Posts

Around 65,000 attempts to hack small to medium-sized businesses happen every day in the UK. If they’re successful, they can really damage your reputation, lose you revenue, and leave your staff feeling vulnerable. Depending on the scale and how prepared you are for an attack, it can take weeks to recover from.

So protecting your business should be the number one priority. But it isn’t as simple as installing firewalls and antivirus. There’s a certain tactic that cyber criminals use called social engineering that can’t be stopped by software, making it particularly dangerous. But what is it and how can you keep you and your staff safe?

What is social engineering?

Social engineering can be a subtle attack, so much so that you don’t even realise it’s happening. They exploit human nature and trust to get the victim to reveal sensitive information. It can be used in a variety of attacks, including phishing attacks, baiting, and confidence tricks.

It’s estimated that around 98% of cyber attacks use social engineering in some form, making it one of the most dangerous threats to an organisation. What makes it so dangerous is that it manipulates our psychology, meaning anyone can fall victim. 

The goal can also be to extract personal information. With this, they can access private accounts or bypass security questions.

How does it work?

Cyber criminals typically try to manipulate us using trust and urgency. An example of urgency could be an email requesting immediate payment. Victims may panic and open an attachment on the email, which immediately downloads a virus, or they might just send the money directly to the attacker.

By manipulating trust, one group of cyber criminals stole millions from Facebook and Google. They created a fake company, set up bank accounts in its name, and sent invoice phishing emails to specific employees. The employees trusted the emails as the invoices had details of a recent service they’d received and paid the criminals millions. 

It doesn’t even have to be that elaborate. Have you ever seen a post on Facebook that tells you how to get your superhero name? The kind where you have to use your date and month of your birthday to make the name? It seems harmless, but that gives potential cyber criminals data about you they can use to get into your accounts. What if these numbers are part of a password? Be careful about giving out information like this.

What can you do to prevent falling victim?

One of the best ways to stop your organisation from falling victim to social engineering attacks is to have regular cyber security training. One study tested participants’ ability to identify phishing emails at various intervals after training. It revealed that after four months, the participants could easily identify phishing emails. But after six months, they started to forget what they had learned. So it’s recommended you do some retraining every four months.

And double-check before taking action. If a USB turns up on your desk, ask where it came from before plugging it in. If you receive a suspicious email, check if the sender’s email address is legitimate. Finally, stay calm. Cyber criminals play on our reaction to urgency. Instead of panicking and responding quickly, find out more information and analyse what they’re saying.

Social engineering is a serious threat. There isn’t any software that can stop a criminal from manipulating your trust or basic human nature. But, thankfully, there is software that can give your devices an extra layer of protection if a member of your organisation falls victim to this attack…

Ready to protect your business? Nisyst Cyber Security can help you keep your data secure and your business safe from cyber threats. For more information, get in touch with us on 01204 706000.

We’ve talked at great length before about how no one is immune from a cyber attack. Whether it’s in your personal or professional life, you are vulnerable to cyber threats if you don’t take preventative measures to protect yourself.

And when we say no one is immune, we mean it. You might think some of the most well-funded or government-backed sectors have plenty of insulation. But they’re just as at-risk as anyone else. Here are four sectors vulnerable to cyber attacks and some real-world examples of when it all went wrong for them.

Healthcare

We’ll start with a big one, both in terms of industry size and attack notoriety. You probably remember the infamous Wannacry cyber attack on the NHS in 2017. While this was the most famous example here in the UK, it was actually a global incident that attacked government systems and private companies alike. The ransomware demanded cryptocurrency – like Bitcoin – to unlock users’ files, sometimes in vain.

For a more recent example, we only have to look to Ireland. The HSE, their equivalent of the NHS, had to cancel as much as 80% of its appointments while it dealt with the attack. In one particular story, a woman couldn’t receive treatment for her cancer as the machine used for the process was connected to the system.

Education

According to the UK’s Department for Digital, Culture, Media and Sport, education is incredibly at risk of cyber attacks. Just look at how many educational institutions had suffered at least one cyber attack in the previous 12 months:

  • Primary schools – 41%
  • Secondary schools – 76%
  • Further education institutions – 80%

That’s a staggering amount. Just last year, we saw a number of universities fall victim to a ransomware attack. This included universities in Birmingham, York, Leeds, and London. They fell victim because of a particular software supplier that was hacked. So it really pays to consider who you work with.

Government

Looking at the government as a whole, it happens on an all-too-regular basis globally. In France, an attack on the government’s website which handles visas left people’s personal details – including email addresses, names, dates of birth, and passport numbers – vulnerable. Even though they dealt with it swiftly, it still put people in a compromised position.

Here’s an article from one website that collates a number of recent examples, including the previously mentioned attack on Ireland’s healthcare system. Governments that fell victim include Russia’s, Ukraine’s, Japan’s, and America’s. Speaking of which…

Energy

Colonial – a major supplier of petrol and fuel in the U.S. – shut down operations across a pipeline system that runs at more than 5,500 miles after a ransomware attack. It effectively halted nearly half of the East Coast’s fuel supply. This was because they had to take operations offline while they dealt with the breach.

The situation isn’t much better. The UK energy sector is one of the most at-risk of cyber attacks according to one study. Considering this industry quite literally keeps the country running, it’s not one we can risk falling victim to something unavoidable. That analysis showed that while 84% of top energy suppliers had dedicated cyber security roles, only 39% were actively reviewing their policies.

This just goes to show that anyone – even those with the most backing and support – can fall victim. So what does this mean for SMEs who don’t always have that behind them? It’s why almost half of all cyber criminal targets are SMEs. Your number one priority in 2021 should be ensuring you keep yourself safe.

Do you want to make sure you’re as protected as possible? Keep cyber threats at bay and your data and business safe with Nisyst Cyber Security. To find out how we can help you, get in touch with us on 01204 706000.

Ransomware attacks are a particular variety of malicious cyber attacks. Whereas some prefer to operate in the background and would rather you didn’t notice, ransomware isn’t quite so shy. If you’ve been hit, you’ll know it. As the name suggests, these types of attacks hold your data and systems at ransom, promising you’ll get a key to unlock your files if you pay the price.

Perhaps the most famous example is the WannaCry attack on the NHS. The cost of the devastating attack was almost a massive £6 million, and the effects were disastrous. Hospitals that fell victim had to cancel 13,500 outpatient appointments, including 139 appointments for patients with suspected cancer.

And they’re just as common today. Here are three examples from this year alone, and what you should do if you’re ever affected.

Isle of Wight schools

We’ll start with the smallest attack, yet it’s no less devastating. The Island Education Federation confirmed they’d fallen victim to a cyber attack that would delay the start of the school term. This immediately made people worry that young students’ information could be at risk.

A spokesperson for the Federation said: “We are working with officers from the police Cybercrime Unit to pursue the cyber criminals and understand the full impact of the attack. There are obviously some significant implications of this, which we are managing and will take measures to secure our systems even further in the future.”

Northern ticket machines

Rail provider Northern was hit recently, affecting over 600 touchscreen self-service ticket machines. It wasn’t said what type of ransomware affected the machine, nor what was compromised by the attack. But Northern has assured people that no customer information or payment data was stolen.

A Northern spokesperson said: “We are working to restore normal operation to our ticket machines as soon as possible. We are sorry for any inconvenience this incident causes.”

In the interim, travellers were asked to buy tickets through the mobile app, website, or at ticket offices at the station.

REvil

This is the biggest ransomware attack story of the last few months. It affected up to 2,000 businesses and organisations across the world. The price for providing the master key that would unlock it all? Just $50-70 million.

US IT firm Kaseya obtained and distributed the key, though they declined to say where from or whether they paid. All they had to add was that it came from a “trusted third party”. Kaseya was one of the first to be hit by the REvil attack, which has been linked to a Russian ransomware gang.

What you should do

Despite them being so well-known, ransomware attacks still happen on a regular basis. More often than not, if they happen to you, the attacker will offer to unlock your files – for a price. Some may be tempted to pay the cost, but this doesn’t guarantee they’ll actually supply the key.

If you are attacked, find which systems have been affected and isolate them. Disconnect them from your network. Pull the ethernet cable out if you have to. With them isolated, you can start to triage the affected units and work on rooting out any malware.

Now, let’s talk about payment. The general advice of law enforcement would be to not pay the cost. But, in reality, 65% do actually send the money. Considering this can get into the thousands of pounds, it can be quite the hit. It could also be “scareware” – created just to make you think it’s ransomware, when it’s not actually encrypted your files at all.

You don’t want to take this decision lightly and are better off talking to an expert about it. While there’s no way to be completely safe from cyber criminals, there certainly are measures we can take to prevent attacks and minimise the damage. For businesses, it’s now more important than ever to have the strongest, most secure cybersecurity possible.

Are you ready to protect your business? At Nisyst Cyber Security, we pride ourselves on creating the most efficient and effective cybersecurity solutions. For more information, get in touch today on 01204 706000.

Malware, viruses, spyware, and phishing – if you aren’t in the know, it can sound like a completely different language. It can feel overwhelming trying to understand cyber security and all the various threats. And all too often, these terms are explained using technical jargon without thinking about the average person.

So we put together this simple guide that tells you clearly, in simple English, what each is and why it is important for you to protect your systems from these types of cyber security threats.

Malware

Malware is a blanket term used to describe malicious software. It is any software designed to intentionally cause harm to a device, server, client, or computer network. This includes spyware, viruses, and ransomware (which we will cover below). 

When a user clicks a dangerous link, it downloads and installs the malware onto the system. Depending on what kind of software it is, it can go on to inflict damage, steal your data, or spy on your activity.

Virus

Viruses spread when people make innocent mistakes, such as using USBs with viruses on them and downloading infected files. Opening attachments in suspicious-looking emails can also download a virus onto your device. It is important to protect your system from viruses because they can slow down your computer, cause crashes, damage programs, and in worse cases, cause you to lose data.

Ransomware

The UK was the second most attacked country in 2019 for ransomware attacks, costing businesses £365 million. But what is ransomware? Simply put, ransomware infects your computer and holds your data hostage. If you pay a sum of money, you might get your data back, but you also might not. 

It is always a good idea to keep off-site backups. Ransomware is dangerous because while your data may eventually be returned, that doesn’t mean the attackers haven’t kept a copy for themselves. These attacks can cost businesses thousands and quickly destroy their reputation. A famous example is the WannaCry ransomware that attacked the NHS’s IT systems.

Spyware 

Just like it sounds, this is a software that enables a user to obtain information about your activity. They can watch what you do on your computer without you even knowing. Spyware is dangerous as it can steal sensitive information such as card details, login details, and monitor your activity. Not only that, but spyware is difficult to detect. Using an antivirus with anti-spyware features can help protect your system.

Cybercriminals are becoming increasingly sophisticated with their methods to steal information and infect devices with malicious software. It can be difficult to keep up with all the various terms and phrases, but as criminals find newer, more sophisticated ways to infiltrate businesses and steal their information, it is important to stay on top of it all. 

Knowing their methods is half the battle. The other half is protecting your business with effective cyber security solutions, giving your business the best chance against cybercriminals. 

Are you ready to protect your business? Put your mind at ease with Nisyst Cyber Security. For more information, contact us on 01204 706000.