Sunday 27 November 2016 7:59 pm

Why more training is needed to prepare for increasing cyber attacks

By: Mark O’Halloran

Share

• Share on Facebook
• Share on Twitter
• Share on LinkedIn
• Share on WhatsApp
• Share on Email

We've probably all received those emails, apparently from a bank, asking us to check our account by logging into it. Those kinds of emails are sent out on a massive scale so that, randomly, some are received by the bank's actual customers.

If you're not a customer, it’s easy to spot them for what they are.

A more targeted approach is known as spear-phishing where the hacker sends an email which appears to come from, say, your IT department asking you to confirm your log in details.

Depending on how much personal information about you is available online – particularly on social media – you might even receive an email which appears to be from one of your close friends, talking about an event you are both due to attend, with a link to funny story. A link that, unfortunately, allows a virus to be downloaded onto your computer or directly into your company systems.

Read more: The dark side of hacking is eating up cyber-security talent

It's all so easy to fall for, especially when you're busy at work.

Attacks are definitely increasing but not just because hackers are getting more sophisticated. The really clever hackers use automated, intelligent software  – so-called 'bots' – to trawl the internet.

These bots glean information from public sources, including social networks and a company’s own website, to generate spear-phishing emails.

However, hackers don’t need to be brilliant programmers themselves.

There are many software tools, freely available, to allow someone with only modest coding skills to create a piece of malware, launch a denial of service attack and, indeed, to create spear-phishing bots.

Read more: Boards in denial over cyber risk, as bosses keen to pass the buck

It's even possible these days to 'rent' a network of infected computers to carry out attacks, so even wannabe cybercriminals with no coding skills can get in on the action.

So, what does this mean for employers? Simply put, they need to get to grips with each of the three pillars of cyber security: people, process and technology.

Many companies appreciate the need to keep their anti-virus software up to date, and to require staff to carry out checks before sending out money or providing sensitive information. However, where they need to invest more is in training their staff generally to be aware of cyber risks.

It’s a shame to say it, but the companies which expect to be on the receiving end of cyber-attacks are the most likely to be able to withstand them.