Last week, DI Hinesh Mehta from the West Midlands Cyber Resilience Centre and I  presented the webinar: ‘Cyber Security for Small Businesses’. We uncovered some fantastic tips and facts about cybersecurity and cybercrime for West Midlands and Birmingham-based businesses. Don’t worry if you missed it, a recording of the webinar is available to re-watch. We have also compiled the key stats, best tips and takeaways:

1. Cybercrime is a UK Tier One National Threat
2. Prevention is the most effective way to tackle cybercrime
3. Make yourself a hard target
4. The two biggest major cyberthreats to small businesses; organised crime and foreign nationals
5. Ransomware is rife moving into 2022
6. Some IT companies aren’t always good at security
7. Three simple steps to securing your business (GET A RISK ASSESSMENT!)
8. Cyberattacks regularly happen to West Midlands and Birmingham based businesses
9. Information found on social media is all hackers need to scam you
10. Top reasons why businesses bury their head in the sand when it comes to cybersecurity
11. Cybercriminals are real people - don’t be fooled by stereotype images.
12. Free cybersecurity help for West Midlands businesses
    
    

Cybercrime is a Tier One National Threat

Cybercrime is judged to be the same level of threat as terrorism and the coronavirus pandemic in the UK, as DI Hinesh Mehta explains:

Prevention most effective to tackling cybercrime

“You cannot arrest your way out of this” DI Hinesh Mehta explains.

Police do not have the resources to investigate the huge volumes of cybercrime that take place every day. Combine this with the complexity of jurisdiction - with many cybercriminals based in countries that aren’t friendly with the UK, means the Police can’t use traditional investigative methods. Prevention and stopping cybercrime from happening in the first place is the best way to tackle cybercrime, as DI Hinesh Mehta explains:

Make yourself a hard Target🎯 

Most hacks can be prevented by having basic cybersecurity controls. A cybercriminal looks for the easiest target. Cybercriminals operate like a business where ROI is assessed. Businesses with lapse security take less time and energy to hack, so they are the primary target.

If you are unsure whether your business is a hard target, conduct a security audit/risk assessment. If you believe your security is up to scratch, still conduct a risk assessment. Do this ideally every 6-12 months to keep up to date with advances. It also tests your process to make sure they are working. 

Book a free risk assessment with us:

two major cyber threats to small businesses; organised crime and foreign nationals

1. Organised cybercrime

In recent years, many organised crime gangs have switched from committing traditional crimes to cybercrime. The industry is now worth billions globally. Organised gangs have turned to cybercrime because:

1. Low barriers to entry

   For example, ransomware software can now be bought from the dark web just like a Netflix subscription.
   
   

2. Low risk of getting caught.

   A computer or internet access is all you need to commit a cybercrime. Cybercrimes can be committed from anywhere in the world. Compare this to drug trafficking or robbing a bank where the likelihood of being caught is much higher because:
   
   
   1. You physically have to be there.
   2. The police are well versed in preventing and tackling traditional crimes
   3. Security in banks/shops/airports/ports have improved dramatically over time to prevent crimes from happening in the first place.
      
      

What are the threats from organised cybercrime gangs?

The cybercriminal's aim is to steal your money. Money is stolen two main ways: ransomware or financial fraud.

Organised cybercrime - ransomware

Organised cybercrime gangs use ransomware to block access to your IT. A ransomware attack works by encrypting data in your computer systems, preventing its owner from accessing the data/files.

The attacker then demands a ransom before they will provide a decryption key that can reverse the attack. The victim must usually pay the ransom fee in Bitcoin, which is difficult to trace, and there are no guarantees that the attacker will provide the decryption key.

Ransomware attacks cause massive disruption to affected businesses and can sometimes take weeks or even months to resolve fully.

Organised cybercrime - Fraud

Cybercriminals use a combination of techniques to commit financial fraud including:

1. Email spoofing

   Impersonating a brand or a person.
   
   

2. Compromising business email accounts

   Your emails are unknowingly intercepted.
   
   

3. Social engineering

   Social engineering is when seemingly trustworthy and legitimate communication turn out not to be. The unsuspecting employee is essentially manipulated to give up confidential information so transfer money.

Using these means, they will intercept, change, or fabricate business communications to trick unsuspecting victims into transferring funds into the attacker's bank account.

2. Foreign governments

Some foreign governments pay hackers to steal intellectual property or install back-doors. Back-doors are where there is unauthorised access to your IT that goes unnoticed. Hackers can then wait and cause future disruption. Back-doors are hard to spot until there is any disruption to the business. SMEs involved in defence supply chains or critical national infrastructure are likely to be foreign government targets.
Thanks 

Ransomware is rife

Ransomware is rife and tearing businesses apart. There is little prospect of ransomware attacks slowing into 2022. It is hard to imagine as the business community is restricted from seeing actual cases. Most businesses keep attacks quiet to avoid damage to their reputation.

Some IT companies aren’t good at security

In a case study James provided, a 50-person engineering firm in Dudley contacted Superfast IT after becoming a victim of ransomware. The attack left the firm without access to their IT systems for three weeks and they lost a lot of their data because the attackers also encrypted the backups.

The engineering firm had an external IT company looking after their security, but it was not operating with good security practices, and this directly contributed to the attack. See James’ video below explaining this scenario.

There are three simple steps to securing your business:

1. Know the threats

   Watch the full webinar to get a greater understanding of the major cyber threats to small businesses today and moving into 2022.
   
   

2. Understand the threats specific to your business

   A risk assessment will help you to understand your specific threats.
   
   

3. Put preventative measures in place.

   Once you know the specific risks to your business, proportionate security can be put in place. Take a look at our cybersecurity packages to understand what good cyber controls are needed for a small business in the West Midlands.

Cyberattacks regularly happen to West Midlands and Birmingham businesses

Cyber-attacks happen on a daily basis in Birmingham and the West Midlands. At the time of the webinar recording, one business was in its eighth day of a ransomware attack, as Hinesh explains in the video:

information on social media is all a cybercriminal needs

One West Midlands business had information used from a personal social media account to trick their financial controller into transferring money. The attackers found the directors' names and email addresses on the company website, then used this information to send a spoof email to the financial controller, which looked like it was from the managing director.

In this case, the attacker didn’t compromise any email systems and acted purely on the information found online, James explains what happened:

Remember - be careful what you share online.

Many businesses bury their head in the sand when it comes to cybersecurity

“It won’t happen to us”

“We’re too small”

“Nobody would target us”

“We’ve got cyber insurance to cover us”

“I think our IT guys have us covered”

This is the type of thing that we hear all of the time. Let me explain why this could lead your business into being insecure and vulnerable of a cyber attack:

“It won’t happen to us”

“We’re too small”

“Nobody would target us”

Cyber attacks are most often indiscriminate and not targeted at any particular business. They just happen to stumble across a business because someone working there clicks on something they shouldn’t, and this gives the attacker a route in. These attacks are happening to local businesses, and you could be the next unfortunate victim.

“We’ve got cyber insurance to cover us”

Regarding cyber insurance, we’re asked to fill out cyber insurance forms for clients and I know the type of questions they ask and the standards they require. If you don’t have appropriate security controls in place then they won’t payout if you’re attacked. But they will always be happy to sell you the policy.

“I think our IT guys have us covered”

And for those who think their IT guys have it covered, well they might, but we come across lots of instances where IT companies aren’t doing what they say, so it is worthwhile getting it checked by having a risk assessment.

Cybercriminals are real people - don’t be fooled by stereotypes

Here is what you find when you Google search cybercriminal or cybersecurity. The image creates a mystique around cybercrime, with some people or some businesses believing it won't happen to them because they are so far removed from this image.

As DI Hinesh Mehta comments: "They say 'It's not going to happen to me'. We need to get away from this image. These are real people. They are nothing but criminals - they're thieves, fraudsters - they live in our area and they're committing attacks against your business from their sofa.

"Can I just ask that you try and get rid of this image because I don't think it's helpful to people seeking help in terms of their own security posture."

Free cyber security for businesses

Joining the West Midland Cyber Resilience Centre's free membership will help you to keep up to date with the latest security threats and more. It really is a no-brainer! Find out more about joining or watch 'Cyber Security for Small Businesses' webinar to learn more.

Schedule a risk assessment

To uncover your business' risks and whether your cybersecurity is working, schedule a risk assessment.

Schedule Risk Assessment

CYBERSECURITY PACKAGES