‘Real World’ Cyber Attack

Hiscox stages ‘real world’ cyber attack on iconic bike manufacturer Brompton

• Insurer targets high-profile bike manufacturer’s retailer network with a staged ‘offline’ cyber attack simulation, to raise awareness of cyber crime and how it feels to be hacked
• Imitation store appears overnight containing ‘knock-off’ counterfeit stock and staff doppelgangers
• Reactions captured as staff of the original store watch a series of real-world hacks unfold in front of their eyes.

Members of the public watched in astonishment recently as staff at a retailer of the iconic bike manufacturer Brompton arrived to find their store had been ‘hacked’.

In its latest cyber initiative, global insurer Hiscox, a specialist in small business and cyber insurance, collaborated with Brompton Bicycle to stage a ‘real world’ hack – simulating the effects of a cyber attack by constructing a complete clone of their east-London store overnight, hiring look-a-like staff and even stocking the shelves with counterfeit merchandise.

Reactions of staff and passers-by¹(watch the video) were captured as the fake store – ‘3rompton’ – opened its doors to the public on the opposite side of the road and subsequently launched a series of cyber attack simulations on the genuine Brompton store in Shoreditch.

Common hacking techniques such as ransomware and phishing were brought to life through a series of simulated offline attacks; the real store was boarded up, displaying a ransom note demanding Bitcoin in exchange for re-entry; genuine stock deliveries were diverted to the fake ‘3rompton’ store, highlighting the potential effects of a phishing scam; finally the real Brompton store was flooded with imitation customers overwhelming staff, simulating a denial-of-service (DDoS) attack.

According to the insurer, one in three (33%)² UK small businesses have suffered a cyber breach and this simulation is the latest initiative in its cyber awareness campaign, set-up to highlight this risk.

James Brady, Head of Cyber at Hiscox, commented: “The frequency and severity of cyber attacks on UK businesses is alarming. Cyber criminals are swift, sophisticated and consider businesses of all shapes and sizes worthy targets so it’s vital that organisations are both aware of these risks and prepared to manage them.

“Businesses need to take ownership of their cyber security and put solid preventative measures in place. Unfortunately attacks will still get through and being prepared for those attacks is critical.”

Robert Hannigan, former Director of GCHQ and Special Advisor to Hiscox, commented: “Cyber crime is one of the biggest security risks facing businesses today but many aren’t taking it seriously and many more are underprepared. It’s a less tangible risk than burglary or a fire which can make it hard for businesses to grasp, so bringing cyber crime to life with an exercise like this is a useful way of conveying an important message.

“The hacking techniques being simulated such as ransomware and phishing are extremely commonplace and have been for many years. At the same time, new types of cyber crime continue to emerge, which makes staying on top of cyber security an ever-evolving challenge.”

Will Butler-Adams, CEO Brompton Bicycle, added: “Our business is about our bike; the design, function and support we give to our customers over the life of the product. We have spent forty years developing the Brompton brand and continue to take risks to innovate and improve the design. When people copy us, with little understanding of the engineering and care behind the design, they are trying to fool our customers who may go on to buy a potentially dangerous product. We wanted to work with Hiscox to highlight these risks, as it is a serious issue and is not limited to the product but also to online cyber fraud, spam emails and viruses, that hurt businesses and their customers alike.”

Cyber security incidents cost the average small business £25,700³ a year in direct costs (e.g. the costs of IT experts in response to the incident, lost revenue and replacement systems) but this is just the beginning. Indirect costs such as damage to reputation, the impact of losing customers and difficulty attracting future customers, means the true figure can be significantly higher.