Focus On: Cyber Attacks and Social Engineering

Date: 31/01/2024
Author: Simon Cronin
Company: Greater Manchester Chamber of Commerce

Did you know that cyber-crime costs the UK economy nearly £4 billion per year? Recent research also shows that 32% of businesses and 24% of charities overall reported data breaches or cyber-attacks in the last 12 months. For medium and large businesses, the figure was higher at 59% and 69% respectively. The average cost to these businesses was £1,100 per incident. For SMEs, the cost was £1,400 per incident and much higher for medium and large businesses at £4,960. For charities, it was approximately £530.

Despite these alarming figures, the proportion of micro businesses saying cyber security is a high priority decreased from 80% in 2022 to 68% this year. Evidence suggests that cyber security has dropped down the priority lists for these smaller organisations, relative to wider economic concerns like inflation and uncertainty. 

Amid this growing threat of cyber-attacks, a roundtable event to raise awareness of the issue was held by Greater Manchester Chamber, British Chambers of Commerce and KnowBe4 last week.

The event explained how ‘social engineering’, where attackers use psychological manipulation to gain access to sensitive information, was one of the main tools used by online scammers. Cyber security experts explored the psychology behind social engineering and discussed the tactics attackers use to gain trust and access.

Subrah Krishnan Harihara, Deputy Director of Research and Information Systems at Greater Manchester Chamber, opened the meeting by explained how AI tools, such as Chat GPT, were making it much harder to spot fake emails as scammers could use them to produce well-written content. He also pointed out that an organisation’s security was ‘only as good as its weakest link’ – the individual user.

Javvad Malik, the Lead Security Awareness Advocate at KnowBe4, highlighted several ways in which scammers targeted businesses. He explained how an Australian hedge fund had been targeted via a scam where two directors had clicked on a link for a fake meeting, which then allowed the scammers to take their details and use them to tell the company’s finance department to transfer money. He pointed out that fraudsters have targeted every type of organisation from the police to schools.

Other scams included using national events, such as the death of the Queen, to persuade people to put their money in fake investments. Another common scam is an email purporting to come from the Chief Executive asking an employee to transfer money, which plays on the fact that people are more worried about pleasing the boss than checking if an email is genuine.

Javvad gave the following tips on how individual employees can protect themselves from such scams:

  • Cyber hygiene – using a password manager and secure wi-fi.
  • Locking your machine every time you are away from your desk.
  • Checking the strength of your passwords.

He explained how employers could improve cyber security in their business by ‘thinking like a marketeer’ and putting slogans such as ‘think before you click’ on posters and mouse mats to reinforce cyber hygiene at work. He stressed that by setting a good example, such as locking your computer, employees could set a good example that their colleagues would follow and change the corporate culture.

The presentation by Javvad was followed by a wide-ranging Question and Answer session. Many attendees shared anecdotes about cyber-attacks, such as the manufacturer whose production line was stopped for three days when its CAD (Computer Aided Design) was targeted by hackers. Others told how staff had fallen for the chief executive scam email and how finance departments were regularly sent emails pretending to be from staff asking to change their bank details.

The figures quoted in this article come from the Cyber security breaches survey 2023.