Cyber Security

MoD cyber crime warning to SMEs: ‘They’re out to get you’

Hackers, extortionists and other cyber criminals are a threat to organisations of all sizes, but are especially so for small and medium-sized businesses (SMEs), which are often seen as insecure, easy targets.

That’s what a representative from the Ministry of Defence (MoD) – who wishes to remain anonymous – told a gathering of SME owners and cyber security experts at an event held at Coventry University.
The event, entitled “The Cyber Security Problem and why SMEs have a Critical Role to Play”, was organised by Dr Siraj Shaikh, cyber security researcher and leader of the university’s ethical hacking course and brought some eye-opening warnings to the SMEs gathered in the TechnoCentre (pictured).

“There’s a threat; they really are out to get you. We know they’re out to get you, we really, really, really do know that they’re out to get you. We have been there, seen it, watched what’s coming out of the networks,” said the MoD representative, who described the cyber threat as “astonishing, with industrial-scale processes involving many thousands of people behind state-sponsored espionage and organised crime.”

“If you work in the defence area, that is what’s out there trying to get into your system,” said the spokesman, who referenced a National Audit Office report that put the cost of cyber crime to the UK as anything from £18bn to £27bn per year.

“So picture in your mind what you imagine an astonishing industrial-scale cyber intelligence operation looks like. What do you imagine an astonishing industrial-scale organised crime operation looks like? That’s what’s trying to get into your systems,” he added, in an effort to get members of the audience – many of whom knew little about IT – to grasp the cyber threats they face on a daily basis.
The MoD representative also warned that to cyber criminals, SMEs were just a commodity, and if hackers have a desire to steal information, it’s no skin of their nose if a data breach meant the end of a small organisation.

“Your business to them is expendable, they just want the information you have. You could be on their shopping list: the intellectual property that’s the lifeblood of the business, they want that. They want the MoD’s information,” he said.

According to the MoD, cyber criminals specialising in extortion also represent a particular threat to SMEs, with ransomware – a type of malware that locks the users’ network until they pay hackers to remove it – a danger for many small businesses.

“The UK National Crime Agency says a fresh round of ransomware spam posing as bank notices are being sent out, with small and medium-sized businesses targeted in particular,” he said.

“If one of the people in your business opens the ransomware – in an email that’s targeted at them for instance – the ransomeware gets into your system and locks down the data on the network and in your storage connected to the network,” he continued, adding that some cyber criminal organisations were so “professional” that they have helpdesks in order to provide assistance to those who’ve paid the ransom.

“You can’t get to your data anymore and you have to pay money to get it back from these guys who, some of them, do have helpdesks – they’re that organised.”

“You’re in dodgy territory if you leave yourself exposed to that and you are exposed to that,” the MoD spokesman added, before suggesting that SMEs are often seen as an easy way into larger, more secure organisations with information cyber criminals really want to get their hands on.

“Cyber attacks come through the soft underbelly of the sub contractors with their insecure ICT systems. It is a significant problem and it isn’t just your own companies you’ll expose, but everyone you’re dealing with, you’re all connected,” he said.

Speaking to Computing following the talk, the MoD spokesman said the majority of organisations can protect themselves from most attacks byfollowing 10 simple steps laid out in government issued documentation.

“Prepare ways you can look after your data so attackers won’t put you out of business and keep a backup offline,” he suggested.


This article originally appeared here and has been re-published with consent.



Coventry University