The COVID-19 pandemic has seen many aspects of our daily routines change or has required us to adapt to new working environments. This has also been the case for cyber criminals who have had to adapt their tactics, they are now targeting people who are spending more of their lives online than ever before.
The launch of many small businesses has given cyber criminals a new playground to embrace. Since the 23rd March 2020, there has been 60,494 new businesses launched with the business type or industry being:
Mail order/internet retail – 4.63%
Arts, entertainment, recreation 3.53%
Letting/operating real estate 3.39%
Business admin & support 2.98%
The top 5 hot spots for new businesses in the South East included, Slough, Dartford, Milton Keynes, Brighton and Hove and Gravesham.
And, with 98% of UK businesses now operational online in one way or another, benefiting hugely from the use of websites, social media, staff email addresses, online banking, and the ability for customers to shop online, it is no surprise that cybercrime is on the up.
Latest government statistics show over four in ten (43%) of all businesses and charities experienced a cyber breach or attack in the past year. This included computer viruses, hacking, theft of data and theft of financial information. And it can happen to ANYONE!
Here at The Cyber Resilience Centre for the South East, we provide a number of highly-professional cyber services at affordable rates to help provide guidance to SMEs who are either new to cyber security and need help getting started or to those who are established but are looking to better protect their business.
There are several services available which include investigating what information is out there that might be used to attack your business and you personally like personal details, breached passwords, and data available on the dark web. They can check on the security of your website and systems, come in and scrutinise your current policies and procedures, or even deliver a staff training session.
In this blog, we are casting a spotlight on the centre’s Remote Vulnerability Assessment service. This service can help in identifying weaknesses that might be used to help cyber criminals carry out successful attacks.
What type of information can cyber criminals exploit?
Late last year, a school payment system Wisepay, that allows parents to pay for things like school meals and exam fees online was targeted in a cyber attack. The attack led to parents being warned that their card details may have been compromised.
Wisepay said a hack of its website meant an attacker was able to harvest payment details between 2 and 5 October via a spoof page.
Attempted payments to about 300 schools have been affected by the scam.
But the firm said only a small number of the pupils' parents would have used its system before it was taken offline.
This is an example of where the Remote Vulnerability Assessment system would have been able to identify possible weaknesses that cyber criminals would have been able to exploit.
How does the Remote Vulnerability Assessment work?
If your organisation is connected to the internet, this service will remotely review that connection in the same way as an attacker would perform reconnaissance, looking for potential weaknesses.
The service uses the same toolsets and skill sets as hackers use to map your organisations internet connections. This service also benefits from regional Police and National Cyber Security Centre intelligence to capture the very latest known threats and techniques used by cyber criminals.
Remote vulnerability assessments are not penetration tests, where the goal is complete systems compromise or to take full control of your systems.
Service reporting will provide a plain language interpretation of the results and how any vulnerabilities might be used by an attacker, as well as simple instructions on how any vulnerabilities might be fixed.
Find out more or request a quote for this service here.
I would like a full penetration test of my systems, can the SECRC help me with this?
We can recommend our IASME Trusted Partners network to provide additional services such as a full penetration test.
Our Trusted Partners have been subject to due diligence checks by the accreditation body appointed by the National Cyber Security Centre, the UK’s National Technical Authority who are a part of GCHQ. They are also certification bodies for Cyber Essentials and Cyber Essentials Plus schemes which assure you have considered the most common cyber technical controls. n
Learn more about our Trusted Partners here.