What are the biggest online threats facing Chesterfield businesses?
The biggest online threats facing Chesterfield businesses are phishing, ransomware and brute force hacking.
Phishing is the most common cyber attack, with an estimated 3.4 billion spam emails sent daily.
Phishing is any malicious email that tries to get the target to download a file or enter their personal information into a spoof website.
In recent years, these attacks have become more sophisticated and difficult to spot. While Google blocks around 100 million spam emails every day, millions still get through and pose a real threat to businesses.
Many hackers now send professional-looking emails replicating the language and tone of genuine companies and charities. Alternatively, they can intercept genuine emails and change elements, such as inputting a different payment account for an invoice.
Further complicating matters are tailored emails impersonating CEOs or senior staff sent to employees asking them to quickly send money to an account.
The average click-rate for a phishing campaign in 2021 was 17.8%, highlighting the increased sophistication of these emails. Any data hackers successfully get through phishing can be used in further attacks or sold to other criminals.
While the global volume of ransomware dropped 23% in 2022 compared to 2021, it still remains a threat to businesses across the UK.
Ransomware is malicious software that locks users out of their devices or from accessing their files. More sophisticated versions will remove the data from local storage and encrypt it; the hackers only give the decryption key once the ransom has been paid.
Downtime and the threat of data loss can have a huge impact on businesses. In some cases, the overall cost of repairing the damage done by a ransomware attack can run into the millions.
Brute force hacking
Brute force hacking occurs when hackers ‘guess’ account passwords using specialised software. They usually purchase compromised email addresses on the dark web and then use trial and error to crack the passwords associated with the address.
While measures such as 2-factor authentication or hardware keys mitigate the risks of brute force attacks, many businesses still don’t have robust cyber security policies in place. This means this attack method remains popular and a constant threat to Chesterfield businesses.
What cyber breaches have occurred in Derbyshire?
Notable cyber breaches that have occurred in Derbyshire include the attacks against A-Line Taxis and Nelsons Solicitors.
Two men were jailed for 30 months after launching a Telephone Denial of Service (TDoS) against A-Line Taxis, a Chesterfield taxi firm.
The men purchased equipment that allowed them to constantly call the firm over a 30-hour period. The volume of calls prevented genuine customers from getting through and cost the firm valuable business. The men then tried blackmailing the firm to get the calls to stop.
According to the police, the attack cost A-Line Taxis thousands in revenue and damaged their reputation, as it appeared to customers that they simply weren’t picking the phone up.
Nelsons Solicitors in Derby is one of the 200 largest law firms in the UK. However, in 2022 a data breach saw sensitive client data hacked.
The Information Commissioner’s Office (ICO) was notified of the breach, which exposed around 2% of Nelsons’ client data.
Nelsons said that there was minimal impact on their day-to-day operations, and that they contacted the affected clients with the offer of additional support.
What do businesses need to look out for?
Businesses need to look out for any suspicious emails, phone calls or links they receive.
Your business has likely received spam. A decade ago, these emails were easy to spot; they were full of grammatical errors and clumsily tried to get targets to send money via sketchy links.
Spotting a phishing email is harder than ever. Your staff must always be vigilant and not reply if they feel something isn’t right. Some of the common signs that you’re looking at a phishing email include:
- Emails sent from an unfamiliar address.
- The email address and company the email claims to be from not matching.
- Grammatical errors.
- Content asking you to send money, follow a link or enter your login information.
- A sense of urgency, e.g. act now, please send funds immediately.
If you’re unsure and the email claims to have been sent from someone within the company, always ask in person. Their email may have been compromised, and it’s better to ask for clarification than risk initiating an attack.
Our phishing awareness page has more details about this type of cyber crime and how your business can avoid falling victim to it.
Cyber criminals are increasingly using telephone calls in their attempts to steal information or money. Also known as ‘vishing’, hackers will use similar tactics as when sending emails; they’ll impersonate companies, banks or charities and try to get their target to divulge sensitive information.
These scam calls are often used together with phishing campaigns as hackers look to disguise their criminal activities. In 2021, the average click rate for a targeted phishing campaign combined with vishing was 53.2%, emphasising how valuable this attack method is and highlighting how cautious your business needs to be.
Any suspicious calls should be treated the same as emails. Don’t give any information away, and report the call.
Malicious links for file downloads or spoof websites can cause huge damage to your business. High-level threats like ransomware can be delivered through download links, while spoof websites can capture any login details you enter and give hackers access to your internal network.
As such, don’t click on any unfamiliar links. Report anything that seems suspicious to a manager or IT support.
Who do you contact if your business has been breached?
If your business has been breached, you need to contact the police or Action Fraud, as well as the ICO.
Unfortunately, cyber attacks are a ‘when’, not an ‘if’ scenario in business. Taking the right precautions will mitigate many risks and help ensure that a breach causes minimal disruption or damage.
Any breach should be reported to the police on 101 or Action Fraud, the national fraud and cyber crime reporting centre. Action Fraud has a form specifically for businesses and charities to report a crime, as well as a hotline for attacks that are currently happening.
The number for ongoing attacks – 0300 123 2040
As part of GDPR law, you must also, where possible, report any data breaches to the (ICO) within 72 hours of becoming aware of the attack.
Derbyshire Police has a page dedicated to spotting cyber crime and includes information for local numbers to call.
The National Cyber Security Centre has a range of guidance and resources for businesses and individuals to protect themselves online.
Action Fraud has a number of articles that break down the 4 main areas businesses need to focus on to protect their revenue and reputation online.
Browse more articles from our experts and discover how to make better use of IT in your business.
As the most common form of cyber crime, phishing affects both individuals and businesses. Find out how attack vectors and trends are developing with the latest phishing statistics. Read More
Read the latest cyber crime statistics, updated for December 2023, and see how the threat landscape has changed in recent years. Read More