Scotland Yard is warning of the stark reality that Londoners are losing on average £26 million a month due to cyber fraud and attacks on businesses and individuals. It noted that 3,500 people become victims of phishing emails, malware and ransomware each month, highlighting that employees are often targeted to infiltrate businesses and get around corporate security controls.
Detective Chief Superintendent Mick Gallagher, head of the Met’s Organised Crime Command, told the London Evening Standard: “We accept organisations and the public generally have the technology and correct processes but it is people that are vulnerable. What we are finding is that people are vulnerable through a lack of understanding of the cyber threat.”
Despite acknowledging that people are the weakest link and that cyber criminals are clearly taking advantage of this, further research showed that less than 20% of London businesses had provided training to staff to help make them aware of cyber threats. Training is something that can be relatively easily addressed within enterprise and Scotland Yard has even come up with its own exercise to help achieve better security awareness.
Yet, in addition to traditional training routes, it is equally important that organizations are investing in the right controls to protect their sensitive data. While in fact research from the Met’s Falcon cyber crime unit showed that 89% of firms had firewalls installed, we know there are simple ways around these figurative road blocks for cyber criminals. And once they are inside the corporate network, what then?
This latest news is a harsh reminder that security technology can fail and should not be the “be all and end all” for organizations to reach the panacea of “secure”. It is also a reminder that protecting data itself is of vital importance. After all, cyber criminals are getting in to companies – they are successful in their nefarious activities and infiltrating corporate data. It is clear that £26 million per month is not an amount to be taken lightly. Industry has to get better at segmenting and layering security measures to make sure that this figure starts to take a downward turn and businesses stop footing the bill for cyber crime.