Fighting the ‘dark world’ of cybercrime

Features Posted 13/02/19
As criminals become more devious, the scams more daring and the importance of cybersecurity for businesses more pressing, South East Business magazine brought together a team of experts to share their experience for South East Business readers.

Schoolchildren with skills in computer technology are being mentored by police and digital experts, to ensure they use their talents for good and do not fall into the dark world of cybercrime.

A South East Business round table discussion on the importance to business of cybersecurity held at the University of Kent’s Centre for Higher and Degree Apprenticeships and chaired by Richard Bell of TenIntelligene was told by the Kent Police cyber protect and prevent officer Aimee Payne that she was working with young people who showed a particular ability in computer technology “to educate them around the law and make sure they have the tools to work within the law – so they do not cross the line into cybercrime”

Aimee said: “Kent County Council run Digital Dens and Coderdojo’s within the local libraries for young people, with the Regional Cyber Prevent Team (ERSOU) Eastern Region Specialist Ops Unit we have set up training and awareness sessions to back up the lessons.” She added: “Kids love technology and will push the boundaries to see what they can find. They probably wouldn’t dream of forcing a locked door, but they do not see anything wrong in doing the equivalent in digital terms.”

The next generation of cybersecurity experts are also being advised by Dr Lisa Dickson, senior lecturer at the Kent Law School in Canterbury, who said one of her most important roles was “to introduce students to how fast the digital world is moving”.

She spoke of the important work of Professor Awais Rashid of the department of computer science at University of Bristol, in creating the Cybersecurity Body of Knowledge (known as Cybok). This pulls together resources and information from several sources and is funded by the National Cybersecurity Programme. The University of Kent, where Lisa works is also involved.

Discussion fell to the most common scams to threaten businesses. Aimee quoted “mandate fraud, CEO fraud and Ransomware attacks,” and added: “Staff need to be told the possible consequences of online fraud and bosses need to think about what it does to an employee who unwittingly allows a cybercrime.”

She said education of staff was paramount. Aimee agreed with Colin that there was outdated legislation to fight cybercrime and a big threat came from “card not present” fraud online.

John said he and his colleagues had noticed “a significant upshift in the sophistication of ransomware attacks in the last few months” and warned that companies needed to stay one step ahead of the criminals. Aimee said that official advice on ransomware was not to pay demands, but to report them to Action Fraud. However it was acknowledged that “companies frequently can’t spare the time to be without their system and just pay the money to enable them to get back online and on track”.

Colin echoed this, saying: “Cybercriminals play on human kindness, panic and greed”, but stressed that it was vital to crack down on them, or they won.

Annie said a big issue behind companies not reporting fraud was “the embarrassment factor”, adding “no one wants to be shown up as not having sufficient protections in place.” She said the message needed to be shared about the role of law enforcement in fighting cybercrime, but she acknowledged the problem was forever changing, as cybercriminals became “more greedy and daring”.

Aimee said she was working with Neighbourhood Watch to put out regular community based messages about the importance of cybersecurity and wondered if there was a need for a similar network for businesses. Richard said this existed through the Cross-Sector Safety and Security Communications network (CSSC), but thought this was not widely enough known. He believed the biggest issue for SMEs in dealing with cybersecurity was cost.

Pete said the problem was often in an excess of information available, adding: “There are too many voices saying too many things. We need to simplify information and advice.”

This led the discussion about what companies could do to prevent cybercrime attacks. Richard said: “The trouble is, so many worlds are colliding – business, police, resources, staff conflict. Education must be a priority.” Aimee agreed, saying: “Cybertraining should cover all workplace and social media.” She revealed that the police offered a free “cyber review” for businesses, to highlight possible areas for attention to cybersecurity and officers return six months later, to see what had been done to improve areas of risk.

Colin said many companies were at a loss to know who to trust in seeking advice over cybersecurity and John said although his company gave free seminars on the subject, “the majority of delegates seem to think it does not apply to them.”

Top tips

At the end of the discussion, the round table shared ways in which companies could protect both individuals and the business. These included:

  • Signing up for alerts that tell you where your email has been compromised
  • Changing passwords regularly
  • Setting up “two-factor authentication” systems on your computer, where two or more pieces of evidence are required to allow access – based on something you know, something you have, something you are
  • Instigating training, both for yourself and your staff in how to spot cybersecurity issues
  • Regarding data security and health and safety as equally important
  • Understanding that cybersecurity is not an IT issue, but that the responsibility rests with everyone
  • Testing your company’s resilience against external and internal hacks regularly
  • Knowing what your data is and where it is stored. Is it backed up and do you check it regularly?

<a href=”>Click here to read the full feature on Cybercrime

Photos: ©Oyster Bay Photography

Tweets from @SEBmagazine