Cyber crime trends

How to protect your business

April 2017

DCI Andy Fyfe

Current / Emerging trends inCybercrime

• 3.6 Million fraud incidents a year; 2 million cyber crimes(England & Wales Crime survey – 2016)

• Cyber enabled frauds – 70% of all reported frauds(Where a computer is used to enable a fraud)

EG

– CEO fraud

- Computer Software Service frauds

- Online shopping frauds

• Cyber dependent crime(Where the attack is against a computer system itself)

Eg

- Malware

- Hacking

- DDOS

- Ransomware

CEO/ Mandate Fraud

• The biggest Cybercrime affecting:

• Large corporates

• Public sector bodies

• SMEs

• CEO impersonated, seeking payments to suppliers

• 3996 reports in last 6 months

• £14.7 Million loss in Feb alone

Mostly cyber enabled crime

- Social engineering

- Phishing emails

- Social media compromise

- Attacking “weakest links”

But can be cyber dependent

- Hacking

- Malware infestation

Cyber enabled Frauds

• Computer Software frauds – 17000 victims in 6 months;

£2.5 Million losses in March 2017

• Online Shopping Frauds –21000 victims in 6 months;

£3.3 Million losses in Feb 2017.

Reported Cybercrime – Last 6 months

Cyber Dependent crime

• Computer Virus \ Malware \ Spyware - 4984

• Denial of Service Attack - 286

• Hacking - Server & extortion - 959

• Hacking - PBX / Dial Through - 265

Reported losses in March 2017 : £5 million

**Ransomware is recorded as either hacking or malware**

Regional and National Policing Structures

43 Separate Forces

10 Regional Organised Crime

Units (ROCU’s)

National Cyber

Security Centre

(NCSC)

Cyber crime - example

“Talk Talk hacked by cybercriminals –

what to do if you have been affected”“The phone and broadband provider Talk Talk which has over 4 million UK

customers have that said banking details and personal information could

have been accessed by hackers in a recent cyber attack.”

(ACTION Fraud & ALL news bulletins – October 2015)

• NOT a difficult / sophisticated hack!!

• What if this was YOU??

• Mitigation steps / engage law enforcement / media strategy

Advice for businesses

Businesses can stay relatively safe from cyber attacks by doing the

following:

– Keep computer systems up to date – update patches and current anti-virus software

– Educate staff – password discipline, phishing emails and social engineering

– understand your threat landscape – who might want to harm you, steal from you, or

spy on you – and adjust your levels of protection accordingly.

Further useful advice

• www.getsafeonline.org

• www.ncsc.gov.uk

• www.cyberaware.gov.uk

• www.actionfraud.police.uk

How Secure is your password?Howsecureismypassword.net

Andrew – 0 seconds!

Andrew100 – 42 minutes

IJTLSO20/04/2017 – 6 Billion years

eBayIJTLSO20/04/2017 – 51 Quadrillion years (!)

NOT PROTECTIVELY MARKED

Cloned Website

NOT PROTECTIVELY MARKED

Original Website

Questions?