The Business Exchange Bath & Somerset Issue 10: Winter 2018/19 | Page 23
TECHNOLOGY
REVVED UP
2018 CYBER CRIME REVIEW
We asked the South West Regional Cyber Crime Unit for their insight into cyber crime this year.
2018 has been another landmark year
for cyber security and its impact on UK
businesses. In the recently released
National Cyber Security Centre’s annual
report, CEO Ciaran Martin remarked that
the UK is making “significant progress in
strengthening our defences against those
who seek to harm us online, including our
organisations and businesses.”
Here we look at how cyber security has
affected businesses this year, and what it
means for going forward.
GDPR- has it had any impact?
The General Data Protection Regulations
(GDPR) came into UK law on May 25,2018.
A large part of why the law came into effect
was to encourage organisations to report
data breaches, and take responsibility for
protecting the masses of personal data.
So has it made any difference? According
to the Information Commissioner’s Office
(ICO), yes. The ICO reported that it has seen
a rise in breach notifications, as well as
more data protection complaints following
the activation of the law. It’s expected that
there will be many more GDPR related
incidents down to people, processes
and inadequate policies. Make sure your
organisation is fully compliant and aware of
its responsibilities (see the ICO website)
ActionFraud service revamped
www.actionfraud.co.uk
ActionFraud the UK’s national cyber
crime reporting channel has launched a
brand new reporting portal, meaning that
victims should receive a better experience
of reporting, including the tracking of the
process of their crime. A reminder, that it is
vital that businesses and individuals report
cyber crime, so that we and other units can
do something about it.
Our network is growing
Our Protect Officers have worked hard to
expand our network and make everyone
aware of our free cyber security advice
service. This year, the South West Regional
Cyber Crime Unit attended over 100
events, and engaged with thousands of
organisations and professionals. We have
recently started running more interactive
cyber security exercises based on projects
developed by academics at Bristol
University and the Metropolitain Police’s
Cyber Crime Unit. The UK is a world leader
in cyber security, and the commitment in
terms of funding and manpower cannot be
overstated.
Emerging trends in Cyber Crime
2017 saw some of the largest scale cyber
attacks so far, and this year has brought
with it a vast number of data security
incidents for organisations of all sizes. We
expect 2019 to be no different, which is
why business owners need to start looking
ahead at what threats are on the horizon.
Here is our list of cyber crime trends:
Supply chains will continue to be
targeted
It’s no longer enough that your own
security practices are kept to high
standards, you have to be confident that
any third-party business who you deal with
also incorporate good security standards.
Do your due diligence when researching
suppliers. For example, Cyber Essentials
is a government backed scheme which
includes a set of security controls that
organisations can implement to protect
themselves, so checking whether your
suppliers are Cyber Essentials certified is
a good step.
Internet of Things (IoT) Attacks
IoT devices are any physical devices that
are able to connect to and communicate
over the internet. Internet enables camera,
home sensors, and even baby monitors
have become hugely popular for personal
users. However, the number of IoT devices
used in the business sphere is expected to
increase too, make sure you’re aware of
these threats for devices:
1. Insufficient authentication- Default
passwords, weak passwords and lack
of two factor authentication can lead to
an attack
2. Lack of encryption- Unencrypted data,
possibly even passwords being sent over
the air with no protection
3. Physical security- Are camera showing
weak points? Employee screens? Stock
levels?
4. Insecure software/hardware/firmware-
Some devices are unable to receive
updates with security patches. Or, it
may be that manufacturers simply do
not release updates. This is a huge
vulnerability.
5. Insecure Networks- Could the device
be compromised to conduct Denial of
Service attacks?
If you have any questions and concerns
around your cyber security, then please get
in touch, we are here to help.
For more info:
www.swcybercrimeunit.co.uk
@SWROCU
GET THE CYBER ESSENTIALS WITH CND
Bath-based CND is a Cyber Essentials basic and Plus certification
body. They help businesses of all sizes ensure they are protected
against cyber crime working within the UK Government’s Cyber
Essentials framework of best practice.
The Cyber Essentials scheme is a cost
effective and easily digestible way to assess
your IT infrastructure. It provides a baseline
cyber security standard that is easily
maintained; stopping the most common
cyber-attacks in their tracks. The Cyber
Essentials accreditation scheme assesses
your IT infrastructure in the form of a self-
assessment review.
It looks at the following five basic security
controls from the National Cyber Security
Centre you should be implementing:
1. Use a firewall to secure your internet
connection
2. Choose the most secure settings for your
devices and software
3. Control who has access to your data and
services
4. Protect yourself from viruses and other
malware
5. Keep your devices and software up to date.
Andy Cuff, CEO of CND said:“They seem
simple enough but we rarely come across
a client who doesn’t need to have their
self- assessment reviewed by us and need a
few changes made to their IT infrastructure
before we certify them for real.
“Some of the common issues we find are
admin passwords being shared, a mobile
phone that is out of support and patches not
being applied within 14 days.”
The CND basic review service starts from
£350.00 and their Cyber Essentials Plus
onsite audits start from £1350.00
Andy Cuff, CEO of CND
To find out more email:
[email protected]
or call: 01225 811806
@CND_Ltd
THE BUSINESS EXCHANGE 2018
23