Hiscox, a specialist in small business and cyber insurance, recently staged a “real world” hack to demonstrate what a cyber attack would look like for small businesses.
The insurer collaborated with UK bike manufacturer Brompton Bicycle, constructing overnight a complete clone of Brompton’s east-London store, hiring look-a-like staff and even stocking the shelves with counterfeit merchandise.
Reactions of astonished staff and passersby were captured as the fake store, called “3rompton,” opened its doors to the public on the opposite side of the road and subsequently launched a series of cyber-attack simulations on the genuine Brompton store in Shoreditch, explained Hiscox.
Common hacking techniques such as ransomware and phishing were brought to life through a series of simulated offline attacks:
- The real store was boarded up, displaying a ransom note demanding Bitcoin in exchange for re-entry
- Genuine stock deliveries were diverted to the fake “3rompton” store, highlighting the potential effects of a phishing scam
- The real Brompton store was flooded with imitation customers overwhelming staff, simulating a distributed-denial-of-service (DDoS) attack.
“The frequency and severity of cyber attacks on UK businesses is alarming,” commented James Brady, head of Cyber at Hiscox. “Cyber criminals are swift, sophisticated and consider businesses of all shapes and sizes worthy targets so it’s vital that organizations are both aware of these risks and prepared to manage them.”
Hiscox said one in three (33 percent)* UK small businesses have suffered a cyber breach and this simulation is the latest initiative in its cyber awareness campaign that aims to highlight this risk.
“Businesses need to take ownership of their cyber security and put solid preventative measures in place,” added Brady. “Unfortunately, attacks will still get through and being prepared for those attacks is critical.”
“Cyber crime is one of the biggest security risks facing businesses today but many aren’t taking it seriously and many more are underprepared,” said Robert Hannigan, former director of Government Communications Headquarters (GCHQ) and special advisor to Hiscox. (GCHQ is a UK intelligence and security organization).
“It’s a less tangible risk than burglary or a fire which can make it hard for businesses to grasp, so bringing cyber crime to life with an exercise like this is a useful way of conveying an important message,” Hannigan continued.
“The hacking techniques being simulated such as ransomware and phishing are extremely commonplace and have been for many years. At the same time, new types of cyber crime continue to emerge, which makes staying on top of cyber security an ever-evolving challenge,” he said.
“Our business is about our bike – the design, function and support we give to our customers over the life of the product,” said Will Butler-Adams, CEO Brompton Bicycle.
“We have spent 40 years developing the Brompton brand and continue to take risks to innovate and improve the design. When people copy us, with little understanding of the engineering and care behind the design, they are trying to fool our customers who may go on to buy a potentially dangerous product,” Butler-Adams emphasized.
“We wanted to work with Hiscox to highlight these risks, as it is a serious issue and is not limited to the product but also to online cyber fraud, spam emails and viruses, that hurt businesses and their customers alike,” he affirmed.
Cyber security incidents cost the average small business £25,700 ($33,181) a year in direct costs (e.g. the costs of IT experts in response to the incident, lost revenue and replacement systems), said Hiscox, quoting its own Hiscox Cyber Readiness Report, based on a survey taken in October-November 2017 of 4,103 professionals who responsible for their organization’s cyber security strategy.
Hiscox said direct costs are just the beginning. Indirect costs such as damage to reputation, the impact of losing customers and difficulty attracting future customers, means the true figure can be significantly higher, the company explained.
* Figure taken from the December 2017 YouGov Survey of 2,056 decision makers at small and medium-sized enterprises (SME).
Image: https://nlnteq.org/2018/11/29/developing-best-practices-for-statewide-simulation-initiatives/ – Source: www.insurancejournal.com