numerous advantages — cost-saving maintenance capabilities, the potential to generate new monthly recurring revenue, and user-friendly design and data security — which make them a significant development within the industry as well as a potential lucrative new business model. The dream of cloud technology is no longer a distant idea of the future, it can become a present reality — and integrators who harness its power can reap its business benefits now.

Preventing workplace violence: considering the instigator's perspective
Preventing workplace violence: considering the instigator's perspective

A complex set of biological, psychological, sociological, contextual and environmental factors are involved when a perpetrator decides to commit an act of workplace violence. In many cases, the perpetrator doesn’t really want to become violent; rather, they are seeking to achieve an outcome and mistakenly believe violence is their only option. An underused approach to preventing workplace violence is to consider the issue from the perspective of the instigator, to seek to understand their grievances, and to suggest alternative solutions, says James Cawood, President of Factor One Inc. “It’s helpful to consider their perspective at a point of time, and how do I use that information in a way that explores the issues and influences them to seek other means of achieving their goals without violence?” suggests Cawood. Preventing workplace violence An underused approach to preventing workplace violence is to consider the issue from the perspective of the instigator Factor One specialises in violence risk management, threat assessment, behavioural analysis, security consulting and investigations. Cawood will present his insights into preventing workplace violence in a session titled “Workplace Violence Interventions: The Instigator’s Perception Matters” during GSX 2018 in Las Vegas, 23 September. Intervening and seeking to understand the instigator’s viewpoint can direct them away from violence. Often, diffusing a situation can prevent tragedy. Delaying a violent act is a means of prevention, given that the instigator might not reach the same level of stress again. Cawood says several recent examples of workplace violence illustrate the importance of identifying behavioural precursors and intervening. It is difficult to quantify the benefits of such an approach, since no one is keeping statistics on incident that were successfully diverted, he says. Reaching a mutually agreeable solution “Accommodation and appeasement often won’t serve the problem,” says Cawood. “Instead of projecting our needs on what would be effective for us, we must really understand what matters to them and what we are able to do to solve the problem. “It’s about listening and reflecting back to reach a mutual agreement of their perspective of what matters,” he says. “Now we can talk about what’s possible or not. Is there something concrete I can do that is within the rules? Just being heard in depth is a de-escalator of violence.” It’s the same methodology used by hostage negotiators: Listen, reflect back, and come to a mutually agreeable solution. Giving a troubled employee a severance package – money – might not address their underlying complaints For example, giving a troubled employee a severance package – money – might not address their underlying complaints. “We may not have solved the underlying problem as they perceive it,” says Cawood. “They may feel disrespected or picked on. There may be an underlying mental condition, such as paranoia, or a grandiose sense of self-worth, underlying filters that have nothing to do with money.” GSX networking and education GSX is the new branding for ASIS International’s trade show, attended by more than 22,000 worldwide security professionals  Global Security Exchange (GSX) is the new branding for ASIS International’s annual conference and trade show, attended by more than 22,000 security professionals from 100-plus countries. Cawood’s session will be 24 September from 2:15 to 3:30 p.m. “My purpose is to hone in on an area of workplace violence that is often ignored,” says Cawood. Cawood started out in law enforcement in the 1970s and transitioned to security in the 1980s. His credentials are typical of the high level of speakers presenting at GSX 2018: He holds a Master’s Degree in Forensic Psychology, and a Doctorate in Psychology, is a Certified Threat Manager (CTM), and has successfully assessed and managed more than 5,000 violence-related cases. He is the former Association President of the Association of Threat Assessment Professionals (ATAP) and currently the Vice-Chair of the Certified Threat Manager program for ATAP. Cawood has written extensively on the topic of violence risk assessment, and co-authored a book, Violence Assessment and Intervention: The Practitioner's Handbook. Cawood has been active in ASIS International since the 1980s and sees value in attending GSX 2018. “People from all over the world are coming and being exposed to a common set of topics to use as jump-off points for additional conversations. People from all types of experiences and exposures will be providing information through those lenses.” Knowledge gained from GSX provides a “real chance to drink from a fire hose” and get a deeper understanding of a range of topics. The relationships and networking are another benefit: “Nothing is more powerful than knowing someone face-to-face,” he adds.

How to choose the right storage card for video surveillance systems
How to choose the right storage card for video surveillance systems

With increased demands being placed on safety and security globally, and supported by advancements in IP cameras and 360-degree camera technology, the video surveillance industry is growing steadily. Market research indicates that this worldwide industry is expected to reach an estimated $39.3 billion in revenue by 2023, driven by a CAGR of 9.3 percent from 2018 to 2023. Video surveillance is not just about capturing footage (to review an event or incident when it occurs), but also about data analysis delivering actionable insights that can improve operational efficiencies, better understand customer buying behaviours, or simply just provide added value and intelligence. Growth of Ultra-HD surveillance To ensure that the quality of the data is good enough to extract the details required to drive these insights, surveillance cameras are technologically evolving as well, not only with expanded capabilities surrounding optical zoom and motion range,4K Ultra HD-compliant networked cameras are expected to grow from 0.4 percent shipped in 2017, to 28 percent in 2021 but also relating to improvements in signal-to-noise (S2N) ratios, light sensitivities (and the minimum illumination needed to produce usable images), wide dynamic ranges (WDR) for varying foreground and background illumination requirements, and of course, higher quality resolutions. As such, 4K Ultra HD-compliant networked cameras are expected to grow from 0.4 percent shipped in 2017, to 28 percent in 2021, representing an astonishing 170 percent growth per year, and will require three to six times the storage space of 1080p video dependent on the compression technology used. Surveillance cameras are typically connected to a networked video recorder (NVR) that acts as a gateway or local server, collecting data from the cameras and running video management software (VMS), as well as analytics. Capturing this data is dependent on the communications path between individual cameras and the NVR. If this connection is lost, whether intentional, unintentional, or a simple malfunction, surveillance video will no longer be captured and the system will cease operations. Therefore, it has become common to use microSD cards in surveillance cameras as a failsafe mechanism. Despite lost connectivity to the NVR, the camera can still record and capture raw footage locally until the network is restored, which in itself, could take a long time depending on maintenance staff or equipment availability, weather conditions, or other unplanned issues. Since microSD cards play a critical role as a failsafe mechanism to ensure service availability, it is important to choose the right card for capturing video footage.  It has become common to use microSD cards in surveillance cameras as a failsafe mechanism if an NVR breaks Key characteristics of microSDs There are many different microSD cards to choose from for video capture at the network’s edge, and they range from industrial grade capabilities to commercial or retail grade, and everything in-between. To help make some of these uncertainties a little more certain, here are the key microSD card characteristics for video camera capture. Designed for surveillance As the market enjoys steady growth, storage vendors want to participate and have done so with a number of repurposed, repackaged, remarketed microSD cards targeted for video surveillance but with not much robustness, performance or capabilities specific to the application. Adding the absence of mean-time between failure (MTBF) specifications to the equation, microSD card reliability is typically a perceived measurement -- measured in hours of operation and relatively vague and hidden under metrics associated with the camera’s resolution and compression ratio. Therefore, when selecting a microSD card for surveillance cams at the edge, the choice should include a vendor that is trusted, has experience and a proven storage portfolio in video surveillance, and in microSD card technologies. Endurance, as it relates to microSD cards, represents the number of rewrites possible before the card can no longer store data correctly  High endurance Endurance, as it relates to microSD cards, represents the number of rewrites (program/erase cycles) that are possible before the card can no longer store data correctly. The rewrite operation is cyclical whereby a new stream of footage replaces older content by writing over it until the card is full, and the cycle repeats. The higher the endurance, the longer the card will perform before it needs to be replaced. Endurance is also referred to in terabytes written (TBW) or by the number of hours that the card can record continuously (while overwriting data) before a failure will occur. Health monitoring Health monitoring is a desired capability that not many microSD cards currently support and enables the host system to check when the endurance levels of a card are low and needs to be replaced. Having a card that supports this capability enables system integrators and operators with the ability to perform preemptive maintenance that will help to reduce system failures, as well as associated maintenance costs. Performance To capture continuous streams of raw footage, microSD cards within surveillance cams perform write operations about seventy to ninety percent of the time, whereas reading captured footage is performed about ten to thirty percent. The difference in read/write performance is dependent on whether the card is used in an artificial intelligent (AI) capable camera, or a standard one.   microSD cards deployed within surveillance cameras should support temperature ranges from -25 degrees Celsius to 85 degrees Celsius Finding a card that is write-friendly, and can provide enough bandwidth to properly capture streamed data, and is cost-effective, requires one that falls between fast industrial card capabilities and slower commercial ones. Bandwidth in the range of 50 MB/sec for writes and 80 MB/sec for reads are typical and sufficient for microSD cards deployed within surveillance cameras. Temperature ranges Lower capacity support of 32GB can provide room to attract the smaller or entry-level video surveillance deployments As microSD cards must be designed for continuous operation in extreme weather conditions and a variety of climates, whether located indoors or out, support for various temperature ranges are another consideration. Given the wide spectrum of temperatures required by the camera makers, microSD cards deployed within surveillance cameras should support temperature ranges from -25 degrees Celsius to 85 degrees Celsius, or in extreme cases, as low as -40 degrees Celsius. Capacity Selecting the right-sized capacity is also very important as there needs to be a minimum level to ensure that there is enough room to hold footage for a number of days or weeks before it is overwritten or the connectivity to the NVR is restored. Though 64GB is considered the capacity sweet spot for microSD cards deployed within surveillance cameras today, lower capacity support of 32GB can provide room to attract the smaller or entry-level video surveillance deployments. In the future, even higher capacities will be important for specific use cases and will potentially become standard capacities as the market evolves. When choosing the right storage microSD card to implement into your video surveillance system, make sure the card is designed specifically for the application – does it include the right levels of endurance and performance to capture continuous streams – can it withstand environmental challenges and wide temperature extremes – will it enable preventative and preemptive maintenance to provide years of service? It is critical for the surveillance system to be able to collect video footage whether the camera is connected to an NVR or is a standalone camera as collecting footage at the base of the surveillance system is the most crucial point of failure. As such, failsafe mechanisms are required to keep the camera recording until the network is restored.