Page 1 of 21

Stuart Hyde

1

The hard

facts

Couldn't preview file
There was a problem loading this page.

Page 2 of 21

Why you. Scary stuff

• Small businesses are the path of least resistance for attackers SYMANTEC

• Internet security report 2013

• 42% increase In attacks 2012

• 1/3 vs SME

• 1 in 291 has a virus

• 1 in 414 phishing attack

• 1/4m web attacks blocked per year

• 30bn spam per day 2012

• 3.4 m bot zombies in 2012

2

Page 3 of 21

They are out to get you

• Real and present danger

• Dark market.silk road, dark web

• Cloned credit cards

• Botnets for hire

• Hacking tutorials are available

3

Page 4 of 21

They want your money

• UK Visa card £6

• Login details £200

• Hire a botnet

• With so many web applications and points of entry

make it easier to take advantage

• Industrialisation of cybercrime

4

Page 5 of 21

It's not all frightening

• National cybercrime strategy

• Cybercrime rated as tier1

• GOVT is on the case

• GCHQ

• Most can be stopped

• Get the basics right

5

Page 6 of 21

What are the enablers

• Identity explosion

• Online techniques

• Corrupt professionals

• Insider enabled

6

Page 7 of 21

Why do they do it?

Opportunity

• Sharing PWs for example getting round them.

• 95% of the population would commit crime

• Ratio of getting caught vs value

• At some stage people will do it.

Motive

• White knight crime.

• Hatred

• Ridicule

7

Page 8 of 21

What is the choice?

• Bribery Blackmail

• Change of bank details. Bank mandate frauds

• Expenses MD etc fully expended cars

• Fake training particularly for public sector

• Dead man fraud . Put dead man in the payroll

• Benefits fraud

8

Page 9 of 21

What are the Red Flags?

• Living beyond means

• Previous financial difficulties

• Close association with vendors

• Overly controlling aggressive bullies

• Transactions at odd times of the day

• Using personal hardware

• BYOD ?

9

Page 10 of 21

Stopping it

• Strong whistleblowing policy

• Senior person responsible

• Tone from the top. Message from the middle

• Watch out for behavioural issues

• Fraud and risk register

• Regular review

10

Page 11 of 21

Here to help

• Action fraud

• Secure data transfer

• Links data entities

• 2.3m unique web hits

• 800000 calls

• "Devils in your details"

• Segmentation of victims

11

Page 12 of 21

The ActionFraud approach

• Risky man

• Cyber street

• Business enhanced reporting tool

• Cold calling

• Shredding

• Due diligence use google maps to check

12

Page 13 of 21

Order fraud

• Invoice fraud

• Changing bank details

• Check out the details by phone use proper number

• Company receives order for goods to go to address

then changed en route

• Meet at services and then gone

• Don't allow delivery to unknown address

13

Page 14 of 21

Knowing who you are

• IDENTITY

• Phishing

• Social engineering

• Shoulder surfing

• Skimming

• Mail accessing

• Bin raiding

14

Page 15 of 21

Stopping identity fraud

• Secure mail protect your address

• Register mail preference service

• Check bank statements

• Beware unsolicited

• Due diligence on orders

• Confetti shredders

15

Page 16 of 21

And your mobile

• MOBILE

• Keep OS up to date

• Only download trusted apps

• Use a PIN

• Turn off blue tooth

• Install a mobile security app

• Backup data

• Report it locate it erase it

16