Real world cyber hacks show how cyber crime can paralyse any business.
The ways in which businesses of any size can be hit by cyber crime are countless and often confusing. Terms like ransomware, phishing, or denial of service are all types of cyber attack, but what do they actually mean in the real world? With many companies seeing a cyber attack as a faceless crime, it can be difficult to appreciate the damage that hackers can cause.
This was the challenge that specialist insurer, Hiscox, and folding bike maker, Brompton, set out to tackle. The idea was simple: pick a Brompton cycle store in the high street and build a virtually identical shop opposite that not only sold Brompton bikes, but had also ‘stolen’ the shop’s branding by calling itself ‘3rompton’. With staff and customers thrown into confusion, a number of real world cyber style attacks were then launched on the genuine Brompton store.
By bringing cyber attacks into the real world, the Brompton stunt was designed to not only bring home to every business that they could be a cyber victim at any time but also to show just how devastating the impact can be.
So how did the stunt play out?
First, the theft of Brompton’s brand identity with the ‘lookalike’ shop over the road, fooled many customers into believing they were at the genuine Brompton store. In the cyber world, this could translate as a hacker simply downloading your company’s logo and replicating your website to ‘set up shop’ and steal your customers, perhaps undertaking fraudulent transactions and harvesting sensitive data.
Next, a huge number of customers suddenly arrived at the real Brompton store, overwhelming staff and making it impossible to conduct business as usual. In the cyber world, the same effect is achieved through ‘denial of service’, where a hacker bombards a business’s website with requests until the website simply crashes, preventing any further transactions. Denial of service was mentioned by businesses in Hiscox’s 2018 Cyber Readiness Report as one of the most frequently reported types of external cyber attack.
Shut up shop
Finally, the real Brompton store was physically boarded up with signs demanding the payment of a ransom. For the cyber version, a hacker accesses a business’s systems and prevents the business from accessing their data until they pay a ransom – often demanded in Bitcoin. Ransomware lay behind 2017’s WannaCry attack which paralysed many businesses and cost the NHS an estimated £92 million.*
The result of all this chaos? Staff in the real Brompton shop became increasingly bemused and unsure what to do as first their customers were stolen, then stock was diverted to the fake store and finally their actual business was prevented from trading. It’s exactly the same effect for a business under a cyber attack; confusion, business interruption and, in the worst-case scenario, inability to trade.
Overwhelmed and paralysed
It may have been a fictitious example, but the Brompton ‘real world hack’ was an effective way of illustrating how businesses can easily be disrupted by a hack. “Many small businesses aren’t aware of the growing threat that cyber crime poses; an attack can quickly overwhelm and paralyse a business,” says Olivia Hendrick, Marketing Director at Hiscox.
A view shared by Robert Hannigan, former Director of GCHQ and Special Advisor at Hiscox, who says: “Cyber crime is one of the biggest security risks facing businesses today but many aren’t taking
it seriously and many more are underprepared. It’s a less tangible risk than burglary or a fire, which can make it hard for businesses to grasp, so bringing cyber crime to life with an exercise like this is a useful way of conveying an important message.
“The hacking techniques being simulated such as ransomware and phishing are extremely commonplace and have been for many years. At the same time, new types of cyber crime continue to emerge, which makes staying on top of cyber security an ever-evolving challenge.”
Five ways to keep safe from a cyber attack
The good news is there are some simple steps which every business can take to make a cyber attack less likely to succeed:
- Stay alert As work becomes more flexible between home and the office, ensure employees only use approved business devices and networks.
- Make it two Email accounts with only a single password are a common target. Build in another layer of protection such as a pin code.
- Share and learn The majority (two thirds) of successful cyber attacks exploit human error. Cyber awareness training at work is important to ensure staff are aware of the risks of clicking on suspect links and attachments, and practise good password management. Hiscox’s CyberClear Academy is an online interactive suite of cyber security training modules which is included as part of Hiscox’s Cyber and Data Insurance policies.
- Know the scams Recognise common frauds such as fake email accounts and requests for funds to a different bank account.
- Encrypt to protect Use a secret key to encrypt data and make it unreadable for a would-be hacker. Many devices come with encryption built-in – it just needs to be switched on.
How would your business respond?
With cyber security incidents costing the average small business £25,700 a year**, watch the film for yourself to see how the real world cyber attack played out and consider how your business would manage if it became the victim of a successful cyber attack.
*Department of Health and Social Care - Securing cyber resilience in health and care.
**Hiscox Cyber Readiness Report, 2018.
Hiscox Cyber and Data Risks Insurance is designed to support and protect your business if it experiences a data breach or is the subject of an attack by a malicious hacker that affects its computer systems. It provides comprehensive cover, simplicity, reputation protection and a trusted partner in the event of a claim. If your business is interrupted by a cyber attack or a hacker steals or takes your data hostage, cyber insurance will help you get back up and running. IoD members save 5% for the lifetime of their policy.
0800 280 0354
Find out more