Marcin Kleczynski, CEO of Malwarebytes, explains the threat to the capital’s businesses from the latest criminal software
If London loves business, then cybercriminals love business more.
Hidden deep in the shadows of cyberspace, lurking behind anonymised servers and so-called ‘bullet-proof hosting’, business generates massive amounts of sensitive digital information. This means one thing for the cybercriminal – opportunity.
Nowadays business information is managed digitally. This means that sensitive documents, once contained in accounting books and personnel files and stored in a safe, are now held locally on company computers, or accessed on the Internet. Examples of this abound. For example, whether you are a start-up or global multi-national, banking is typically done electronically. With the knowledge of a password and login details, an entire company bank account can be accessed and money transferred around the world.
Coming from the owner of a software security company, this might sound like scaremongering; however it is a very real threat. The recent hacking of organisations such as News International and the Home Office shows that even the biggest organisations are not safe, the underground economy in stolen credit card, bank and personal details is thriving.
For the cybercriminal, hitting a business can be particularly rewarding not only because bank accounts typically hold more money, but it is a multiplier in terms of other valuable information. Logins of all types, lists of email addresses, sensitive corporate documents and more can all be sold online.
The points of entry for digital incursion are multiple. Typically the hacker will use cutting-edge criminal software called malware, which is often capable of slipping past existing anti-virus software bought from big-name vendors.
Once installed on personal laptop or company network, this can then monitor and collect information on everything that takes place on these machines. Every email that enters an inbox, key pressed on the keyboard or document that is accessible can be viewed and harvested by the hacker, who is often hidden behind untraceable servers in a country with a lax legal position on such matters.
How can you protect your business?
A large portion of this risk can be mitigated by using technology which has been designed specifically to stop this latest breed of criminal software. Such software will work alongside existing anti-virus and together the pair significantly decreases your risk of infection.
This is needed because the approach used by many anti-virus technologies is often 10-15 years old, and is not advanced enough to stop the latest morphing criminal software.
Other good tips for reducing your exposure include making sure you update security software whenever prompted. Whilst this may seem like a drain on your time, the latest updates are needed to ensure your protection recognises the latest emerging threats. In addition, you should always keep seemingly unrelated software, such as web browsers, operating systems, Adobe etc. up to date to ensure these are not being used as an attack vector.
Employees also need to be made very aware of the increasingly popular personalised approaches that cybercriminals are making on social networks, instant messaging and seemingly innocuous email attachments. This ‘human engineering’ is often very clever and can be easily mistaken for the real thing.
As a business hub, London is a massive potential target for cybercrime.
However, do not be fooled by the romantic ideal that it is just targeting the big banks in Canary Wharf and the City or Government offices on Whitehall. Cybercrime has become an industry in itself, founded on the wholesale theft and sale of sensitive information. The latest breed of criminal software is designed specifically to do this by sneaking past existing anti-virus software. However, by using the techniques outlined above, the capital’s businesses can operate safe in the knowledge that they are doing everything possible to prevent this.
More like this…