Dr Mike McGuire, a Senior Lecturer at the University of Surrey, teamed up with a virtualisation tech company, Bromium, and produced ‘Into the Web of Profit’ – a research study investigating the socio-economic and spending differences among cybercriminals. The headlines read like the script of a B list Hollywood movie with 15% of cybercriminals spending to gain status – high stakes gambling, flash cars, gold, drugs, jewellery and prostitutes.

So how does it work?

Cybercrime, Dr McGuire states, is not a business, it is an economy. Top cybercrime earners include sales of prescription pharmaceuticals, counterfeit products, corporate trade secrets, intellectual property theft and the data trading market (including stolen passwords, credit cards and identity theft).

So how do cybercriminals convert their ill-gotten gains to cash? Cash can readily change hands under the pretence of paying for a service – online platforms like AirBnB, and Paypal are allegedly not immune to being used for the exchange of illegal funds.

But what about the more shadowy world of cryptocurrencies? According to Europol about £100 billion has been laundered this way.

Cryptocurrency (n) A digital currency in which encryption techniques are used to regulate the generations of currency and verify the transfer of funds, operating independently of a central bank.

To keep this blog brief, what you need to know is that decentralised cryptocurrencies now provide an outlet for personal wealth that is beyond any formal control. As Interpol succinctly puts it:

The key to cryptocurrency success is in the confirmation process – the ‘blockchain’. Once a transaction is confirmed, it can’t be reversed. And here is where computer experts come in – called ‘miners’, only miners can confirm a transaction. They add your transaction to the currency ‘database’ and it becomes part of the blockchain. Although their knowledge of cryptography and ciphers make their work sound like a Dan Brown novel, it is simply mathematics, though so advanced it would probably make the average head spin.

What is the future of Cryptocurrency?

According to Blockgeeks.com the market of cryptocurrencies is ‘fast and wild’. For crime purposes the higher the level of anonymity the better, as at some point the cryptocoin of choice must be exchanged at some point for ‘real money’. Altcoins, Zcash, Dash, Verge, NavCoin – new variants are popping up and digital transactions are becoming virtually untraceable.
It seems that organised cybercrime is just that, organised. Structured, well-prepared, methodical and controlled – it is being run on an industrial sized platform with access to borderless currencies and law enforcement lagging one pace behind.

The publishing of the Cyber Threat to UK Business Report 2017/18, the new GDPR regulations and the ongoing scandal of Facebook condoning the harvesting of private data means that data security is first page news.

We are going to examine some key points of the report in real terms to SMEs. If you think that tech horror stories such as ransomware, WannaCry, crypto-jacking, worms and trojans will never affect your organisation, you can think again. According to data compiled by a leading insurance company, in the past 12 months 875,000 SMEs across the UK have been affected by a serious cyber-attack. Of the companies hit, just over a fifth reported that it cost them more than £10,000 and one in 10 said that it had cost them more than £50,000.

Our Cyber Awareness Training sessions are an effective way to make your team the first line of defence and not the last resort. We firmly believe that knowledge is power so have created an 2 step program covering the most critical aspects of Cyber Security. If you are interested in attending a Cyber Awareness Training session, our next session is on 22 May – you can find out more and reserve your place by clicking here.

What does Heliocentrix recommend?

Risk Assess! It’s sounds an obvious starting point, and even if you believe that your organisation has excellent cyber security, until you have written a comprehensive Business Continuity Plan (BCP) and tested it thoroughly and explored every possible scenario, you are still susceptible.
By now, you are probably well under way with your preparations for the new GDPR regulations and feeling confident that your data is under ‘lock and key’. We probably don’t need to remind you that, under certain circumstances, the financial penalties for failing to prevent data breaches could be crippling.

Now that you believe you are secure, what are the guarantees that any contractors, third party suppliers or software that you download have such stringent practices in place? Like any virus, the contagion will spread across your network and needs only one entry point. Your business partners must be as diligent about cyber security as you are. Test them.

You are the weakest link. Human error will be the biggest risk to your business in 2018. Business Email Compromise (BEC) is one of the most common forms of cyber attack (and fraud). Cyber criminals can be very patient and, once they have gained access to your emails, they sit in the background waiting for their opportunity.

Sending a hoax email from your email is harder to detect than you think. In this socially connected world we can all use business terminology effectively, learn industry language and personal references from social and professional networking sites can make the deception appear authentic and personal.

So do cyber criminals only attack bigger corporations? The easy answer is that they don’t. It is a more likely outcome that bigger firms have dedicated IT teams to spot attacks far earlier than the average UK based SME. The WannaCry attack that hit the NHS, also hit over 300,000 other businesses globally.

We have spotted a cyber attack – who do we tell?

Early reporting is key to finding a solution and mitigating the damage done – both practically and reputationally. Under new GDPR guidelines you must report any security breach to the ICO within 72 hours. Always keep a timeline of events.

The Heliocentrix Top Five Tips for SMEs from the report

1. Use up-to-date and supported operating systems and software
2. Protect the network: use firewalls, anti-virus solutions and network segregation to protect services
3. Protect information: implement an access rights procedure for staff for all devices and services and use multi-factor authentication to protect sensitive information
4. Use password managers to prevent password reuse ensure that all services are protected by strict authentication and authorisation controls
5. TRAIN YOUR STAFF IN CYBER SECURITY PROTOCOLS

For more information on how malware can affect your business please look at our March 2018 blog post. or get in touch…..

The team here at Heliocentrix are already helping local and national SME’s with their IT systems, from offering friendly advice to security and peace of mind with our fully Managed IT support – and everything in-between.

Our Cyber Awareness Training sessions are an effective way to make your team the first line of defence and not the last resort. We firmly believe that knowledge is power so have created an 2 step program covering all aspects of Cyber Security.

If you are interested in attending a Cyber Awareness Training session, our next session is on 22 May and will focus different types of threats, what they mean for your business and to how to stay one step ahead of security breaches. – you can find out more and reserve your place by clicking here.