In Bradford Manufacturing Week 2018


In 2016, the UK lost £2 million each day as a result of financial fraud1, and the threat of cyber fraud is growing year-on-year. Cyber fraud can result in major financial losses, and data breaches have the potential to profoundly damage trust in a company; fraudsters monetize stolen information by selling it on online, and the impact this has on businesses reputations can be severe.

As nearly half of all UK manufacturing companies have been the target of cyber fraud, we cannot afford to ignore this issue. In our ever more digitalized industry we must be alert to, and protected from, a range of advanced and complex threats. (EEF and AIG published RUSI report)

Understand the risks – Social engineering

The threat of cyber fraud can seem a difficult one to combat. However, it’s important to remember that most cyber fraud attacks depend heavily on human interactions – fraudsters have long identified that the easiest way to breach an organization’s defenses is to target its people, not its systems.

Social engineering is the method by which fraudsters aim to trick people into breaking normal security procedures. Fraudsters are usually looking for the victim to give up sensitive information, such as bank login details, or for them to enable malicious software to be installed onto their device.

They may be aware of regular payments that are due or company structures, enabling them to impersonate employees.

An issue that often crops up in my discussions with senior execs is the threat of CEO impersonation fraud which has become easier due to the growth of social media. An important mechanism to prevent CEO fraud involves being careful about what information is made available online.

Understand the risks – Digital attacks

The more traditional threat of viruses and malware is just as relevant as ever. Something as simple as a PDF download or clicking an email link can install a piece of malware which has access your entire network.

You’ve probably heard of Trojans and Ransomware, the two most common forms of malware. Trojans enter your computer on the back of other software and can give a stranger access to your personal details by taking screenshots or capturing keystrokes. Ransomware enables a fraudster to gain control of your system in order to encrypt your files, demanding a fee to unlock them – so you should aim to keep information backed up.

In May 2017, there was a significant global cyber security attack dubbed “the biggest ransomware outbreak in history.”3. The attack, dubbed WannaCry, infected more than 300,000 computers – hitting the NHS, and international shipper FedEx, with widespread impacts to Russia, Taiwan, Ukraine and India4.

The impact on the NHS from WannaCry would have been significantly reduced if their operating systems had been patched. Again, these viruses rely on human error, and educating employees on good cyber awareness will help combat this vulnerability.

Understand the risks – Network attacks

Network attacks occur when you send insecure business communications, such as emails, a fraudster is able to intercept confidential information contained the message. Email is vital to almost every company in the UK, yet we often overlook how easily they can expose us to cyber threats. To combat this threat, ensure that sensitive information is sent over encrypted networks. Secure Sockets Layer (SSL) is the standard security technology for establishing an encrypted link between a web server and a browser.

Going forward

Whilst there are numerous ways fraudsters can infiltrate your business, there are measures that you can put in place to stop your business from being vulnerable to an attack. With vigilance, education and the implementation of sensible systems you can help keep the criminals at bay. Here are some key points to consider when assessing your company security.

Ten steps to help prevent cyber fraud

  • User education and awareness: educate all of your employees about the potential channels cyber fraud may take, regardless of their level or role
  • Network security: avoid connecting to untrusted networks
  • Monitoring: constantly monitor inbound and outbound traffic
  • Malware protection: ensure you have the most up-to-date version of your chosen software
  • Information risk management: embed an information risk management regime across your organisation
  • Incident management: establish an incident response and disaster recovery plan
  • Managing user privileges: manage the access your employees have to programmes and spend/approval thresholds
  • Secure configuration: remove or disable unnecessary functionality
  • Home and mobile working: protect data using an appropriately configured virtual private network
  • Removable media controls: limit removable devices such as USB drives.

(Source: National Cyber Security Centre)


Recent Posts

Leave a Comment