The City of London Police’s Cyber Crime Unit has now held its first Cyber Griffin briefing after the initiative was launched in May. The briefing session on Friday 29 June was attended by 40 individuals from numerous companies based in the Square Mile and comes at a time when cyber crime offences in the City have increased by 30% compared to this time last year.
At the event, specially-trained officers provided information on real-time cyber threats as well as the most prolific attacks happening now, and also gave expert advice on how businesses could defend themselves.
Current police intelligence was shared with attendees and the topics of phishing, ransomware and insider threats all covered in great detail. Protection advice provided by the officers explained how companies and individuals could use encryption to protect themselves online.
Sergeant Charlie Morrison from the City of London Police’s Cyber Griffin delivery team informed Risk Xtra: “Nearly 80% of all the reports of cyber crime we receive come from businesses. This is why we came up with the Cyber Griffin initiative which has three distinct aims. First, it’s important people of all levels and roles within a business are educated on cyber crime and the current threats. This is where our briefings come in. Second, companies need to be prepared and well-equipped to resist cyber attacks and protect themselves which is why, through Cyber Griffin, we deliver skilled incident response training.”
Morrison concluded: “Finally, it’s vital that key learnings, knowledge and experiences are shared. This is why we have created a Cyber Advisory Group made up of a collection of experts selected because, together, they cover the major areas of cyber security. They can share guidance, answer questions and meet with companies who want advice.”
The next Cyber Griffin briefing is scheduled to be held on Thursday 9 August.
Survey reveals voice to be “silent” cyber security threat
A new study by voice security company Aeriandi has highlighted UK organisations’ contradictory attitudes towards the voice channel, increasing the chances of their customers’, employees’ and partners’ data being exposed to unauthorised parties – and as a result falling foul of the new General Data Protection Regulation.
The study was carried out at IFSEC International 2018. One hundred visitors were asked a series of questions to understand their attitudes towards voice technology plus their company’s use of the voice channel to communicate with customers.
An overwhelming number of respondents – 70% – believe that securing the voice channel is an important part of the IT security mix, with 68% stating that it should fall under the scope of IT security. However, when questioned about who, within their company, was responsible for voice, only around one third – 37% – stated that it fell under the remit of their IT security team. The remaining 64% of respondents said that responsibility lay with the Contact Centre, customer care, general IT (not security) or telco and networking teams within their company.
When it comes to the importance of voice and the voice channel, two thirds – 69% – of those questioned responded that it’s not a top priority for IT security. This view was reflected in the security posture of their own companies, with almost half – 47% – stating that voice security was either not a priority, or a lower priority than other threats including malware, phishing and trojans.
The contradiction in attitudes was highlighted by the fact that nearly three quarters of those surveyed – 72% – believe that advances in voice technology pose a significant threat to enterprise security, while 40% think that more resources should be allocated to protecting the voice channel within their company.
Matt Bryars, co-founder and CEO of Aeriandi, said: “We live in an age where the topic of data security is barely out of the news. Many organisations live and die by their ability to keep our data safe, which is why billions of pounds are spent every year on doing just that. However, a chain is only as strong as its weakest link and, for many organisations, the voice channel is an often-overlooked vulnerability that ends up being its downfall. With estimates that between 30% and 50% of all fraud incidents are initiated by a phone call, organisations must give the voice channel equal priority to other cyber attack vectors.”
Passwords “key to success” for criminals
Martin Tyley, cyber security lead at KPMG in the UK, has recently highlighted that passwords are key to the success of cyber crimes. He said: “With social media and e-mail accounts being the primary cause of some cyber crimes, it’s important that consumers become used to the idea of holding different passwords for different accounts. Better still, in an ideal world, a more sophisticated approach to authenticating people which blends the use of a two-step validation, behavioural analysis and contextual information would be in place to access our online lives. Passwords are still around, but it would appear that not enough is being done by businesses to enable and encourage other forms of authentication.”
Tyley added: “We continue to see victims every week who are vulnerable because a single password has been used for several online accounts leaving them open to multiple breaches. The truth is that this type of crime is not going to go away and it remains too easy for organised crime to succeed. The only path to defeating this is that businesses necessitate other forms of authentication that involve a two-step validation to prevent future cyber breaches.”