“I feel like I’ve learnt almost too much!” exclaimed Jane Holt, Southampton Science Park’s Business Development Director, as she drew July’s Lunch & Learn webinar to a close.
Founder of specialist cyber security company MSnet, Chris Mouncey, had been taking attendees through the much-misunderstood topic of cybercrime with particular, and increasing relevance to SMEs.
Chris began by highlighting some of the cyber-attacks that made the headlines recently. Between January and May this year alone, organisations as diverse as Wentworth Golf Club, Serco, Fat Face, the University of Portsmouth, Colonial Pipeline Company and Kaseya have been targeted and forced to hand over tens of millions of pounds in ransomware while also suffering serious operational impacts and creating knock-on effects throughout their supply chains. By the end of 2021, cybercrime will have cost organisations £4 trillion.
So, why is this happening and what is this new breed of criminals after? Chris explained that the motivation for extortion is not just financial; it could also be political as state-sponsored attacks gain pace, or even ideological, whereby ‘hacktivists’ seek to advance their causes.
The restricted area of the web, the Dark Web, accounts for 50% more traffic than the surface web that most of us use. Shockingly, some 4.3 billion credentials are for sale on the Dark Web today. In short, it’s a place where you can purchase anything you want using cryptocurrency.
Playing in this arena is fast becoming a very lucrative career choice. What’s more, now anybody can become a cybercriminal because everything they need is available online, even if they don’t have the skills to build the tools themselves. For example, ransomware is available as SaaS, and phishing kits, including instructions and the necessary code required to run a campaign, can be purchased to create fake landing pages in an instant. Tools for smishing, malvertising, watering holes and web attacks are all there for anyone who knows how to access them.
While the examples given at the beginning cite corporates, Chris revealed that SMEs in the UK are attacked, on average, every ten seconds. “It’s not a question of ‘if’ but ‘when’,” he concluded. “SMEs are regarded as ‘low-hanging fruit’ for cyber criminals because, even though their financial reward may be less, cyber criminals know that most SMEs are unaware of the risks and consequently do not train their staff, they spend less on IT support and, crucially, they are the gateway to their primary targets, larger organisations. It takes just one unaware employee to give away everything.
“All companies, big or small, must now work on the concept of zero trust,” advised Chris. “A multi-layered approach is needed to create an improved security culture, to protect staff and to mitigate the potential costs and consequences of cybercrime.”
- Starting with education and by making sure that the right people have the right training and the right access to the right systems and machines.
- Ensuring devices are protected with trusted Endpoint Security.
- Using good incremental data back-up services.
- Keeping software up to date and patched.
- Filtering emails and email attachments
- Safeguarding passwords and user credentials - use two factor authentication.
- Knowing what to do in the event of an attack – who to inform and how to get back up and running.
And something you can do right away? Take twenty seconds to review every email you receive before acting on it. There are seven golden rules to look for:
Further support can be accessed at
- NCSC: The National Cyber Security Centre
- NIST: Computer Security Resource Centre
- MSNet: Cyber Security Partner
The presentation pack for this webinar is available by emailing Southampton Science Park.