Inside Job: How do hackers and cyber criminals operate?

Knightsure’s Tony Knight looks behind the screens to highlight some of the ways in which cyber criminals make their mark: Social Engineering

Share This

Businesses and individuals are always being reminded of the rising risk of cyber-crime, either as a safety precaution from their insurance broker or simply from the steady stream of high profile businesses whose encounters with hackers have made the news.

But what are we actually up against with cyber-crime? Knightsure’s Tony Knight looks behind the screens to highlight some of the ways in which cyber criminals make their mark:
Social Engineering

This is where the “con artists” of the cyber world make their gains. Social engineering involves tricking people to reveal their personal data, bank details, passwords and other important information that they wouldn’t want to see in the wrong hands

Examples of social engineering include phishing emails, which encourage the recipient to part with bank details or other important data or fools them into opening an attachment or click a link that contains a virus.

Pretexting is a another common form of social engineering, where a hacker pretends to be affiliated with a source you trust such as your own bank and asks for the kind of information your actual bank would never ask you to divulge.


A bot is a type of malware that allows hackers to take control of many computers at a time. They can then use this network of “zombie” computers to spread viruses further, and create spam quicker in greater volumes.

This malware infects vulnerable and unprotected computers and uses them without the owner’s knowledge to secretly carry out unlimited illegal activities, such as stealing personal data, bank details, click fraud or denial of service.

Denial of Service

Imagine a website that has so much traffic constantly flowing through it, that to take it offline even for a relatively short time, could amount to a huge financial disaster for that company.

These sites are a prime target for cyber criminals, who may use a technique called distribution denial of service or DDOS, to do exactly that.

Those planning a DDOS will effectively recruit a number of unprotected computers to create a “botnet” to carry out the attack. In a controlled test run of DDOS, the BBC working with a security firm discovered that it took only 60 computers to simulate a website crash that took a site offline.

But to what end? The website owner knows that blocks to their high traffic website could result in a substantial loss of business, and it’s this concern that cyber criminals use to their advantage. They will often threaten the website owners with either paying a ransom demand or face a DDOS so that the company concerned has no choice but to pay up or run the risk of losing much more through lost business.

Warning signs

If you receive an email that isn’t addressed directly to you, names a company which doesn’t match the email address, or is from a source you don’t normally deal with, be wary. If a message looks and sounds like your bank but is asking for your pin number, it’s not your bank. They would never ask you for this.

If your computer becomes infected by a bot it may slow down, display unusual messages, or crash altogether.

If your website becomes increasingly slow or unresponsive over a period of time before crashing completely, despite a healthy internet connection.

What to do

It is essential to understand your IT security and who is responsible for data privacy, back ups, password procedures, firewalls, virus protection. If you have limited knowledge, consider outsourcing to a dedicated IT Consultant, Data Protection expert or IT Security specialists. The Government’s cyber essentials programme is an extremely cost effective way of showing your customers and importantly, your prospects that you take care of their data.

Once you know in part what you and your computer or IT systems are up against, you can take measures protect against it. Anti-virus software, secure Wi-Fi networks and strong passwords offer some defence but if in spite of these measures the warning signs still appear, a Cyber Liability Insurance policy can help repair the damage caused by a cyber-attack. If the word “cyber” makes you think of Dr Who and gives you a “it’ll never happen to me” attitude, then think instead of data and how important your data is to the day to day running of your business.

Call 01489 579926 or email to find out more about how Southampton based Knightsure Insurance Brokers can help with Cyber Liability Insurance.

Share This