1.3 Cyber security attacks and phishing
Britain is being targeted by many thousands of cyber attacks every hour. For small organisations the worst breaches cost between £65,000 and £115,000 on average and for large organisations may run to many millions of pounds. These costs can occur as direct financial losses due to fraud or theft; the loss of productivity due to time spent recovering from the effects of a successful attack; or the lost of trust and reputation.
It may be surprising that many cyber security breaches do not result from technical failures. In fact, it is commonplace for attackers to exploit the goodwill and trust of people to gain access to systems, using a form of attack that is known as ‘social engineering’. Pretending to be technical support personnel or crafting emails that ask for usernames and passwords are common forms of social engineering attacks. You may have heard the term ‘phishing’ used to describe these kinds of emails. Phishing is a form of social engineering. In the video, course guide Cory explains how it happened to him.
Phishing emails can use your real details and passwords to make you think that the attacker is a real contact that you already know, or to make you think that they have more information than they actually do to panic you into clicking on a message. The criminals get your email address and password data etc. from breaches of many online databases.
In October 2019, over 30,000 aggressive phishing emails an hour were being sent out to email addresses where a password was known: https://www.bbc.co.uk/ news/ technology-50065713 [Tip: hold Ctrl and click a link to open it in a new tab. (Hide tip)]
In January 2019, Troy Hunt, a security professional, published details of a database being used by criminals that contained 773 million records and over 21 million unique passwords.
To check if your account has been part of a data breach that included your email address visit https://haveibeenpwned.com. To check if a password that you use has also been found in a data breach visit https://haveibeenpwned.com/ Passwords. Don’t type in a complete password to start with. Type in the first few characters and click ‘pwned?’ If it doesn’t come up, your password is safe. If it does get a match, add the next character and check again. If you have typed in the complete password and get a match it is time to change your password!
Of interest, check the password 123456789. How many times has that been seen?!
In a later week in the course you’ll study how to create secure passwords.
In the next section you’ll find out about three high profile cyber security breaches.