Over 50 organisations ranging from the insurance, finance and healthcare sectors; to law firms, schools and charities; joined us recently for a webinar on the latest cyber security threats and advice.
We were delighted to share fundamental cyber security best practice with a wide range of SMEs and non-profit organisations during a joint webinar with the Eastern Cyber Resilience Centre.
The session covered a host of the latest attack strategies used by cyber criminals including sophisticated AI-enabled phishing fraud, supply chain attacks, browser-in-the-middle attacks, deepfakes and QR code scams. We also shared a range of cyber security fundamentals such as using strong passwords , enabling multi-factor authentication, educating employees on the latest security best practices and getting Cyber Essentials certification.
As a Cyber Essentials Accreditation body in the Southeast (we’re Cyber Essentials Partners with the Eastern Cyber Resilience Centre), we work with a wide range of clients in the region who are looking to achieve the government-backed cyber security certification scheme.
The Eastern Cyber Resilience Centre is a police-led, not-for-profit organisation which works to support SMEs, charities and schools across the East of England to bolster their cyber resilience. It’s part of a nationwide network of regional centres across the country.
Intersys’ Head of Security Jake Ives, co-hosted with Jim Stevenson, Head of Cyber and Innovation at the ECRC.
You’re never too small to get hacked
Jim Stevenson kicked off the webinar with a compelling video based on a real-life example of a finance manager at a care home in Wales who fell victim to a phishing fraud. Watch the video here.
Jim also shared statistics from the UK Cyber Breaches Survey 2024 such as the fact the a whopping 58% of small businesses fell victim to cyber crime in the last 12 months alone.
“We’ve all seen the headlines about cyber attacks on large organisations – M&S, Co-Op, Adidas, Ingram Micro, to name a few,” said Jim. “But beneath the headlines, 611 other ransomware victims in the UK have been recorded this year alone, including schools, small businesses and start-ups […] and that’s just ransomware – it doesn’t include more prevalent threats like Business Email Compromise (BEC) which continues to affect organisations of all sizes every day.”
Criminals are using AI to create convincing emails in seconds
Jake Ives spoke of the ease with which hackers can now create persuasive emails using the latest AI technology such as Chat GPT. “Threat actors are using these tools to do in-depth research on their victims and then craft persuasive emails in under 30 seconds.” said Jake. “Now imagine a threat actor doing this at scale, sending to thousands of recipients. It’s a numbers game and sooner or later, someone is going to fall for it.”
Jake also highlighted the growing threat of supply chain attacks – the M&S hack being a high-profile example. Hackers are targeting the weakest link within an organisation’s supply chain which then gives them access to the systems and data of all the organisations higher up in that supply chain.
He also touched on other attack strategies such as:
- Quishing – where criminals use malicious QR codes to deliver phishing attacks.
- Browser-in-the-middle attacks where hackers intercept login sessions to steal credentials and gain control of victims’ accounts.
- Deepfakes and AI impersonation where criminals use AI-generated synthetic media to convincingly mimic the likeness, voice or actions of real people in videos, photos or audio recordings.
How can organisations stay safe?
Basic cyber security principles that cover people, processes and technology still form the first line of defence against any cyber threat.
Jake elaborated on the fundamentals that can help a business stave off threats such as:
- The importance of long and unique passwords for each account.
- Why you should never store your passwords in a spreadsheet and use a reputable online password manager instead.
- Why MFA (multi-factor authentication) is non-negotiable in the modern workplace.
- How cyber awareness training is vital to strengthen the weakest link in cyber security (humans) and the dangers of victim shaming.
Jake also discussed the government backed Cyber Essentials scheme and how organisations that undertake a proper certification can defend against the most common cyber threats as well as get a practical baseline for good cyber security.
We were delighted to receive some really positive feedback during the Q&A session at the end and hope that the participating organisations were able to take away some actionable insights from the session.
Click here to watch the webinar video in full.
Click here if you’d like to find out more about future cyber security events from Intersys.