Page 1 of 21
Stuart Hyde
1
The hard
facts
There was a problem loading this page.
Page 2 of 21
Why you. Scary stuff
• Small businesses are the path of least resistance for attackers SYMANTEC
• Internet security report 2013
• 42% increase In attacks 2012
• 1/3 vs SME
• 1 in 291 has a virus
• 1 in 414 phishing attack
• 1/4m web attacks blocked per year
• 30bn spam per day 2012
• 3.4 m bot zombies in 2012
2
Page 3 of 21
They are out to get you
• Real and present danger
• Dark market.silk road, dark web
• Cloned credit cards
• Botnets for hire
• Hacking tutorials are available
3
Page 4 of 21
They want your money
• UK Visa card £6
• Login details £200
• Hire a botnet
• With so many web applications and points of entry
make it easier to take advantage
• Industrialisation of cybercrime
4
Page 5 of 21
It's not all frightening
• National cybercrime strategy
• Cybercrime rated as tier1
• GOVT is on the case
• GCHQ
• Most can be stopped
• Get the basics right
5
Page 6 of 21
What are the enablers
• Identity explosion
• Online techniques
• Corrupt professionals
• Insider enabled
6
Page 7 of 21
Why do they do it?
Opportunity
• Sharing PWs for example getting round them.
• 95% of the population would commit crime
• Ratio of getting caught vs value
• At some stage people will do it.
Motive
• White knight crime.
• Hatred
• Ridicule
7
Page 8 of 21
What is the choice?
• Bribery Blackmail
• Change of bank details. Bank mandate frauds
• Expenses MD etc fully expended cars
• Fake training particularly for public sector
• Dead man fraud . Put dead man in the payroll
• Benefits fraud
8
Page 9 of 21
What are the Red Flags?
• Living beyond means
• Previous financial difficulties
• Close association with vendors
• Overly controlling aggressive bullies
• Transactions at odd times of the day
• Using personal hardware
• BYOD ?
9
Page 10 of 21
Stopping it
• Strong whistleblowing policy
• Senior person responsible
• Tone from the top. Message from the middle
• Watch out for behavioural issues
• Fraud and risk register
• Regular review
10
Page 11 of 21
Here to help
• Action fraud
• Secure data transfer
• Links data entities
• 2.3m unique web hits
• 800000 calls
• "Devils in your details"
• Segmentation of victims
11
Page 12 of 21
The ActionFraud approach
• Risky man
• Cyber street
• Business enhanced reporting tool
• Cold calling
• Shredding
• Due diligence use google maps to check
12
Page 13 of 21
Order fraud
• Invoice fraud
• Changing bank details
• Check out the details by phone use proper number
• Company receives order for goods to go to address
then changed en route
• Meet at services and then gone
• Don't allow delivery to unknown address
13
Page 14 of 21
Knowing who you are
• IDENTITY
• Phishing
• Social engineering
• Shoulder surfing
• Skimming
• Mail accessing
• Bin raiding
14
Page 15 of 21
Stopping identity fraud
• Secure mail protect your address
• Register mail preference service
• Check bank statements
• Beware unsolicited
• Due diligence on orders
• Confetti shredders
15
Page 16 of 21
And your mobile
• MOBILE
• Keep OS up to date
• Only download trusted apps
• Use a PIN
• Turn off blue tooth
• Install a mobile security app
• Backup data
• Report it locate it erase it
16