Join our Brexit workshop in collaboration with DCMS.
The event saw clients from a wide range of companies attend to see the Head Of Cybercrime at GCHQ hold talks about the four Ps, Prevent, Protect, Prepare, Pursue. Working closely with the NCA, who were also speaking at the event, GCHQ have identified and acted upon countless threats which attack the UK on a daily basis.
Protect – means to educate people and businesses on how to reduce their risk of becoming a victim of cybercrime through resources such as Cyberstreetwise and GetSafeOnline. Constant education was a key element in which GCHQ discussed, speaking of the recent training drives which they have held.
Prevent – GCHQ are working tireless in the background to work towards preventing cyber attacks. Although there is no way that anyone could prevent and protect against 100% of attacks, it is clear to them and those within the cyber security industry that preventative measures such as those contained in CESG’s online guidance are a way to make most of the attacks unsuccessful and for the attackers to move on.
Pursue – This is where the NCA and GCHQ come into their element. Working collaboratively to close down cybercriminals, disrupt cybergangs organisation and to bring those who prey on businesses and individuals to justice. Our speaker advised of the issues that both parties face when infiltrating these gangs as at the top end, the majority are organised crime gangs. They often have a tiered process to their activities where individuals specialise in certain areas such as hosting, just as they would in the physical organised crime world. Many of these gangs are not UK based, however this does NOT mean that they do not have people who work for them wittingly or unwittingly within the UK. Due to this it is often hard to get to the kingpins, but both GCHQ and the NCA continue to work together to fragment these gangs.
Dave Cousins from the NCA was then introduced to deliver his informative and very entertaining talk about the NCAs involvement in cyber crime. Dave quickly went over what GCHQ had discussed and then went into much more detail about the individual types of attacks which the NCA have been dealing with over the previous 12 months.
A wonderfully technical talk, Dave advised about the infrastructure challenges which are faced. He informed us of CVE (Common Vulnerabilities and Exposures) and the people which work tirelessly to identify them; and the stats were quite shocking!
Hosting is an area in which the NCA are working hard to help hosting companies secure. With over 12 million websites hosted just in the UK, the possibilities for vulnerabilities being exploited is huge. There have been instances where a single website has been compromised and used as a breeding cell to send out hundreds of thousands of attacks. These attacks then look as though they are all coming from the first victims which follows into the murky waters of liability. If the first victim had the facilities to identify this breach by using the 4 Ps, damages would have been seriously reduced.
The UK is one of the best in the world for hosting however with only 0.16% of hosted websites being infected with malware as opposed to the USA with 0.68%, Japan with 4.67%, and Russia with 1.46%.
Dave finished with a lighthearted look at some of the threats the NCA are currently seeing trend. Twishing, Twitter phishing is on the rise where a company which mimics the look of say, your bank, then tweets a link for you to follow. Simple advise here – DON’T! Twitter are being very proactive with the removal of these accounts, however, if something that looks like your bank or a large company such as Paypal are tweeting they need people to log into their accounts for x,y,z, it will more than likely be a twishing attempt.
Also on the list was Bitcoin DDOS attacks which are again becoming more frequent. DD4BC et al is one of the most common types which the NCA and others have advise about online.
He then finished with what could be one of the most unnerving. You are working late and you receive an email from the big CEO asking you to wire a transfer over to one of their best clients of £XX. It is late, you don’t want to call them to verify in case they yell and tell you to get on with it. The email seems legit, its internal….you transfer it. Right into the hands of the cyber criminal. CEO Fraud is becoming more prevalent in the UK and is something all board members should be looking at teaching their staff what to look out for!
After the talks, we invited our delegates, members and speakers to join us in a meal at The Sheridan. With fire eaters, light dancers, singers and wonderful food, the feedback for the whole event from everyone involved was amazing.
We are already planning on what our next December Seminar will entail but we will firstly be organising #CSC2016, our Cyber Security Conference which will be in March next year. Don’t forget to sign up to the newsletter to hear about updates for this and also all our other events throughout the year.
Join our Brexit workshop in collaboration with DCMS.
Interested in becoming an NWCSC member? We offer 3 different levels of membership, you just need to be an SME in the North West working within a cyber security related field! Read more to find out how to register.