The reality of Cybercrime: in conversation with Phil Denham
According to an official survey, last year saw an estimated 3.6 million cases of fraud and 2 million incidents of ‘computer misuse’ in the UK.
Levels of fraud and Cybercrime are being described as an ‘epidemic’ and that’s despite recent statistics this year that suggests that Cybercrime may be on the decline.
What can we do to protect our businesses? And what do these recent statistics actually mean? To gain a little clarity on the topic we spoke to Phil Denham, cyber-security expert at HBP Systems.
What’s the issue?
- Viruses and malware are getting smarter.
- While the number of incidents has decreased, the cost of falling victim has skyrocketed!
“It’s difficult to say what this figure can actually tell us, but in my personal opinion it means that we’re taking cyber security more seriously”“We know from our security partner Sophos that the amount of malware and the complexity of malware is increasing, so the threat in terms of pure volume is more severe – the natural conclusion we can draw from that is that we’re actually getting better at defending ourselves from these attacks.”
Although businesses seem to be getting better at defending against cyber-crime, Phil warns of a growing threat in malicious software called ‘smart malware’ that can adapt to systems and avoid detection by anti-virus software.
“There’s a concept called ‘polymorphism’ in which a virus strain can adapt itself every single time it infects a system. Your anti-virus can’t detect this because it has changed and morphed”.
While the number of Cybercrimes in the UK has actually fallen, the amount of money earned by the fraudsters has increased.
What to do?
- Install protection, develop a strategy and educate your staff.
- Almost all incidents are down to human error, so be smart!
“It’s all about your strategy. A cyber security strategy should be on ongoing process that changes with the market place and with what the cyber criminals are doing. If you’re not at the cutting edge then you’re leaving yourselves wide open.”
Phil went on to detail the three key areas that HBP Systems advise companies on with cyber-security.
“Step 1 is to protect – this means using software and with the solutions you put in place.”
“The second is about controlling your IT Network: Removing old users, setting permissions and working on something like the cyber-essentials qualification.”
“Step 3 is possibly the most important one and that’s educating your employees. You can do all that work to protect yourselves, but if an employee picks up an infected USB and plugs it in, opens a dodgy email or clicks a suspicious link, it can undo all of that work.”
It would seem that no matter how intelligent your defense strategy is, the root of the problem will always be human error, as Phil went on to say:
“Of course, all these threats only exist because there’s some sort of human interaction at one point – we click on something or open something and let the threat in. Education is absolutely essential.”
This is the first time that fraud and Cybercime have been included in annual statistics.
Why isn’t more being done?
- £2bn has been pledged to cyber security over the next 5 years by the UK Government.
- But many fear this is too little, too late.
“The police and the government haven’t done enough at this point, obviously they are talking about pledging an extra £2 billion to cyber security for the next five years, but who knows if that will be enough?”
“This really puts the emphasis back on businesses and IT vendors like ourselves to support and protect people.”
Speaking of the reality of cyber-attacks, Phil was doubtful of the effectiveness of police forces in solving and combating cyber-crime. He said:
“A small business being hacked? There’s not much the police are going to be able to do about it realistically.”
“Really the goal is to make yourself more secure than other businesses and become a difficult target, because that means the vast majority of threats aren’t going to affect you.”
The government it investing £1.9bn in cyber security over the next five years.