Hello everybody, I’m Brian Brookes, Risk Manager at BHIB Insurance Brokers. Previous to joining BHIB, I was the Insurance Manager for Leicester City Council for 11+ years and more recently was the Head of Insurance at the University of Warwick. I’ve just delivered an online session on Cyber Security & Awareness with Scribe and I’m delighted to share my insights with you in this blog. 

In today's interconnected digital world, the internet is a resource like no other, playing a pivotal role in our everyday lives. From websites, social media, online banking to remote working, the digital shift has opened a new world of convenience and opportunity. But on the flip side, the unfortunate truth of the digital age is that fraud and cybercrime have become commonplace.

This encompasses a broad range of criminal activities conducted online, and it has quickly become one of the most common offenses across the UK, costing the UK economy in excess of £27bn per year (at the time of writing). From SMEs to major corporations, and from individuals to public sector organisations, no one is immune to the potential hazards of cybercrime.

In this blog, I’m going to shed some light on the common types of cybercrime and fraud that are prevalent in our modern age.

‍

#01 Ransomware Attacks

Ransomware is a particularly destructive form of cybercrime that involves hackers infiltrating systems, encrypting critical data, and demanding a ransom for its release. In many high-profile cases, these attacks have crippled institutions, including NHS trusts and multinational corporations, disrupting their operations and often costing them millions in damages. 

It's essential to understand that paying these ransoms is not a guarantee of recovering your data and will likely make you a repeat target. I therefore always recommend that you DON’T pay the ransom and instead report to Action Fraud on 0300 123 2040 or your cyber insurance provider.

Gloucestershire County Council fined £100,000 after a cyber attacker accessed council employees' sensitive information.

‍

#02 Phishing and Spear Phishing

Phishing is a cybercrime where a scammer sends out thousands of emails, hoping that a small fraction of recipients will click on malicious links, thereby providing the scammer with access to their systems or sensitive information. Spear phishing, however, is a more targeted approach, where specific individuals or organisations are targeted based on detailed research. 

Unfortunately, both techniques can be highly effective if individuals aren't trained to spot them, and while some email clients may spam these emails immediately, some can still creep through. Many people still fall prey to these scams, either through lack of awareness or because the scam email convincingly appears to be from a legitimate source. Always check the email address which may have subtle differences (e.g. “0” instead of “o”) and beware of “immediate” requests which may require you to click a link or provide sensitive information.

‍

#03 'CEO' Fraud

Also known as Business Email Compromise (BEC), CEO fraud involves cybercriminals impersonating high-ranking executives and asking employees, usually within the finance department, to perform transactions such as transferring funds to a designated account urgently. 

In many cases, the scammer's request is so convincingly framed that employees act without double-checking, leading to significant financial losses. Always verify & check!

A Parish Council in the Ascot area was almost caught up in a scam after receiving a genuine looking invoice for payment of services. After realising that no-one could remember authorising it, it was discovered to be a bogus invoice.

‍

#04 DDOS

A Distributed Denial of Service (DDoS) attack is a malicious attempt to disrupt the regular functioning of a network, service, or server by overwhelming it with a flood of Internet traffic. This traffic is typically generated from many different sources, potentially hundreds or even thousands, which makes it difficult to stop the attack by blocking a single source.

DDoS attacks can have significant impacts, including prolonged downtime and data breaches. Implementing appropriate security measures to prevent or mitigate these attacks is crucial for any online presence, such as investing in high bandwidth or using DDOS protection services that detect and prevent unusual traffic patterns (e.g. through the use of CAPTCHA).

‍

#05 Telephone Scams

While not a traditional form of cybercrime, telephone scams are a significant risk in the digital age. Fraudsters often impersonate bank representatives, tax officials, or even tech support staff to extract personal or financial information over the phone. Vigilance and a healthy dose of skepticism are crucial in protecting yourself against such scams.

‍

With cybercrime continuously evolving and escalating, awareness and education are our strongest defense. Regularly updating and improving your cybersecurity measures, ensuring all members of Council are well trained to identify and handle potential threats, and considering cyber insurance policies to mitigate potential damage are all important steps towards building a robust cyber defense. Always remember, prevention is better than cure, especially in the digital realm where the effects of cybercrime can be devastating and far-reaching.

‍

Have a read on 8 Strategies to Protect Yourself & Your Council From Cybercrimes

‍

‍

⏯️ Scribe Playback - Watch Now

‍

⬇️ Download The Slides

‍