Jason Fry, cyber security specialist at PAV IT Services says that he is not convinced that companies that have suffered cyber attacks would be open and honest about it, through fear of criticism.
‘However, this is the only way companies will learn, benefit and ultimately reduce the likelihood of an attack,’ he says.
Cyber crime has remained a taboo subject among businesses with many fearing reproach from existing clients or new customers in the event they reveal they have been exposed to security breaches, Fry adds.
‘Unfortunately the fraudsters are always one step ahead, so developing a ‘cybersecurity business network’ to share knowledge and experiences of techniques and scams would only prove advantageous in addressing the numerous cyber threats facing companies today.
Robert Schifreen is a former UK-based computer hacker who was arrested in 1985 for breaching computers at British Telecom. He now runs a security awareness training programme called SecuritySmart.co.uk. He says, ‘Certainly there have been huge advances in the ways attacks are carried out and the methods that are adopted by cyber criminals.
‘These days we see more and more sophisticated methods being put in to practice that are scarily ‘real’ to the target, such as a combination of social engineering and ‘vishing’ (fraudulent phone calls that appear to come from trusted sources). Lack of awareness, not just among business owners but their employees as well, is a huge part of the problem.’
In 2013 the Home Office launched Cyber Aware – a campaign to help drive behaviour change amongst businesses and individuals and encourage them to adopt simple secure online behaviours such as using strong ‘phrase based’ passwords and downloading the latest software updates.
Fry says that getting the basics right is absolutely fundamental to improving online security across the board.
‘I wholeheartedly support the campaign and the government’s investment, however, not enough information is getting through to companies and more needs to be done to drive greater awareness of the tactics being used.
‘A secure and authenticated forum where business leaders could chat anonymously would be one example of how companies could share knowledge without fully exposing themselves. Until companies are willing to discuss cyber attacks openly the fraudsters will continue to have the upper hand.’