Home Cyber Security A blended approach to preventing a cyber attack
Cyber Security

A blended approach to preventing a cyber attack

By Contributor CSM
By Contributor CSM Online

A blended approach to preventing a cyber attack

In the City of London Police’s Cyber Crime Unit, we hear these questions more than any other: what is the most likely cyber attack? How can prevent it? What are the police doing about it?

Cyber threats

The complexity and severity of cyber threats have steadily increased in recent years. In the year leading up to September 2023, England and Wales reported over 898,000 computer misuse incidents, marking a 30% rise from the previous year. Including reports of cyber-enabled attacks, which are traditional crimes that make use of computer networks, figures show 2.39 million businesses in the UK experienced a cyber crime in 2023.

On analysis, high volume, low sophistication attacks still make up the significant majority of reports. Phishing, an attack which stems from social engineering or manipulating the user, stands out as one of the most prevalent amongst these.

Trend analysis of the same data indicates that criminals have focused their efforts on refining and disseminating these well-known attacks to make them resistant to security improvements rather than moving on to newer attack types. Even in the case of investigations into intricate cyber attacks, social engineering, despite its simplicity, often serves as the gateway for more complex intrusions.

Prevention

When it comes to prevention, the information is clear. Having security measures focused on resisting socially engineered attacks offers numerous security benefits.

Addressing these proactively targets both the most likely attack and the gateway to some of the most severe threats in today’s cyber landscape. Moreover, because socially engineered attacks are a familiar threat, a variety of tried and tested security measures are already available for our use. Additionally, establishing these defences confers a lasting security benefit, as information suggests that attackers intend to keep using these methods.

Indeed, even with the advances made with generative artificial intelligence (AI), and amidst concerns that this technology could facilitate new security risks, early examples suggest that much of its malicious use has been focused on enhancing existing social engineering techniques.

Fortunately, a variety of both technical and non-technical defences exist which counter this attack type. Employing a blended approach which leverages both is highly recommended. However, as these attacks primarily target users rather than systems, comprehensive training and awareness has long been recognised as essential in protecting against the effects of one of the most prolific attacks in today’s landscape.

Cyber Griffin

Awareness around this challenge is one that policing continues to advocate, alongside actionable advice to prevent it.

Since 2017, Cyber Griffin, the programme within the City of London Police’s Cyber Crime Unit dedicated to protecting the community against cyber criminality, has designed and delivers services which address cyber threat.

The Baseline Briefing, Cyber Griffin’s end user training, is specifically created to address high volume, low sophistication attacks and to equip attendees with the security knowledge needed to prevent them. To date, more than 50,000 people in the Square Mile have received this training, which is continually updated to ensure the latest advice is included. The Baseline Briefing 5.0 is due to be released this summer and will include new sections dedicated to AI vulnerabilities and how to secure against them, led by officers who conducted this research.

As new security challenges are identified, Cyber Griffin produces services designed to protect against them. The latest of these is free Incident Response Hydra Training, which provides realistic exercise scenarios for security teams who want to train for a live cyber incident and learn from how this is approached in policing.

Cyber Griffin’s offering has been carefully designed to reflect the current threat landscape our community faces and just as importantly, to ensure we all know the answers to the questions asked at the beginning of this article.

To learn more about Cyber Griffin visit www.cybergriffin.police.uk

Inspector Charlie Morrison

City of London Police

Cyber Crime Unit

SHARE   0 comment
0
FacebookTwitterPinterestEmail
Avatar

City Security magazine is proud to work with contributors from across the security sector and beyond, including police forces, security associations, security providers, consultants and specialists who produce a range of varied and interesting content.

Related Articles

Are you compliant with the Product Security and...

Guarding against cyber threats: procuring cyber security from...

Offset labour market challenges in security with Strategic...

Fraudsters targeting businesses with Remote Access Scams

Cyber security – it’s not magic

The Little Media Series with Big advice helping...

The persistent menace of ransomware and four steps...

Artificial Intelligence – how to protect the world...

How the Product Security and Telecommunications Infrastructure Act...

How to resolve the cyber security risks facing...