Protect Your Business Data
The government estimates that the total cost of cybercrime in the UK is £27bn a year. The majority (£21bn) is committed against businesses, which face high levels of intellectual property theft and industrial espionage.
Don’t think for one minute your too small to be on the radar of hack attacks, any one that stores data is a target and a target for piggy banking by being compromised when you go to your online banking if you think your above reproach then we urge you to rethink.
Enabled by the sharing culture on social media – and with ever more sophisticated malicious software known as malware at their disposal – cybercriminals have become far more adept at crafting attacks and targeting individuals and organisations. Phishing emails purporting to be from friends, often reflecting our interests – perhaps gleaned from social media sites – or from trusted organisations such as your bank or HM Revenue & Customs encourage us to click on infected links or attachments containing malware. (A recent example of the latter was malware disguised as a security warning from Microsoft’s digital crimes unit.)
Typically, these so-called “man-in-the-middle” attacks install colourfully named Trojans (pieces of malware, essentially) such as Zeus, SpyEye or Citadel on computers, which have the effect of compromising, for example, online banking transactions. “Everything you then do on your compromised laptop is subverted through a hacking site which means when you [communicate] with your bank, you are going through a man in the middle. Initially, man-in-the-middle attacks were passwords used in authentication – the criminal would wait until you had finished to start using the credentials they’d just gathered. This is why banks brought in one-time passwords or codes,” he says.
“But more recent malware will perform a man-in-the-middle attack to obtain the user’s session (a session is created after a user logs in successfully and the browser and the bank’s website use this to continue the interaction) and fake the logout requests. Once the user thinks they’ve logged out, the attacker can make payments using the existing session without the victim seeing any changes to their balance until the next time they log on. This is partly why banks have rolled out card readers to help prevent payments to new payees.” He adds: “It’s a constant game of cat and mouse.”