Why would anyone target me? / How do I report a cyber incident?

Why would anyone target me?

Many people don’t think they are a target as they don’t understand the value of their information, devices or relationships to others. Some job roles are obvious targets, such as those with access to IT administration functions or large sums of money. The reality is we are all potential targets, since personal information and access to devices is immensely valuable to an attacker – even if it can’t be exploited directly or immediately.

Who is behind cyber attacks?

  • Cyber criminals are really good at identifying what can be monetised, for example stealing and selling sensitive data, or holding systems and information to ransom.
  • Foreign governments are generally interested in accessing really sensitive or valuable information that may give them a strategic or political advantage.
  • Hackers are individuals with varying degrees of expertise, often acting in an untargeted way – perhaps to test their own skills or cause disruption for the sake of it.
  • Political activists are out to prove a point for political or ideological reasons, perhaps to expose or discredit your organisation’s activities.
  • Terrorists are interested in spreading propaganda and disruption activities, they generally have less technical capabilities.
  • Malicious insiders use their access to an organisation’s data or networks to conduct malicious activity, such as stealing sensitive information to share with competitors.
  • Sometimes staff, with the best of intentions just make an honest mistake, for example by emailing something sensitive to the wrong email address.

Cyber criminals are often trying to obtain money, doing this online is easier and less risky for them than doing it in person. After all, why risk breaking into and robbing a business when you can just trick an employee into transferring money directly to you? Nowadays cyber crime has its own underground economy, with criminals buying and selling information, access to systems and cyber crime services. In the UK, more than 50% of all recorded crime is cyber crime and since this type of crime is known to be under-reported, it’s bound to affect us all at some point.

Here are some examples of what cyber criminals can do with your stolen data:

Name and Postal Address

  • Apply for loans and credit cards in your name
  • Parcel delivery scams

Email Address

  • Gain access to your online accounts
  • Send spam from your account

Phone Number

  • Fake calls e.g. impersonating your bank

How do I report a cyber incident?

Cyber incidents can take a number of forms, such as the loss of a laptop, phone or USB stick, accidentally acting upon instructions in a suspicious email, or exposing sensitive information by sending it to the wrong recipient. These are all examples of cyber incidents originating from within an organisation, but externally-sourced cyber incidents – such as the hacking of servers and the launching of denial-of-service attacks – are common too.

It’s important that you report all suspected or known cyber incidents, regardless of how minor you think they may be. The sooner we know about a potential incident, the quicker we can begin to do something about it and the less impact it will ultimately have on the University. Keeping track of the number and frequency of cyber incident reports helps us to understand the University’s current level of cyber risk and how it changes over time.

You’ll never get into trouble for reporting a suspected or known cyber incident!

For support and advice, or if you need to report a University cyber security incident, please contact the IS Service Desk:

Online:https://napier.unidesk.ac.uk/
Email:ISServiceDesk@napier.ac.uk
Telephone: ext. 3000 or (0131) 455 3000 externally

You should also let us know if University security policies or controls are making it more difficult for you to do your work – we might be able to make things better. Security controls exist to protect the University, its people and its goals, so as far as possible they shouldn’t be a undue barrier to normal working.