Thought PiecesJuly 10 2020

Cyber Security: What you need to know

3 mins read

Written by Wigmore Firms

  • With technology becoming more and more prevalent in all areas of our lives, finance is becoming increasingly digital, with banking services moving into the cyber space, and the appearance of new investment opportunities such as cryptocurrencies.
  • Crime Survey for England and Wales (CSEW) estimates 966.000 cyber offenses a year, with unauthorised access to personal information accounting for 522.000 cases.
  • The Cyber Security Breaches Survey 2019 by the NCSC reported that 22% of charities and 32% of businesses have identified cyber security breaches costing on average £9470 and £4180 annually, but only around 1/3 of them have cyber security policies in place.
  • An estimated $1.7 billion in crypto currencies were stolen or scammed in 2018 (CipherTrace Cryptocurrency Intelligence)
  • It is essential to protect yourself, and your business/ charity from cyber threats by being cautious to avoid the most common types of cybercrimes.

Background

Phishing: Phishing is one of the most common ways in which cybercriminals try to extract data from their victims. The hackers may pose as a trustworthy entity such as your bank, a colleague, or any service provider you are in contact with, using a legitimately looking website, email or message. After gaining your personal credentials such as bank account information, log in details or passwords in this way, they will use it to access your accounts which can cause substantial financial harm.
Spear-phishing is really hard to spot as it is very personal and involves spoof messaging, a method with which criminals can alter the “from” part of emails or messages making it seem entirely legitimate.

Whaling: Whaling is a type of phishing that is very targeted, usually at high-ranking individuals within the firm, such as the CEO, in an attempt to gain highly confidential information about the company or employees. Hackers are willing to put in enormous planning to whaling attacks to make them see credible because of the potential high returns.

Social Engineering: Is a type of attack which exploits human nature rather than technological faults. They might leave an USB stick out as a bait, loaded with malware, waiting for someone to use it. Or pose as an IT support worker and ask for your personal credentials in order to “help”.
Associal engineers target the psychological vulnerabilities of people, it is essential to double check who to hand data to, or what devices are used.

Password Attacks: Passwords are a very common target for hackers to get hold of your accounts. Beside the above mentioned phishing-method, a Brute-force software that tries to guess your password (in some cases with a filter, such as names and dates related to you) may be used. To avoid Brute- force attacks it is important to use a passphrase, or a long, complex, and randomized strings of characters as passwords.

Man in the Middle Attack: during a Man in the Middle (MitM) attack the hacker disrupts the communication between  client and the server. Different types of this attack include session hijacking in which the hacker poses as a trusted client to a server to gain the client’s data, or intercepts messages just to replay the later posing as the sender. These attacks usually take place on unsecured public networks in public places, such as cafes or hotels.

Computer Hijacking: With this type of attack hackers can access and exploit your browser or computer when it is connected to an unprotected network such as a public WiFi. Hackers can obtain credit card information, passwords, or other confidential materials (such as the image of your web camera).

Malwares and spywares: Malwares are software installed on your computer without you consenting to it, sometimes being attached to a useful application running on your computer. Malwares are able to give the hacker unauthorized access to your computers resources, slow down your computer, or disrupt its operation completely. Spywares are a specific type of malware that aims to collect personal data from computers.

DoS (Denial-of-Service) and DDoS (distributed denial-of-service) Attacks:
These attacks are usually aimed at businesses and organisations, and are used by hackers with political and ideological reasons, or by business competitors.
A DoS attack overwhelms the system so it cannot be accessed normally anymore, as it will not respond to service requests. A DDoS attack is different in the way it is conducted, as it requires a large number of (exploited) devices.

How to protect yourself?

  • Always check the address of the website in the toolbar before entering your credentials to see if it is legitimate in order to avoid phishing. If you find a message suspicious contact directly the person who you have supposedly received it from.
  • Use a passphrase with numbers and special characters, or long, complex and randomized string of characters as your password.
  • Avoid joining networks that are not secure, and do not enter any personal data while being connected to such networks, such as public wifis.
  • To avoid being a victim of social engineers, never plug in external data storage of unknown origins.
  • Upon receiving dubious requests for data from someone familiar, always double check through another channel.
  • Do not download any unverified software to your computer, and avoid visiting websites you normally do not use to avoid malwares and spywares. Having an up to date malware detector installed on your computer is also essential to protect it from harmful software. You can also visit: https://www.getsafeonline.org/ for more information.