As TechForce Cyber enters its seventh year, CEO Jai Aenugu remains keen to provide Scottish businesses with the knowledge and tools needed to navigate the digital landscape (Image: Getty)
As one of Scotland's leading companies leading the country's defense against cyber threats, Aberdeen-based TechForce Cyber offers businesses tailor-made security solutions against online criminalsThe UK government's latest report on cybercrime and data breaches in Britain estimates the cost to the UK economy at around £27 billion per year and rising.
The Scottish Government has made it a point to warn Scottish businesses about the threat posed by cyber criminals. In February 2021, it published its 'Cyber Resilient Scotland: Strategic Framework', an update to its previous strategic framework.
The foreword by MSP John Swinney, then Cabinet Secretary for Education and Skills, pointed out that cyber resilience is "the backbone of every public service, every business and every community in Scotland."
Jai Aenugu, founder and CEO of Aberdeen-based cyber security specialist TechForce Cyber points out that some of the most successful 'hacks' of companies, both large and small, are not sophisticated at all. These 'hacks', which cause very significant losses for companies on an almost daily basis, are fundamental. They can be prevented by taking simple, sensible measures.
"An example of one of the most important cyber breaches is the email hack. It is very basic and involves very little more than some social engineering and possibly very basic hacking," says Aenugu.
While this is a basic 'hack' that can easily be defended against if companies take the right preventative measures, it continues to net criminals worth many hundreds of millions of pounds worldwide.
Aenugu points out that in last year's FBI report on cybercrime, the FBI estimated that email attacks netted criminals more than $3 billion that year alone. This year the figure will probably be even higher.
Additionally, the FBI said in last year's report that cyber attacks on businesses in the US had increased by 40 to 50 percent. The estimate is not accurate because many cybercrimes and associated losses go unreported.
The story continues
"What happens in an email attack is that the criminals use different tactics to gain access to someone in the organization's email," he explains.
"They can do this through a phishing attack or through social engineering, by going through the organization's waste, and so on. Once they are in the mail system, they choose a target, such as someone in the finance department. They change the system's forwarding rules so that that person's emails are sent to an address controlled by the hackers.
"Then, from that email traffic, the bad actors identify a major customer who regularly transacts with the company. The person in the finance department no longer sees emails from that customer. The criminals contact the customer and say that the company is having problems with the current bank and that the customer should stop payments until the matter is resolved. After a few days, the customer receives a new bank account."
"If the customer is diligent and informed, he can of course contact the company to check the bank account change, and the scam will fail. But in many cases they take the change for granted and pay their bills into the new bank account.
"This can take weeks or even months before the company becomes aware that the customer appears to be in arrears. Only then does the company realize that it is in trouble and has lost money."
Aenugu points out that even if the fraud is discovered, sometimes the attackers simply shift the attack because they are still in control of the company's business operations.
email system.
"Strong passwords and two-factor user authentication would block these types of attacks and save the UK and Scottish economies hundreds of millions if they were introduced universally," he notes.
Aenugu explains that there are different levels of bad actors. At the top of the food chain, so to speak, are the countries that sponsor cyber attacks or turn a blind eye to externally targeted cybercrime. These countries include Russia and North Korea.
"These bad actors are highly skilled and go after very specific targets. The Scottish Government is acutely aware of the dangers of potential attacks on the country's infrastructure, but these attacks are rare. In comparison, low-skilled hacks on small to medium-sized businesses are very common and constantly increasing," he notes.
His company, TechForce Cyber, is now in its seventh year and specializes in helping companies become aware of cyber vulnerabilities in their organizations.
"No organization can ever make itself one hundred percent secure and still function effectively. But there is so much you can and must do to protect the company, its employees and customers," he says. Businesses and even individuals can take the sting out of ransomware attacks by, for example, ensuring they back up all their data and systems to the cloud or to a third-party disaster recovery site.
Aenugu adds that while many companies do indeed have a policy for performing data backups, it is often the case that these policies are not supported by regular testing of the integrity of these backups.
"What we see happen time and time again is that when the company is actually exposed to a ransomware attack that shuts down the systems, the backups don't work or have critical holes in the data. It is important to point out that the vast majority of companies of all sizes that lose access to their data go out of business within six months," he warns.
He urges companies to contact specialist cyber security companies such as TechForce Cyber to have their systems audited.
"We sit down with the company and analyze what they have and where they are vulnerable. We give them a roadmap of what they are doing to make their business safer.
"You can go a long way toward cyber resilience by taking common-sense measures that cost a small fraction of what the average business stands to lose if they become the subject of a serious hack," he concludes.
