FUTURE TALENT November - January 2019/2020 | Page 47

ON TOPIC
O
THROUGH
YOUR
CULTURE
Cyber security is a critical
issue for organisations of
every size and profile – and
people lie at its heart.
| Nick Martindale
to strategy, organisations need to
factor in three pillars of protection:
processes, technology and, most
importantly, people.
Phishing attacks – where staff are
lured into providing sensitive data such
as personally identifiable information,
banking and credit card details, and
passwords – make up around 80% of
all cyber attacks, according to the
Cyber Security Breaches Survey, and
their incidence is growing.
In tech speak, phishing scams
target non-specific individuals, while
‘spear-phishing’ hones in on particular
individuals. ‘Whale phishing’ describes
cyber criminals masquerading as a
senior player within the organisation
to target other important individuals
within it.
Oz Alashe, CEO of the cyber
security awareness and data analytics
company CybSafe, points out that
phishing is “easy to perform and tough
to defend against. Just one individual
falling victim to phishing can be
enough to give criminals the foothold
they need,” he warns.
A common ploy is for fraudsters to
phone a company’s accounts team,
claiming to be the CEO, explains
Yannick Meiller, professor in information
management at ESCP Europe
Business School. “They’ll call during
lunch and hope to speak to someone
new, asking them to transfer €20,000,”
he says. “As the amount is not big, they
often get the money. In many
companies these processes are
not formalised.”
So-called ‘business email
compromise attacks’, which involve
impersonating an organisation in
emails or online accounts, account for
28% of cyber attacks, the government
survey revealed. Mark Nicholls, chief
technology of ficer at Rescan,
describes one scam which involves
pretending to be a supplier and
convincing those in accounts
departments to make payments for
goods and services.
“We also have reports of cyber
criminals targeting HR departments,
impersonating employees to update
salary payment information,” he adds.
“Busines s email compromises
are different to traditional phishing
attacks because there is usually a
higher degree of interaction with
intended targets.”
M
eanwhile, 27% of cyber
at tacks are down to
malware, including viruses,
worms, Trojan horses and
spyware. Terry Saliba, a cyber-security
specialist at IT Solutions firm Evaris,
highlights the use of ‘unsubscribe’
buttons to trick employees into
downloading malware. Ransomware
is the most prevalent variety of
November – January 2019 // 47