City Security Magazine Summer 2024

orderForm.title

orderForm.productCode

orderForm.description

orderForm.quantity

orderForm.itemPrice

orderForm.price

orderForm.totalPrice

orderForm.deliveryDetails.name

orderForm.deliveryDetails.accountNumber

orderForm.deliveryDetails.phone

orderForm.deliveryDetails.poNumber

orderForm.deliveryDetails.email

orderForm.deliveryDetails.companyName

orderForm.deliveryDetails.billingAddress

orderForm.deliveryDetails.deliveryAddress

orderForm.deliveryDetails.deliveryDetailsDeliveryAddressSameAsBillingAddress

orderForm.deliveryDetails.address1

orderForm.deliveryDetails.address2

orderForm.deliveryDetails.city

orderForm.deliveryDetails.state

orderForm.deliveryDetails.postCode

orderForm.deliveryDetails.country

orderForm.deliveryDetails.additionalInformation

orderForm.noItems

CITY OF LONDON POLICE:

A blended approach to preventing a cyber attack

What is the most likely cyber attack?

How can I prevent it and what are the police doing about it?

I

n the City of London Police’s Cyber Crime Unit, we hear these questions more than any other.

Cyber threats

The complexity and severity of cyber threats have steadily increased in recent years. In the year leading up to September 2023, England and Wales reported over 898,000 computer misuse incidents, marking a 30% rise from the previous year. Including reports of cyber-enabled attacks, which are traditional crimes that make use of computer networks, figures show 2.39 million businesses in the UK experienced a cyber crime in 2023.

On analysis, high volume, low sophistication attacks still make up the significant majority of reports. Phishing, an attack which stems from social engineering or manipulating the user, stands out as one of the most prevalent amongst these.

Trend analysis of the same data indicates that criminals have focused their efforts on refining and disseminating these well- known attacks to make them resistant to security improvements rather than moving on to newer attack types. Even in the case of investigations into intricate cyber attacks, social engineering, despite its simplicity, often serves as the gateway for more complex intrusions.

Prevention

When it comes to prevention, the information is clear. Having security measures focused on resisting socially engineered attacks offers numerous

security benefits. Addressing these proactively targets both the most likely attack and the gateway to some of the most severe threats in today's cyber landscape. Moreover, because socially engineered attacks are a familiar threat, a variety of tried and tested security measures are already available for our use. Additionally, establishing these defences confers a lasting security benefit, as information suggests that attackers intend to keep using these methods.

Indeed, even with the advances made with generative artificial intelligence (AI), and amidst concerns that this technology could facilitate new security risks, early examples suggest that much of its malicious use has been focused on enhancing existing social engineering techniques.

Fortunately, a variety of both technical and non-technical defences exist which counter this attack type. Employing a blended approach which leverages both is highly recommended. However, as these attacks primarily target users rather than systems, comprehensive training and awareness has long been recognised as essential in protecting against the effects of one of the most prolific attacks in today’s landscape.

Cyber Griffin

Awareness around this challenge is one that policing continues to advocate, alongside actionable advice to prevent it.

Since 2017, Cyber Griffin, the programme within the City of London Police’s Cyber Crime Unit dedicated to protecting the community against cyber criminality, has designed and delivers services which address cyber threat.

The Baseline Briefing, Cyber Griffin’s end user training, is specifically created to address high volume, low sophistication

© CITY SECURITY MAGAZINE – SUMMER 2024 www.citysecuritymagazine.com

attacks and to equip

attendees with the security knowledge

needed to prevent them. To date, more than 50,000 people in the Square Mile have received this training, which is continually updated to ensure the latest advice is included. The Baseline Briefing 5.0 is due to be released this summer and will include new sections dedicated to AI vulnerabilities and how to secure against them, led by officers who conducted this research.

As new security challenges are identified, Cyber Griffin produces services designed to protect against them. The latest of these is free Incident Response Hydra Training, which provides realistic exercise scenarios for security teams who want to train for a live cyber incident and learn from how this is approached in policing.

Cyber Griffin’s offering has been carefully designed to reflect the current threat landscape our community faces and just as importantly, to ensure we all know the answers to the questions asked at the beginning of this article.

To learn more about Cyber Griffin visit www.cybergriffin.police.uk

Inspector Charlie Morrison City of London Police Cyber Crime Unit

>

22

Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | Page 6 | Page 7 | Page 8 | Page 9 | Page 10 | Page 11 | Page 12 | Page 13 | Page 14 | Page 15 | Page 16 | Page 17 | Page 18 | Page 19 | Page 20 | Page 21 | Page 22 | Page 23 | Page 24 | Page 25 | Page 26 | Page 27 | Page 28 | Page 29 | Page 30 | Page 31 | Page 32 | Page 33 | Page 34 | Page 35 | Page 36