Explaining the importance of the topic, as well as some of the basics
- With technology becoming more and more prevalent in all areas of our lives, finance is becoming increasingly digital, with banking services moving into the cyber space, and the appearance of new investment opportunities such as cryptocurrencies.
- Crime Survey for England and Wales (CSEW) estimates 966,000 cyber offenses a year, with unauthorised access to personal information accounting for 522,000 cases.
- The Cyber Security Breaches Survey 2019 by the national Cyber Security Centre (NCSC) reported that 22% of charities and 32% of businesses have identified cyber security breaches costing on average £9,470 and £4,180 annually, but only around 1/3 of them have cyber security policies in place.
- An estimated $1.7 billion in crypto currencies were stolen or scammed in 2018 (CipherTrace Cryptocurrency Intelligence).
- It is essential to protect yourself, and your business/ charity from cyber threats by being cautious to avoid the most common types of cybercrimes.
Explaining the most common ways for cyber attacks to be conducted
Phishing: Phishing is one of the most common ways in which cyber criminals try to extract data from their victims. The hackers may pose as a trustworthy entity such as your bank, a colleague, or any service provider you are in contact with, using a legitimately looking website, email or message. After gaining your personal credentials such as bank account information, log in details or passwords in this way, they will use it to access your accounts which can cause substantial financial harm.
Spear-phishing is really hard to spot as it is very personal and involves spoof messaging, a method with which criminals can alter the “from” part of emails or messages making it seem entirely legitimate.
Pharming: is another version of phishing in which a legitimate but compromised website redirects you to another one, where after entering your credentials they get stolen.
Password Attacks: Passwords are a very common target for hackers to get hold of your accounts. Beside the above mentioned phishing-method, a Brute-force software that tries to guess your password (in some cases with a filter, such as names and dates related to you) may be used. To avoid Brute- force attacks it is important to use long, complex, and randomized strings of characters as passwords.
Man in the Middle Attack: during a Man in the Middle (MitM) attack the hacker disrupts the communication between client and the server. Different types of this attack include session hijacking in which the hacker poses as a trusted client to a server to gain the client’s data, or intercepts messages just to replay the later posing as the sender.
Network Exploitation: With this type of attack hackers can access and exploit your browser or computer when it is connected to an unprotected network such as a public WiFi. Hackers can obtain credit card information, passwords, or other confidential materials (such as the image of your web camera).
Malwares and spywares: Malwares are software installed on your computer without you consenting to it, sometimes being attached to a useful application running on your computer. Malwares are able to give the hacker unauthorized access to your computers resources, slow down your computer, or disrupt its operation completely. Spywares are a specific type of malware that aims to collect personal data from computers.
DoS (Denial-of-Service) and DDoS (distributed denial-of-service) Attacks:
These attacks are usually aimed at businesses and organisations, and are used by hackers with political and ideological reasons, or by business competitors.
A DoS attack overwhelms the system so it cannot be accessed normally anymore, as it will not respond to service requests. A DDoS attack is different in the way it is conducted, as it requires a large number of (exploited) devices.
How to protect yourself?
Detailing the best practices to protect your data
- Always check the address of the website in the toolbar before entering your credentials to see if it is legitimate in order to avoid phishing. If you find a message suspicious contact the person or organisation directly, who you have supposedly received it from., to further enquire.
- Use a long, complex and randomized string of characters as your password.
- Avoid joining networks that are not secure, and do not enter any personal data while being connected to such networks, such as public wifis.
- Do not download any unauthorised software to your computer, and avoid visiting websites you normally do not use to avoid malwares and spywares. Having an up to date malware detector installed on your computer is also essential to protect it from harmful software.
Here at Sandaire we are committed to protecting your personal data, and wealth. Next week we will be partnering with Schillings, security experts, for a seminar event on the topic of security and minimising exposure in today’s world and cyber security is sure to be high on the agenda.
For any further enquires related to cyber security, you can contact our cyber security expert, Trevor Wardell, at firstname.lastname@example.org.