'Cyber criminals have upped their game' admits worried CIO

'I'm wearing eight bullet-proof vests and hoping one of them stops the bullet, and often it's the last one. I'm getting nervous,' says Nick Ioannou, head of IT, Ratcliffe Groves Partnership

Cyber criminals have upped their game, and CIOs are getting nervous.

Nick Ioannou, head of IT at Ratcliffe Groves Partnership admitted that the frequency and sophistication of attacks on his firm has been increasing, and it's becoming a real concern.

"I've seen the criminals up their game," said Ioannou. "I've seen them target the firms we work with, infiltrate their email, then use that to send out malicious payloads. We see emails from people we work with, they look genuine but the links will be malicious.

"Sometimes there are no payloads so our systems won't detect anything, and I'm relying on users to make the right judgement call. If they do click, the last few layers of security are the ones that need to kick in, but ideally I want to stop those attacks earlier. You just don't know what will get through," he said.

Adam Brady, security consultant at LogRhythm, said that the most successful attacks come from internal sources.

"The most frequent attacks are external, but the most succesful are insider threats and social engineering.

"You have to be pragmatic and look at the evidence inside your network," he continued. "You will have fingerprints of activity within those systems inside your perimeter. Either the user of the account has gone rogue, or the account has been compromised. You need to look for privilege escalation, and look for evidnece that it's been used to gain more access to the network.

"It's looking for changes in account behaviour. It could be a privileged account admin who typically accesses certain machines, and they suddenly start accessing the HR server for instance. They don't normally do it, so being able to trend their behaviour you see those outliers quite quickly," said Brady.

Ioannou added that the finance and HR teams are common targets of attack.

"The finance team is always a good target, they receive fake invoices, or it's HR. The amount of CVs we see with javascript built in is unreal, but it's just auto blocked now. They're always targeted because they expect communication from outside sources all the time. I've invested heavily in those areas. I'm wearing eight bullet proof vests and I'm hoping one of them stops the bullet, but often it's the last layer and I'm getting nervous."

He added that it's products from certain companies which often cause the biggest headaches.

"Microsoft, Adobe, Oracle, it's that unholy group of pdfs, Java, Silverlight and Internet Explorer. They cause all my problems," he concluded.

Ioannou and Brady were speaking during a Computing webinar: 'Moving threat defences to real-time'. Research presented during the event revealed that half of UK firms have been hit by ransomware in the last two years.