South West Regional Cyber Crime Unit (SWRCCU)
On the 14th of September, we attended an inaugural South West Regional Cyber Crime Unit (SWRCCU) Leaders Conference hosted by Somerset County Cricket Club in Taunton.
The event addressed the problem of increasing cyber breaches and threats that businesses face, regardless of their size. Protecting digital information and data starts with maintaining physical security. Even with the most sophisticated software and security measures in place, a simple mistake by one person could have a catastrophic impact on your whole organization.
We had the pleasure to listen to a very insightful panel of expert speakers sharing their knowledge and advising on how to spot cyber attack and build cyber resilience. IASME, the company behind the NCSC's Cyber Essentials shared the latest updates on their accreditation scheme and how they can help businesses reduce cyber risks and exposure to malicious activities.
Firstly, we heard from the director of South West Cyber Resilience Centre, a not-for-profit police-supported organization covering business protection, cyber skills and cyber innovation. Their aim is to educate and help regional businesses and charities stay safe and protected from cyber crimes. SWCRC is a part of national clusters of cyber resilience centers.
The founder of AntiSocial Engineer delivered a talk on social engineering and how cyber attacks are carried out online and offline. The AntiSocial Engineer team helps individuals and businesses to stay cyber aware and reduce the impact of social engineering. They offer a range of educational and practical services including simulations of cyber attacks. We were impressed by the efforts and lengths to which they test the physical security of companies by implementing social engineering scenarios, such as entering a building wearing a fake branded T-shirt or tailgating.
SWRCCU shared with the audience a case study investigation involving cyber criminals and their victims. We learned how law enforcement investigates and responds to cyber incident reports, and how vital it is to act fast and work together to spot and prevent cyber crimes.
In the afternoon we took part in an interactive group activity and managed to escape the Police Cyber Escape Room, courtesy of SWRCCU workshops. This immersive session was designed to make us aware of how easily data and information can be found online, resulting in identity thefts or cyber attacks. Our task was to collaboratively review available resources and break into electronic or physical devices by cracking passwords and credentials based on the information we found. What a fun and eye-opening activity!
Social engineering doesn't just happen online and relies heavily on trust and human error. Both give an advantage to cyber criminals when planning an attack which does not target a specific individual but is rather opportunistic in the hope of finding a 'weak link' in the wider organization. That weak link is not always unpatched software or vulnerable code, but simply one click of a button opening a malicious website or holding the door open for someone entering a building. From front line staff to CEOs, all levels of seniority in a business should be regularly educated on the ways to detect, prevent, and report any malicious activities.
When it comes to cyber security being proactive is better than being reactive. With so many resources available, make sure to educate yourself and those around you about possible cyber risks and ways to eliminate them.