Posted on March 27, 2019 by Louise Howland
Welcome back to Cyber Chat, our cybersecurity video series by Rob May. In episode 2 Rob dispels the myth that cybersecurity is not a big problem for SME’s and smaller organisations.
Managing the ongoing cybersecurity of your IT infrastructure should be a primary concern – whatever the shape or size of your organisation. Cybersecurity breaches are the number one threat in today’s business landscape. Incidents come in many forms: cyber attacks; laptops left on trains; malicious staff; or, even more simply, accidental data loss caused by human error. The human firewall is vital as a line of defence for any organisation and in this video Rob, author of The Human Firewall (available on Amazon) explains what the Human Firewall is.
Hi, I’m Rob May, MD of ramsac and welcome to Cyber Chat.
Now, according to the FBI, there’s 2 types of organisation and when I first heard this, I heard this direct from a speaker from the FBI, who happened to be at an event that Microsoft were running in their UK headquarters in Reading. And what he said was, there’s 2 types of organisation, those that have suffered a cyber-attack, and those that will suffer a cyber-attack. And that in itself is quite a wakeup call for many people. And the next time I heard this, it was the same speaker and this time, I was with Microsoft in Canada. I was in Toronto and the same speaker came out, and I thought I’ve seen this guy speak before, and he took to the stage and he said there’s 2 types of organisation and I thought not only have I seen this guy before, I’ve heard this talk before.
But I hadn’t because, what he said this time was, there’s an organisation that has suffered a cyber attack and then there’s the organisation that don’t know they’ve suffered a cyber-attack, and this changes everything. Because, it’s not that long ago, that we used to believe that when you suffered a cyber attack was the day that you felt the pain. It was the day that the money went out of your bank account, or it was the day that your computers got encrypted with a ransom attack.
And what we now know is that’s not the case.
Cybercriminals infiltrate our lives and they infiltrate our lives to learn about us and to learn, about our communication styles, are line of command and that kind of thing and they use it against us. And sometimes people say to me, no, they won’t get me, or my business is too small and that’s just not the case. I had a call very recently from somebody who was dealing with a one-man band, and that one-man band had suffered what’s called a man in the middle attack. So, a man in the middle attack is where an email is intercepted, edited and forwarded and this particular person had been having some building work done on their house. The builder owed them a refund and so they had emailed the builder and when the builder had received the email, the bank details had been edited so the builder paid the money, and unfortunately, the money was paid into the wrong bank account. That’s a very very small business and one-man band that suffered this attack, so we’re all at risk. And, you know, they want to know how you communicate, and what sort of wording you use. I’ve spoken about this at a number of different events, and it’s amusing in a way, how often people say to me, we received one and the only reason we caught it was, it was an email from the MD and he said, thank you and we knew it wasn’t from him because he never says, thank you. Now poor show on that particular MD. But I’ve heard that or variance of that time and time again. The point is that was the only thing that, in that case caused them to realise that they were being attacked and the thing is they had been infiltrated and they’ve got the line of command right and we need to be aware of it.
So, the fact is you will suffer a cyber-attack. You probably already have received a cyber-attack, but you haven’t yet felt the pain and you need to be ready for it. You need to be prepared, staff need to know how to respond, when that attack happens. That brings us back to the Cyber response plan that I talked about in one of these other chats and when you report your beach, which remember you have to do within 72 hours. When you report your breach to the ICO, they want to know that you’re prepared and that you’ve taken this seriously and staff knew what to do.
I hope that’s been useful and I look forward to speaking to you again soon, thank you.