The Business Exchange Bath & Somerset Issue 10: Winter 2018/19 | Page 23

TECHNOLOGY REVVED UP 2018 CYBER CRIME REVIEW We asked the South West Regional Cyber Crime Unit for their insight into cyber crime this year. 2018 has been another landmark year for cyber security and its impact on UK businesses. In the recently released National Cyber Security Centre’s annual report, CEO Ciaran Martin remarked that the UK is making “significant progress in strengthening our defences against those who seek to harm us online, including our organisations and businesses.” Here we look at how cyber security has affected businesses this year, and what it means for going forward. GDPR- has it had any impact? The General Data Protection Regulations (GDPR) came into UK law on May 25,2018. A large part of why the law came into effect was to encourage organisations to report data breaches, and take responsibility for protecting the masses of personal data. So has it made any difference? According to the Information Commissioner’s Office (ICO), yes. The ICO reported that it has seen a rise in breach notifications, as well as more data protection complaints following the activation of the law. It’s expected that there will be many more GDPR related incidents down to people, processes and inadequate policies. Make sure your organisation is fully compliant and aware of its responsibilities (see the ICO website) ActionFraud service revamped www.actionfraud.co.uk ActionFraud the UK’s national cyber crime reporting channel has launched a brand new reporting portal, meaning that victims should receive a better experience of reporting, including the tracking of the process of their crime. A reminder, that it is vital that businesses and individuals report cyber crime, so that we and other units can do something about it. Our network is growing Our Protect Officers have worked hard to expand our network and make everyone aware of our free cyber security advice service. This year, the South West Regional Cyber Crime Unit attended over 100 events, and engaged with thousands of organisations and professionals. We have recently started running more interactive cyber security exercises based on projects developed by academics at Bristol University and the Metropolitain Police’s Cyber Crime Unit. The UK is a world leader in cyber security, and the commitment in terms of funding and manpower cannot be overstated. Emerging trends in Cyber Crime 2017 saw some of the largest scale cyber attacks so far, and this year has brought with it a vast number of data security incidents for organisations of all sizes. We expect 2019 to be no different, which is why business owners need to start looking ahead at what threats are on the horizon. Here is our list of cyber crime trends: Supply chains will continue to be targeted It’s no longer enough that your own security practices are kept to high standards, you have to be confident that any third-party business who you deal with also incorporate good security standards. Do your due diligence when researching suppliers. For example, Cyber Essentials is a government backed scheme which includes a set of security controls that organisations can implement to protect themselves, so checking whether your suppliers are Cyber Essentials certified is a good step. Internet of Things (IoT) Attacks IoT devices are any physical devices that are able to connect to and communicate over the internet. Internet enables camera, home sensors, and even baby monitors have become hugely popular for personal users. However, the number of IoT devices used in the business sphere is expected to increase too, make sure you’re aware of these threats for devices: 1. Insufficient authentication- Default passwords, weak passwords and lack of two factor authentication can lead to an attack 2. Lack of encryption- Unencrypted data, possibly even passwords being sent over the air with no protection 3. Physical security- Are camera showing weak points? Employee screens? Stock levels? 4. Insecure software/hardware/firmware- Some devices are unable to receive updates with security patches. Or, it may be that manufacturers simply do not release updates. This is a huge vulnerability. 5. Insecure Networks- Could the device be compromised to conduct Denial of Service attacks? If you have any questions and concerns around your cyber security, then please get in touch, we are here to help. For more info: www.swcybercrimeunit.co.uk @SWROCU GET THE CYBER ESSENTIALS WITH CND Bath-based CND is a Cyber Essentials basic and Plus certification body. They help businesses of all sizes ensure they are protected against cyber crime working within the UK Government’s Cyber Essentials framework of best practice. The Cyber Essentials scheme is a cost effective and easily digestible way to assess your IT infrastructure. It provides a baseline cyber security standard that is easily maintained; stopping the most common cyber-attacks in their tracks. The Cyber Essentials accreditation scheme assesses your IT infrastructure in the form of a self- assessment review. It looks at the following five basic security controls from the National Cyber Security Centre you should be implementing: 1. Use a firewall to secure your internet connection 2. Choose the most secure settings for your devices and software 3. Control who has access to your data and services 4. Protect yourself from viruses and other malware 5. Keep your devices and software up to date. Andy Cuff, CEO of CND said:“They seem simple enough but we rarely come across a client who doesn’t need to have their self- assessment reviewed by us and need a few changes made to their IT infrastructure before we certify them for real. “Some of the common issues we find are admin passwords being shared, a mobile phone that is out of support and patches not being applied within 14 days.” The CND basic review service starts from £350.00 and their Cyber Essentials Plus onsite audits start from £1350.00 Andy Cuff, CEO of CND To find out more email: [email protected] or call: 01225 811806 @CND_Ltd THE BUSINESS EXCHANGE 2018 23