Protect Your Business In An

Evolving Digital World

A non-techie guide to the risks, threats and mitigations

for businesses.
IT Lab

We believe that data is the phenomenon of our

time. It is the world’s new natural resource. It is
the new basis of competitive advantage, and it is
transforming every profession and industry. If all of
this is true – even inevitable – then cybercrime, by
definition, is the greatest threat to every profession,
every industry, every company in the world.”

- Ginni Rometty, IBM’s CEO

2
 How to Avoid Becoming a Victim of Cyber Crime

Table of
Contents

03.
Current Cyber Trends

05. 12.
Business Risks From Cyber Good Practice Cyber Protection

06. 14.
Malware How IT Lab Can Help You Avoid
Becoming A Victim of Cyber Crime

07.
Protecting Against Malware 15.
Addressing Cyber Security Risks

09.
Social Engineering 16.
Elements Of The Managed
Assurance Service

03
IT Lab

Current
Cyber Trends
All businesses rely on the internet; it is core to how most businesses
engage with customers, partners, employees and suppliers. However, it’s
important to remain aware of the risks, as well as the opportunities, that
are presented by this connectivity.

Computer systems in businesses of all sizes are attacked thousands

of times a day across the globe. The nature of the threat we all face is
significant, growing and increasingly diverse. This means that it’s likely that
some attacks will get through. At IT Lab - incorporating Perspective Risk, we
help to manage and mitigate the impact of those attacks.

In 2017, we have seen the continued The most common types of

evolution of ransomware with breaches related to staff receiving
WannaCry grabbing headlines fraudulent emails (72% of those
after affecting a number of who identified a breach or attack),
networks in the UK and parts followed by viruses and malware
of the NHS. NotPetya was able (33%), people impersonating the
to cause significant financial organisation online (27%) and
losses across the globe affecting ransomware (17%).
companies ranging from shipping
The UK is facing an exponentially
and oil, to pharmaceuticals. Data
increasing epidemic of
breaches resulting from hacks
cyber-crime. The increase in
and exploitation of vulnerabilities
capability and diversity of threat
has also increased; 189M voter
actors, coupled with chronic
records exposed in the US, political
underreporting, is enabling the
campaigns hacked and 140M
criminal practices to thrive. At
personal records exposed in the
IT Lab, we are committed to
Equifax breach.
protecting businesses from the
This increasingly complex landscape evolving cyber threat; we hope
of attacks, data theft, influence this document provides useful
operations and ransom demands insight and tips to help you to
has become normal in 2017 and will start to manage your personal and
continue to evolve. In the UK 66% business cyber risk.
of medium and large UK businesses
identified at least one breach or
Michael Bateman
attack in the last year.
Director of Cyber Services

04
 How to Avoid Becoming a Victim of Cyber Crime

PROPORTION OF BUSINESSES THAT HAVE HAD BREACHES IN THE LAST 12 MONTHS?

Overall Among micro Among small Among medium Among large

firms firms firms firms

24% 17% 33% 51% 65%

% Experiencing a cyber security breach or attack in the last 12 months

APPROXIMATELY HOW OFTEN IN THE LAST 12 MONTHS DID YOU EXPERIENCE

CYBER SECURITY BREACHES OR ATTACKS?

% Only once % Less than % Once a month

once a month

% Once a day % Once a week % Several times a day

% Don’t know

1
4 1
6 6
3 3
6
16

All UK Large
Businesses Firms

36 51 25 48

Cyber Security Breaches Survey 2016, Department for Culture, Media & Sport

05
IT Lab

Business Risks
From Cyber
Businesses in all sectors are at risk from cyber-crime. Whereas traditionally
assessing the cyber risk to an organisation may have been the preserve
of Government and large Financial Institutions, this is no longer the case.
Businesses that find themselves in the supply chain of larger organisations,
legal firms and professional services firms, where businesses have access
to other firms’ data, processes and systems, are all increasingly coming
under attack this list is however by no means exhaustive.

What is As a business your money, your reputation, your data, your intellectual
at risk? property and your IT equipment and systems are all at constant risk.
This can be systems that interact with customers, such as websites and
payment systems, but can also be internal systems and files

Who poses There are a range of threat actors that may wish to target all or elements of
a threat? your business, these include:

Criminals Staff Competitors

Hackers Terrorists Nation States

06
 How to Avoid Becoming a Victim of Cyber Crime

Malware

The term malware refers to malicious software. Software, that operates as

malware, is designed to gain unauthorised access to devices or networks,
and either disrupt their operation or gather information from them.

Infection from malware can come from a range of sources. These include:

1. Contaminated email attachments

2. Infected websites, apps and adverts
3. Files stored on external devices such as mobile phones,
computers and USB drives

Types of SPYWARE
Malware This type of malware is designed to steal information about your activity
on a computer or other device. It is capable of a range of functions
including screenshots, taking over cameras and microphones and
recording key strokes. This enables criminals to gain information they can
use, such as internet banking passwords.

RANSOMWARE
This is a form of malware specifically targeted with denying access to files
and data. It is often very easy to be tricked into opening an email or file
that contains ransomware, which can result in all of your files becoming
unusable. Once the files become locked, the criminals contact the victim
asking them to pay a fee (ransom), to regain access to the files or data.
Payment is often by a hard to trace route, such as Bitcoin.

VIRUS/WORM
Both viruses and worms infect host systems and then spread to
infect others. Once on a system they insert copies of themselves into
programmes and files. They can also carry other things with them
(payloads), designed to perform harmful activity on the systems they
infect. This type of malware can cause rapid, widespread damage. For
example, worms can enable attackers to create a group of hijacked
machines called a botnet. This can then be used to carry out further
attacks, such as distributed denial of service (DDoS) attacks.

07
IT Lab

Protecting Against
Malware
Antivirus software should be installed on all computers, devices and
servers. It will monitor, and often remove, malware when it’s detected and
will also often repair damage that may have been caused. It is imperative
that antivirus software is kept up to date, this may be called ‘updating’ or
‘patching’. Making sure that the latest version is installed will ensure that
you are protected against the most newly developed malware variants.

USE A FIREWALL
A firewall is designed to provide protection between interconnecting
networks of computers. It controls the traffic that enters and leaves a
network and can be used to set up rules that allow or don’t allow specific
types of traffic to come through. The most common use of firewalls is
to create a protective barrier between a business network or trusted
environment and the internet or untrusted environment.

BACK UP
It is important to ensure that backups of corporate or important data
happen regularly. There are many different ways to back-up data
including cloud storage, external hard drives and tapes. However back-
ups occur, they should be checked to ensure they are working and be
encrypted to ensure they are safe and protected.

CONTROL DEVICES
Restricting what devices are able to connect with and connect to can
prevent malware from entering and spreading between computers
or networks. Stopping computers being able to have USB devices or
connect to smart phones may reduce the chance of malware entering
the computer, but it’s always important to consider the user experience
and how users will go about their work. As a principle, restrict all devices
to be able to do the minimum needed to be able to carry out business.
This is helpful in reducing the potential for devices to have impact when
compromised with malware.

08
How to Avoid Becoming a Victim of Cyber Crime

- BE CAREFUL FOLLOWING LINKS

- BE CAREFUL OPENING
ATTACHMENTS
- DON’T CLICK ON ADVERTS
- IF IT’S STRANGE – REPORT IT

09
IT Lab

Social
Engineering
Phishing When fraudsters and criminals are trying to socially engineer, it means
they are trying to trick people into assisting with their criminal activity.
Cyber criminals are increasingly using a number of techniques to trick
users into sharing information, unknowingly granting access to systems
and networks, and sometime tricking people into sending money to those
who shouldn’t receive it.

A B C
Not an Amazon email Generic non- Hovering over the
address (note the personalised greeting link reveals it points
missing A in ‘Amazon’) to a non-Amazon
site “https://redirect-
kereskedj.com”

10
 How to Avoid Becoming a Victim of Cyber Crime

Spear- Spearphishing is a more direct and targeted form of phishing. As with

phishing Phishing above, cyber criminals will send emails, however they will be
specifically targeted at a person and the apparent ‘sender’ is likely to be
someone the recipient knows.

11
IT Lab

Protecting CHECK THE EMAIL ADDRESS

against social Check that the address isn’t appearing as a different address. You can
engineering hover over the email address to see the real sender’s address, although
attacks this can be disabled. Checking the header of the email will also show the
true sender’s address.

CHECK REQUESTS
It is rare for organisations to request personal information or login
information via email. Should a request be made, don’t reply to the email,
find a known route to contact the organisation to check before sending;
this could be an online portal or a phone number that is on a letter, their
own website or an internet search.

VERIFY IF CHANGES ARE NEEDED OR PAYMENTS NEED

TO OCCUR
As with personal details and login information, check with a specific
person within the organisation requesting the payment before
transferring any funds. This should also be done using established or
trusted contact details, not by replying to the email you have received,
even if it looks convincing.

Continuing to OUR ADVICE

protect your • Always change default passwords
organisation • Consider user secure password-saving technology
from
• Only ask users to re-set passwords when there is a suspicion of
compromise
compromise (i.e. not every 6 weeks)

• Do not select passwords that are easy to guess, or that may

be common

• Select passwords that combine a number of short random words or a

phrase, as these are often easier to remember

• Set up accounts to lock when there have been multiple attempted

failed logins.

Be Wi-Fi aware Wi-Fi that is publicly available can be a quick and useful solution when
travelling or away from work or home. However, not all connections are
secure and cyber criminals may be attempting to intercept your data.

12
 How to Avoid Becoming a Victim of Cyber Crime

Good Practice
Cyber Protection
Have a cyber IT Lab can support you in establishing the business risk of cyber, the
strategy & a risk current posture of your estate and the gaps or vulnerabilities you
management may have. Once established, IT Lab can help you to pro-actively plan,
to continuously monitor and ensure your organisation has a robust
scheme approach to dealing with the risks that we all face in a fast evolving
world. When assessing your risk management regime and associated
mitigations, considering the following security areas can help to achieve
adequate defences for your organisation.

NETWORK SECURITY
Although not the entire answer to security and protection, it is important
to defend the network perimeter, filter unauthorised access or attempted
access, and malicious content. Continually monitor devices and test
security controls.

USER EDUCATION
Ensuring all users are aware of cyber threats and how to prevent them
can be a huge advantage in tackling cyber criminals. Produce user
security policies covering use of systems. Train staff on how to act if they
are suspicious and how to use systems and tools. Continually maintain
awareness of the cyber risks your organisation faces.

MALWARE PREVENTION
As we have visited previously, take steps to prevent malware and
include anti-malware defences. Continually ensure devices and software
are up to date.

13
IT Lab

SECURE CONFIGURATION
Create an inventory of systems and devices. When managing devices
define a baseline build for all types of devices and ensure it is followed
and updated. Continually apply security patches and ensure configuration
and updates are maintained.

MANAGING PRIVILEGES
When creating and administering users, limit user privileges to the
minimum required set and monitor user activity. Control access to the
activity and audit logs. Limit the number of privileged accounts and
consider using tools for management of this type of access, in tandem
with effective management processes.

INCIDENT MANAGEMENT AND RESPONSE

Establish management processes and ownership of incident
identification, escalation and management. Implement an incident
response and disaster recovery capability. Continually test incident
management plans to ensure they remain effective.

MONITORING
Establish a monitoring strategy and generate supporting policies and
guidance. Implement a monitoring capability or capabilities. Continually
monitor all systems and networks, and analyse logs and events for
evidence of attack.

HOME AND MOBILE WORKING

As described in secure configuration, ensure the baseline build is applied
to all devices and that the devices can be managed. Protect and encrypt
data in transit and at rest. Train staff to adhere to the mobile working
policy, whilst providing them with technology that appropriately mitigates
the risks.

14
 How to Avoid Becoming a Victim of Cyber Crime

How IT Lab can help you

avoid becoming a victim
of cyber crime
IT Lab provides the necessary capabilities to deliver flexible yet comprehensive cyber risk
management for your business.

ASSESS
Understand the evolving threats
your organisation faces

ASSURE
Gain assurance that your
organisation is managing risk
appropriately

PROTECT
Actively protect and maintain
secure IT operations

RESPOND
When incidents occur investigate
and mitigate swiftly

15
IT Lab

Addressing Cyber
Security Risks
WHAT IS THE SITUATION?
Organisations are increasingly exposed to the changing and pervasive
landscape of cyber threats

WHAT ARE THE CHALLENGES BEING FACED?

Lack of understanding Cyber security has Increasing complexity Uncertainty where

and capability within often not had focus in range of systems to start and what an
organisations to be and it is assumed that and devices, along with appropriate level of
able to assess risks and it’s being done (e.g. by IT increased connectivity cyber assessment and
current posture provider/team) to other services and assurance is (both effort
third parties and cost)

WHAT ARE THE CYBER PRODUCTS?

Cyber Risk Assessment/Due

Diligence

Managed Assurance Service

Targeted Penetration Tests
Monitoring and Security
Operations Centre

WHAT WILL WE DO?

Cyber Risk Assessment to Phased technical assessment Penetration testing on

give overview of likely risk and testing to establish level specific high risk targets
• of ‘Cyber Hygiene’ within the •
Open Source Intelligence environment Security Operations Centre
Assessment to give an • Service (SOC)
overview of external footprint Phased Social Engineering
on the internet testing to establish people
centric risks
•
Training of users to highlight
risks and importance of
security

16
 How to Avoid Becoming a Victim of Cyber Crime

Elements of the Managed

Assurance Service

OPEN SOURCE SOCIAL ONLINE USER

REPORTING ENGINEERING TRAINING

An Intelligence report Mock Phishing campaigns We will set up a specific

specific to your to target all staff. This instance of our training
organisation to assess includes the execution platform for your people
what information is of phishing campaign(s) to use. This will enable
available and how hackers of varying sophistication continuous training using
view this information. We to assess the level of risk highly interactive content
also assess the risks that posed by your people. and quiz questions.
the data could expose
We also carry out a
you to and the ways in
physical social engineering
which it could be used to
attack where we attempt
technically exploit your
to gain access to your
systems and your people.
office/buildings.

CYBER RISK
DUE DILIGENCE HEALTH CHECK & VULNERABILITY
ASSESSMENT CYBER ESSENTIALS SCANNING

Assessment of the cyber Quarterly assessment of a Continued scanning

risks faced by your technical control area from of elements of your
organisation through Cyber Essentials PLUS. infrastructure will enable
interrogation of the polices This covers boundaries, us to assess possible
and procedures you patching, configuration, vulnerabilities that could
currently have in place access control and malware be exploited over the
to provide a baseline for testing. This is carried internet. Specific elements
further development out through technical of scanning or testing will
and improvement. This assessment of elements also be carried during
is carried out through of infrastructure. We will the Cyber Health Check
interviewing and a review also carry out a formal CE+ and Cyber Essentials
of current procedures. assessment towards the Certification process.
end of the year.

17
IT Lab

Even though we take security seriously, the

additional operational capability that we now have
through the IT Lab Cyber Team helps us to protect
ourselves as fully as we now need to”

IT Lab Client - Financial Services

18
IT Lab How to Avoid Becoming a Victim of Cyber Crime

GET IN
TOUCH...
hello@itlab.com

0333 241 7689

www.itlab.com

The output was very insightful, we

were impressed at the things they
could find both about our technology
and how our people use the internet.”

IT Lab Client - Professional Services

We got to see gaps in many aspects

of our security - our buildings, our
people, our presence on the internet
and the IT systems and apps we use”

IT Lab Client - Hospitality

19
London
1 East Poultry Avenue
London
EC1A 9PT

Manchester
Riverside, Agecroft Road
Manchester
M27 8SJ

www.itlab.com

©2017 IT Lab