FUTURE TALENT November - January 2019/2020 | Page 47

ON TOPIC O THROUGH YOUR CULTURE Cyber security is a critical issue for organisations of every size and profile – and people lie at its heart. | Nick Martindale to strategy, organisations need to factor in three pillars of protection: processes, technology and, most importantly, people. Phishing attacks – where staff are lured into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords – make up around 80% of all cyber attacks, according to the Cyber Security Breaches Survey, and their incidence is growing. In tech speak, phishing scams target non-specific individuals, while ‘spear-phishing’ hones in on particular individuals. ‘Whale phishing’ describes cyber criminals masquerading as a senior player within the organisation to target other important individuals within it. Oz Alashe, CEO of the cyber security awareness and data analytics company CybSafe, points out that phishing is “easy to perform and tough to defend against. Just one individual falling victim to phishing can be enough to give criminals the foothold they need,” he warns. A common ploy is for fraudsters to phone a company’s accounts team, claiming to be the CEO, explains Yannick Meiller, professor in information management at ESCP Europe Business School. “They’ll call during lunch and hope to speak to someone new, asking them to transfer €20,000,” he says. “As the amount is not big, they often get the money. In many companies these processes are not formalised.” So-called ‘business email compromise attacks’, which involve impersonating an organisation in emails or online accounts, account for 28% of cyber attacks, the government survey revealed. Mark Nicholls, chief technology of ficer at Rescan, describes one scam which involves pretending to be a supplier and convincing those in accounts departments to make payments for goods and services. “We also have reports of cyber criminals targeting HR departments, impersonating employees to update salary payment information,” he adds. “Busines s email compromises are different to traditional phishing attacks because there is usually a higher degree of interaction with intended targets.” M eanwhile, 27% of cyber at tacks are down to malware, including viruses, worms, Trojan horses and spyware. Terry Saliba, a cyber-security specialist at IT Solutions firm Evaris, highlights the use of ‘unsubscribe’ buttons to trick employees into downloading malware. Ransomware is the most prevalent variety of November – January 2019 // 47