Examples of Everyday Cyber Threats & Data Losses Affecting UK Businesses
Whilst the news channels and other media are seemingly reporting details of new cyber threats on a weekly basis, many of the companies highlighted appear worlds apart from most businesses.
The reality is it is the small to mid-sized companies without the huge IT resources that are in the majority of those coming under threat and being targeted by cyber criminals.
Most of these unreported incidents, whilst having a large financial impact on the business, are simply not interesting enough to journalists to make it into the news. Although not making the news is fortunate for those involved it hides the real issue and impact of cyber threats from other businesses such as yours.
The following examples will hopefully highlight the fact that no business is immune from the impact of cyber threats, data losses and breaches.
Change of Bank Details – Potential Loss of £40,000
In May 2014 a company computer system was hacked into, providing access to the email system. Emails were then sent to suppliers advising of a change of bank details to the hacker’s account. For all intent and purpose the recipients would see a genuine email from a trusted individual within the client organisation and not necessarily question it until it was too late.
Fortunately, on this occasion, the recipient of the email had the presence of mind to contact the customer to double check the details, just prior to making a payment of £40,000 to them. The police were informed and further enquiries instigated.
Theft of Laptop From Occupied Vehicle – Fine of £5,000 (reduced from £70,000)
In August 2012 the owner of a transport company was the victim of a theft from the vehicle in which he was stationary at a junction. The thief simply reached through an open window and made off with the owner’s briefcase.
Unfortunately, the briefcase contained a hard-drive with the personal details of 250 clients, including dates of birth and passport numbers. Although the hard-drive was password protected the actual data was not encrypted in anyway.
The loss was voluntarily reported to the Information Commissioner’s Office (ICO) who considered that the company had failed to take the appropriate measures to protect the data and that the people about whom the information was stored could potentially suffer substantial distress from this data now being in the hands of unknown person(s).
The company were fined £5,000, which was actually reduced from £70,000, on the basis the company had voluntarily notified the Information Commissioner’s Office of the incident.
Bakery Business Loses £20,000 in Malware Attack
In June 2014 a bakery firm was the victim of a £20,000 loss through malware that was unintentionally installed on a company computer by a member of staff. The staff member had clicked on a link in a fraudulent email that looked like it came from their regular bank.
On clicking on the link the malware was installed on the computer which then gave the hackers the immediate ability to access to the company bank account resulting in a loss to the company of £20,000.
Estate Agent “Outed” by Information Commissioner’s Office for Potential Customer ID Theft from Exposed Paperwork
It is not just viruses, hacking and malicious attacks that businesses should be mindful of. In August 2014 the Information Commissioner’s Office served a London estate agent with a commitment order which was made public after it was found the company had continually left paperwork containing customer data exposed to others outside of their offices.
The paperwork in question had been left in transparent plastic bags outside their premises awaiting collection for disposal on repeated occasions over a 3 month period.
Despite being warned about the breach in December 2013 it was found staff were still doing the same thing the following March. The paperwork included copies of customer passports and previous tax payments. This would easily allow someone, in the know, to be able to commit identify theft from the information that was exposed.
The estate agents were publicly named and shamed by the Information Commissioner’s Office which, in turn, was shared by others through social media channels with the potential for significant impact on their business.
Wirral Manufacturer Victim of £100,000 Malware Attack
A Wirral based manufacturer was targeted by a scam which meant that a malware programme opened up a fake version of the company’s online banking system.
When the company’s financial controller logged into what she thought was the usual online system she was told to enter her ‘Smartcard PIN’. Having entered it once, a message came up to say she had entered it incorrectly and requested it again.
Within three minutes, two transactions had been made – $30,000 to an account in Ukraine and another €100,000 to an account in Cyprus (equivalent to about £100,000 in total).
The company finally managed to argue the case with their bank that they had been victim of cyber fraud but it took them four months to get the money back into their account.
These examples of cyber threats and data losses were included in our newly published guide to Understanding Cyber Crime & Data Loss Risks. If you would like to learn more about cyber threats and data loss risks, including how cyber insurance can help protect your business, simply click the button on the image below.