91% of cyber-attacks still start with a phishing email ¬– a fraudulent email designed to obtain sensitive information, deliver malware or extract payment ¬– and they are becoming increasingly targeted, sophisticated, and harder to detect, according to Roddy Priestley, Director of Cyber Security at global risk management consultancy, S-RM.
“We have seen a shift in the way that hackers approach an attack. They are patient and persistent in their approach to stealing data.”
“They build a profile around a target, looking at social media, the news and information on Companies House to understand their working and personal habits,” he told delegates at our 2019 Next Generation Seminar, hosted by Matthew Fleming, Head of Succession and Governance. The seminar – focused mainly on family, communication and governance - takes the opportunity to engage with the next generation of our client families and open their minds to the challenges and responsibilities they are likely to face, including the more practical issues surrounding wealth.
A successful phishing email is unobtrusive, authoritative, and appears to come from a reputable source. Often hackers will instil a sense of urgency in order to prompt their target to act. “We want to lift the veil on how a hacker thinks and understand the psychological tools they might look to exploit their victims sensitivities” explained Roddy.
“Understanding what they are trying to achieve at each stage of the cyber-attack will ultimately reduce risk.”
Roddy brought one of S-RM’s team of ‘ethical hackers’ with him, James Jackson. It is James’s job is to legally exploit vulnerabilities in systems for businesses and private clients, then recommend taking remedial measures to prevent cyber-attacks. During the seminar, James carried out a live hack, demonstrating to guests the process of information gathering and highlighting the level of sophistication a phishing attack requires.
Roddy added, “It is effectively impossible to be 100 per cent secure. We don’t talk about how to make things impenetrable, but how to make the level of sophistication and resources required by the hacker so high that you will not be a target.”
People are inherently trusting, explained Roddy, so a healthy dose of scepticism is a good thing when protecting yourself against cybercrime. He offered some simple tips: be wary if someone contacts you unexpectedly, don’t be pressurised into taking urgent action or giving confidential information. Be vigilant with security, setting up encrypted passwords and multi-factor authentication will deter hackers. “There are often tell-tale signs and common methodology behind attacks. At each stage there are things you can do to defend yourself,” said Roddy. In short, he warned: “Be suspicious.”