Page 2 - TenInsight_issue6
P. 2
2 June 2019 | Issue 6 3
How do geopolitical cyberattacks Is your company taking due
affect the average UK SME? diligence seriously?
It is not unusual these days to hear about a corporate or public entity being subject to a cyberattack
or losing large quantities of data. The attacks garnering most attention are, characteristically, not When 75% of our background checks identify flags, a simple Google
perpetrated by a bored teenager (a so-called ‘’script kiddie’’) but are instead state-sponsored and search isn’t enough.
geopolitical in nature.
In 2002, Yahoo discovered that CEO Scott During this research we identified a Detailed examination of databases,
One of the more recent attacks includes Security and Resilience, highlighted that protocols does the company have in number of near misses, where clients had online resources, and interviews with
the Australian government cyberattack China’s attacks characteristically target place? What is their reputation like? Thompson could not have obtained a been poised to appoint a professional carefully chosen individuals and sources,
in February 2019, linked to Iranian cyber big data sets and bounce off others by Do my third parties use other third bachelor’s degree in computer science who, at first glance, seemed like the is the only way companies can be
espionage group ‘Iridium’ – a group also hacking through a service provider. parties? If a data breach occurs, how do I from Stonehill College, as the course ideal candidate but turned out to be less certain to minimise risks when engaging
believed to be responsible for a similar Hypothetically speaking, if the UK communicate externally and internally? was not offered until four years after than desirable. Our findings included with a new senior hire, partner or
attack against the UK government in 2017. he graduated. In 2018, the world’s
government used Amazon Web Service According to the 2019 Cyber Security largest luggage maker, Samsonite, also allegations of insider trading, sexual business. Interestingly, there are several
Other geopolitical cyberattack examples (AWS) to store its data, China could target Breaches Survey, the number of announced its CEO had stepped down harassment, fraud, drug taking, undeclared mechanisms in place online for people
include the WannaCry ransomware in large data sets in AWS to seize this. As businesses reporting cyberattacks following allegations he lied on his insolvencies, court litigation, ties to to hide their backgrounds: for example,
2017, the supposed Russian interference a small pest control business in the UK, decreased from 43% the previous year to resumé. sanctioned individuals and companies; all companies which bury negative online
in the US 2016 presidential election, North using AWS cloud to store all personal data 32% this year. However, it appears that of which clearly demonstrate the need for profiles for a fee, as well as the Right to be
Korea’s attacks against SWIFT and Bitcoin, relating to your clients, your company’s businesses and charities that have been These are just two high-profile examples, background checks before employment Forgotten law codified in the EU’s General
and the numerous Russian assaults on data could be compromised in the attack. targeted now appear to be experiencing whereby both companies, as market to help safeguard your organisation’s Data Protection Regulation (GDPR).
Ukrainian infrastructure. Would you have a plan in place for this more attacks than in prior years. leaders in their sectors, overlooked the reputation. It further proves that using standard
scenario? details of their most senior executives’
The effects of these geopolitical Such a high percentage of attacks No more Google searches search engines will not recover scrubbed
cyberattacks are often under-estimated It is important to understand that suggests it is not a case of if you will suffer CVs. This resulted in not only financial data, however, an experienced due
always seem to be misunderstood, as although you may not be the direct target a data breach, but when. losses but, most importantly, it had an Whether it’s through an in-depth diligence analyst is trained to spot the
people often forget about the incident of a nation-state hack, it is possible to be Most importantly, do not underestimate embarrassing impact on the company’s interview with a former colleague which signs and collect factual information.
after a couple of days of bad press. The affected indirectly – having a plan in place the effects of a cyberattack on your public image. Skeletons can be found in reveals criminal activity or undeclared Due diligence is a very complex and
long-term ramifications of such an event will help mitigate the consequences of the company and employees, and never even the safest closets. financial issues identified through official challenging undertaking. A thorough
are often not truly comprehended by breach. undervalue the importance of a thorough How much due diligence is records, relying on a Google search to background check into senior executives
smaller businesses in the UK. identify these kinds of risks is unwise –
Primarily, you need to understand your and up-to-date company plan in enough? none of the red flags we identified during and new hires should entail rigorous
The 2019 Cyber Security Breaches Survey own cyber vulnerabilities: does your minimising the effect of a macro-scale Having the right background information the 600+ background checks in 2018 were interrogation and analysis of information
shows 31% of micro and small businesses company adhere to the most basic cyberattack. Be prepared – you never allows organisations to work with found through a Google search. gathered from a range of open sources,
have encountered breaches or attacks in cybersecurity principles? In their Cyber know if you will be the next target. confidence, compliance and assurance. such as: subscribed databases; press
the last 12 months. Despite the statistics, Essentials programme, The National At TenIntelligence, we provide a range Our Due Diligence Team completed over articles; company registries; court
most SMEs feel they are not at risk of Cyber Security Centre (NCSC) has useful of services and jargon-free advice to 600 background checks during 2018. As Due diligence results searches; public records and documents;
being a target – there is a general air of guidelines for making sure you are safe organisations who require assistance to reference checks; employment and
unrealistic optimism that being a small – the information is written plainly and is protect their company. If you would like to part of our analysis into these checks, we education verifications, as well as social
company is a form of protection. After accessible for most. have a conversation about your security implemented a simple traffic light system, media platforms. It is critical to identify all
all, they think, why would China want to Undertaking third-party risk management position, or need help in reaching an giving each background check a status the possible risks, as the additional cost
know how many rats were caught by a is also important. Ask yourself and your applied standard, contact us via of Red, Amber or Green. Red showed for the supplementary phases is minimal
small Kent-based pest control business? a significant red flag had been found; compared to the possible losses incurred
team – how well do you know the info@tenintel.com. Amber confirmed that discrepancies
At the ITC Annual Security Conference, provider of your cloud-based security were identified; whilst Green meant there from a bad business decision.
Paddy McGuinness, former UK Deputy solution? Do you know where in the Sean Nichol were no issues identified on their CV or For more information regarding our due
National Security Adviser for Intelligence, world your data is stored? What security Associate (Cyber and Forensics) diligence service, please email us via
application form. From our research, a info@intel.com. Our team is looking
total of 75% cases were identified as an forward to providing assurance and help
Useful links: Amber (69%) or Red flag (6%). This means your organisation make informed decisions.
1.The 2019 Cyber Security Breaches Survey: https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2019 during the open source phase, a further
2. Cyber security advice for SMEs by the National Cyber Security Centre https://www.ncsc.gov.uk/section/information-for/small- investigative phase is required, or the Katie Frodsham
medium-sized-organisations scope might also need to be expanded Red Green Amber Litigation Support and Assurance Director
into additional jurisdictions. 6% 25% 69% katie.frodsham@tenintel.com
Due Diligence | Investigations | Protection www.tenintel.com www.tenintel.com Due Diligence | Investigations | Protection
