threat management

  • If economic uncertainty following the Brexit vote created a nest for cyber-fraud, then Thursday’s High Court decision requiring Parliament approval to trigger Article 50 – and thus creating further uncertainty – only enhances the breeding ground.

    According to forensic experts, fraudsters concoct scenarios which convince senior managers and owners of companies to hand over monies often in excess of £100k.

    The immediate aftermath of June’s Brexit vote had the effect of driving more businesses to try non-traditional methods of raising capital. Particular sectors, such as shipping and off-shore haulage, appear to be ripe for targeting by fraudsters.

    UK authorities are currently working on a number of fraud cases valued at more than £100 million each, and they were also carefully watching the healthcare sector where incidents of fraud are rising sharply. Entwined with this, was the recent state-sponsored hacking of medical data belonging to UK athletes which has caused a stir and led to internal soul-searching. This has coincided with the recent announcement by Chancellor Philip Hammond that £2bn will be invested into tackling cyber crime.

    But that was before Thursday’s announcement.

    Amongst competition that becomes increasingly desperate, it can become much easier for the fraudsters to simply blend in amongst genuine businesses and bide their time. This is nothing new.

    It has been said by some experts, that transparent data sharing across the globe between businesses will help to cultivate a system of check to help create accurate patterns to be used by the authorities in tackling the fraud. But what is the commercial reality of this, when businesses are already scrabbling around in a state of Brexit-induced flux? 

    While we watch and wait with anticipation at the political ponderings of the establishment, and where we go with Brexit, hard or soft, the fraudsters will continue to have the upper-hand.

     

    Aaron Pearson – 04.11.16

  • Fraud

    Industry group, UK Finance have discovered that customers of UK banks have had more than £500m stolen from their accounts at the start of this year. This consisted of £358m being lost to unauthorised fraud and £145m being obtained through authorised push payment (APP) scams. The difference being banks usually refund unauthorised fraud victims, whereas APP victims are rarely refunded.

    At the start of 2017, APP scams hit a total of £101m, and this number has now shown an increase of £44m, since four more banks reported fraud data.

    UK Finance’s managing director for economic crime, Katy Worobec discussed how the new figures highlighted fraud as a top “major threat” in the UK. She also stated that the money obtained from bank accounts are used to fund terrorism, people smuggling and drug trafficking.”

  • According to a recent YouGov poll, almost 2/3rds of UK businesses are unaware of the sanctions they could face after next year's GDPR comes into place, with fines of up to20m for the the biggest companies.

    A startling 62% of businesses surveyed had not even heard of the GDPR.

    Currently, UK businesses can be fined up to £500,000 for a breach of data protection. Next year, from 25 May 2018, this will jump to either20m or 4% of the company's global turnover. A fifth of those companies surveyed conceded the possible impacts of the fines would push them out of business.

    Despite some businesses being aware there were upcoming changes, very few knew the scale of the fines. Unsurprisingly, the majority were smaller businesses, with just 22% having heard of the rules, whereas 43% of medium-sized and 56% large businesses had so.

    Staggeringly, nearly half (57%) of financial services companies knew of the changes. Media and marketing came bottom of the list.

    While the topic has been very much in the public domain, nearly a quarter of the businesses surveyed said they would probably not even know when a data breach occurred.

    They need to learn. And quickly. Last year, the number of fines for data breaches almost doubled, and jumped from £541,000 to an eye-watering £3.2m. These will undoubtedly rise after the implementation of the new rules next Summer.

    Businesses need to be clear about how data is collected and stored, and a breach must be reported to the Information Commissioner's Office (ICO) within 3 days.

    Finally, it is important that British businesses understand that, while “Brexit means Brexit”, Brexit does not mean the compliance with the Brussels-enforced GDPR can stop. This is happening.

    For further advice and guidance contact Aaron Pearson on 0151 659 1070 or This email address is being protected from spambots. You need JavaScript enabled to view it. 

     

     

  • Cyber Insurance

    How much Cyber Insurance is enough? If, like us, you think that paying more will guarantee greater safety then you may well be right.

    I put an emphasis on may, because cyber coverage is still largely unknown by consumers and difficult to place by underwriters.

    If, as an organisation, you do not know how to identify your own threat risks, then can you really trust your insurers?

    Broadly-speaking, there are three broad areas most companies would consider cyber insurance for:

  • Manufacturing industry cyber crime

    Recently, cyber criminals have become more focused on intellectual property due to its prolonged benefits, resulting in them targeting industries such as the manufacturing sector, which is the third most targeted industry for cyber-crime.

    The manufacturing industry is also not obligated to report breaches unlike the healthcare, financial, and retail sectors, therefore it is possible that there are a lot of cyber-attacks that have gone unreported, which potentially increases the risk of cyber-crime

    Manufacturing organisations usually receive correspondence containing confidential information such as contracts, patents, drawings and additional private content, which must be protected. The problem is that a lot of manufacturing companies underestimate the threat of cyber-attacks, and therefore do not implement the necessary cyber security and protection that is necessary to safeguard their confidential information.

  • NIS DIRECTIVE The Network and Information Security (NIS) Directive is intended to create a base level of security for organisations that are operating essential services within the EU. 

    The legislation came in on 6 July 2016 and became enforceable from 10 May 2018. The main sectors covered are energy providers, transport, banking, financial services infrastructure, health, water and digital infrastructure providers. 

    Organisations who operate within these sectors are termed “operators of essential services” and must implement the provisions of the directive to form the required base level of security for those services.

  • One question that continues to be asked is whether there is any kind of check list out there to ensure your software is GDPR compliant.

    It is not so much the software but rather, the organisation that needs to be compliant. Software systems can be improved to help the process, but most of the changes have to be in people and processes. Begin by looking at the Information Commissioners Office's 12-step plan which will help you establish a framework from which to begin, Next, conduct a data inventory and audit to see where personal data is located, processed, stored or transmitted will set you on the right road.

    Further steps can be found at:

    https://www.lepide.com/blog/the-lepide-checklist-for-gdpr-compliance/

    http://expert-advice.org/security/things-you-should-know-about-governance-and-management-system-for-gdpr-compliance/

    https://www.totalprogrammecontrol.com/gdpr.php

Make a free enquiry, call now

0151 659 1070




Please let us know your name.



Please enter a valid telephone number



Please let us know your email address.



Please let us know your message.

Please tick the box below

Invalid Input

Invalid Input
I understand that by submitting my query to you, my personal data (name, email address and contact number) will be processed by you in order to contact me and assist me with my query. I confirm I have read and understood the Privacy Notice and I consent to you processing my data for the purpose of contacting me to assist me with my query.




How can we help you?

To find how our friendly and knowledgeable solicitors can help you, contact us today.

Make a free enquiry - Call now - 0151 659 1070