Cyber Security

The Word Security In Blue Color Displayed On A Dark Background

Today’s approach to cyber security has shown to be problematic for industry due to security threats constantly evolving. The initial traditional approach was to focus mostly on the resources most crucial, whilst protecting against the biggest known threats. This necessitated in leaving the less important systems undefended and less dangerous risks not protected against. Cybersecurity has never been simple mainly due to attacks evolving every day as attackers become more inventive, and industry fails to keep pace due to lack of education, expense and failure to adopt best practice.

In 2015, the industry saw a record total of nine major breaches, with an estimated advised exposure of identities jumping to 429 million. While this number is worrying, it hides a bigger concern where companies choose not to reveal the full extent of their data breaches due to reputational damage. On examination of recent security alerts we now come to see that even area’s thought to be secure tend not to be entirely. With this more in-depth IT security examination should be carried out by Industry and their associated clients than is currently being addressed due to financial concerns.

Alerts have shown that Microsoft 365 cloud can be hit by ransomware and point of sales systems can be targeted with success in leisure and travel industries. Free Wi-Fi, although counted as a benefit when visiting your favourite coffee shop, hotel or meeting spot, can expose a personal device breach and we would never know it had happened. In addition, recent alerts relating to Aviation and the Power & Infrastructure sectors, it is now a common place for cyber security targeting to occur.

It is worth remembering that cybercrime in all its forms is a business after all, only operating externally to the law. It has infrastructure, development and a constant career plan based on your own industry’s success. An example of this can be shown with Apple, for years most viruses and attacks were comprised for Windows related systems and devices because this yielded the greatest pay out. As most cybercriminals don’t waste their time on applications or devices the market shows to be uncommon or unpopular with end users. With this Microsoft has been a particular favourite due to market demand yet with Apple’s rise in the market more and more cyber alerts are now showing on this resource. This can also be viewed externally to applications such as the increase of free WIFI, Point of Sales devices, Spear phishing and Websites all being the cyber criminal’s business revenue earners. And truth be told, business is good for them and it is becoming easier and more profitable than any other in business known globally.

A Table With Data On Cyber Attack Verticals. POS Intrusions Leading The Way With 28.5% And Denial Of Service Attacks Being Last With 0.1% Of Total Cyber Attacks
A Table With Data On Cyber Attack Verticals.

One the biggest threats today and the most common is related to the malicious end user activity and spear phishing, where all public and private industry sectors are targeted with greater and greater success. Spear phishing is commonly used by an attacker to facilitate a targeted attack to a specific user email. An attacker will first gather information on an individual prior to creating a crafted email specific to that user and the situation. Once delivery of the email to the attended target the recipient is six times more than likely to open it and trust it than other emails generic to the target. These crafted emails will detail instructions, web links or play upon the recipient emotions to facilitate an action. The actions can be wired fraud, system breach or worm/virus infection.

IN Q4 2015, You Were 6 Times More Likely To Be Hit By Weaponized Document Phishing Attacks Than To See An Exploit Kit

Due to the complexity and high success rate of these emails, companies tend to employ external white hat phishing services to train their employees on the dangers and the correct diagnosis of received attack emails. Although it should be remembered that a complex spear phishing attack email can fool even the smartest of IT professionals, additional safeguards relating to money transfers and documentation release should be observed.

Following on from this is the insider threat to any client’s infrastructure, reports show that end user mistakes can be just as serious as malicious attempts by a disgruntled employee. Employee mistakes can circumvent any security that’s put in place where regular security education tends not to be employed. One of the biggest is the loss of company devices such as laptops and media drives that have not been secured if lost. Although incorrect server permission’s or direct physical access results in the same scenario, it is worth remembering that no matter how trusted an employee is, they are human and thus capable of making mistakes.

The Causes And Consequence Of Cyber Crime Committed By Insiders

Ransomware, the extremely profitable type of virus attack, continues to ensnare company users and expand to any network connected devices that can be held hostage for a profit. In 2015, Ransomware found new targets in smart phones, Apple Mac, and Linux systems. The Ransomware virus has developed various variants over the years to become one of the most expensive threats to date. Varying pay-outs to resolve the file encryption caused by the virus variants have been reported to be in the range of $18 million between April 2014 and June 2015 although new reports show that the variant CryptoWall has seemed to surpass this. Reports show that between January 2015 and November 2015 pay-outs were advised to be $325 million. In some forms of CryptoWall the cost is doubled if payment is not received within a specified time frame. This value of payments varies from several hundred dollars to over a thousand.

The problem starts when a victim clicks on an infected advertisement, email, or attachment, or visits an infected website. Once the victim’s device has infected with the ransomware variant, the victim’s files become encrypted with no way to un-encrypt them unless payment is made. In most cases, once the victim pays a ransom fee, they regain access to the files that were encrypted. But this doesn’t ensure you from re-encryption at a later date. The virus becomes particularly effective due to many users failing on three crucial areas;

  • Keeping their software up-to-date;
  • Performing nightly backups of workstations and file servers;
  • Maintaining up-to-date anti-malware software.

Though this is not to say completion of the above entirely safe guards you as zero-day Ransomware, that’s previously been unknown to specific antivirus software signatures are becoming standard. Where the resident antivirus cannot identify and defend against, as shown with the likes of Office 365 and Adobe Flash encounters.

The use of bitcoin for ransomware demand payment is commonly used due to its easy use, allowing fast payment whilst being publicly available, decentralised, and providing a sense of heightened security and anonymity. The question of should a payment be made is still under contention where the US security services such as the FBI recommend payment is made. Although IT companies and regulatory bodies suggest that making these payments propagates the issue and allows continued scope to this threat.

Growth Of Ransomware Families

Expanding upon on the free Wifi threat that is growing in today’s industry of unprotected Wifi networks, particularly in public places, are most certainly a threat. This is due to users connecting to a network without knowing who else is on the network. “Free Wifi” provided by cafes, restaurants, etc. serve as excellent places for cybercrime where attackers can be harvesting user passwords with the user never knowing a breach has occurred. The attacker has various options open to them although the more popular attack method to perform is the ‘Man in the Middle’ attack which employs a technic known as ARP Cache Poisoning. Once addressed the attacker can read all plaintext passwords, including unsecured email (Email without TLS protocol use), unencrypted ftp and websites without SSL security. If this isn’t enough attackers can see all your internet searches and the domains that you visit, encrypted or not. The real concern is that the tools required to achieve such devious purposes are readily available on the internet with minimal tuition required. And so getting to this point they don’t require any real effort as ARP Cache Poisoning and Packet Sniffing (computer program or piece of computer hardware that can intercept and log traffic that passes over a digital network or part of a network) are now simplified for even the basic of IT operators. But a more advanced attacker can set up an active proxy on his remote system to perform attacks such as SSL Stripping. This gives them access to all web sites you visit, including HTTPS secured SSL sites resulting in them breaching you PayPal, eBay, Facebook and Twitter secured logins. The introduction of two factor authentication has long been advised to combat this, although available for some years the use of it has been avoided by many companies, due to users circumventing the process at times due to logon delays and inconvenience. Moving on, an attacker may target your machine directly, if you have not updated your software the likelihood that can spawn a shell with ‘Metasploit’ and download all your files for later analysis is increasing possible. Once again this can include saved browser passwords, authentication cookies, bank statements, personal correspondence etc.

Reasons For Avoidance Of Taking Cyber Threats Seriously

Reputational cost of cybercrime has a deep impact on all companies and thus true figures of damage costs and known breaches are impossible to advise. Companies, where possible will hide a breach due to knowing that publication of it will impact on their financial wellbeing. But it should be pointed out that cybercrime goes beyond finances and intellectual property. A recent survey showed that 50% of the consumers indicated that a cybersecurity breach would prevent them from using a company again. While companies fear reputation damage, there still has been little work to quantify it. Companies suffer reduced valuation after public reporting of being hacked, usually in the form of a drop in stock prices. These losses can be significant as shown by the TalkTalk and Sony breaches. Indeed, stock prices usually do recover over time, though recovery of stock prices may not be so quick if investors decide that there has been significant damage to a company’s intellectual property portfolio or sees a significant outflow of customers as a result.

Probability Of Being Hit By A Cyber Attack By Business Type
Target Spear Phishing

Anatomy Of Spear Phishing Attack

The most typical spoofed phishing emails we are currently seeing is an attacker impersonating an executive/CEO asking someone in accounts to perform a wire transfer or alternatively requesting they open a web link attachment. An example of an email could look like this:

________________________________________
From: Rudy Bosive (CEO) <rudy@bankofengland.com>
To: Claire Amtir (Senior Accounts) <claire@@bankofengland.com >
Subject: Can you make this wire transfer for me?

Claire,
We just closed on an acquisition of a new service but we’re trying to keep it quiet. Could you wire over £50,000 to them? The account number is below and we need to get this taken care of urgently today.

Thanks.
Rudy

Sent from Outlook for iPhone
Although spoofing has been around for some time, its evolution and prevalence has become wide spread since the introduction of cloud hosted company email. As with all email security it can be employed to assist in the prevention of this but no security is effective enough to resolve 100% of the problem. Due to this companies and their employees need to work with their associated IT departments or third party professionals in the education of email security.

It is important to understand that traditional security doesn’t stop these attacks because they are so cleverly customised, as a result they’re becoming more difficult to detect. An employee mistake can have severe consequences for the company. With stolen data, fraudsters can reveal sensitive information, cause reputational damage and financial loss. In addition, spear phishing attacks can deploy malware to hijack computers, organising them into enormous networks called botnets that can be used for denial of service attacks.

The human element is incredibly important and as such many companies now are adopting employee phishing testing programs or implementing additional safe guards to combat this. One suggestion is the use of secondary authentication for money transfer requests, such as an authorising password or follow-up telephone call on a requesting email. An additional suggestion is NEVER reply to the email; examples have shown that attackers will correspond with their target to facilitate the belief that the original email is genuine.

Remember… the people perpetrating these frauds frequently research employees’ responsibilities so they know who to target, and often gather information to try to make the wire transfer request as believable as possible. For example, they may research the executive’s schedule using public information or by making inquiries of the executive’s assistant with the goal of sending the fraudulent emails when the executive is out of town and cannot be easily reached for verification.

A recent commissioned survey of 1000 office workers showed the scale of phishing in the UK revealing the following results:

  • 27% of office workers do not know what phishing is
  • Nearly 60% of office workers receive phishing emails at work every single day, and 6% receive more than 10 phishing emails every day
  • More than one in five people admit to having been tricked by a phishing email into clicking a link or opening an attachment
  • 78% of those surveyed think they have never fallen for a phishing email
  • 29% do not report suspicious emails to their IT department
  • 49% are more worried about being phished at home that at work
Cyber Security Guidelines

Cyber Security Guidelines 2016

Cyber security is a hot topic right now across many industries. With the recent guidelines issued by the major industry associations, cruise companies are having to revisit, or in many cases develop, their methods for preventing security breaches. However, it is a daunting task, and in many cases reading through the guidelines issued can raise more concerns for many companies.
This guide will talk through how and why to ensure you have cyber security in place, as well as helping those with security already in place to ensure it remains up-to-date.

WHY DOES IT MATTER?
Firstly, Cyber security is not an IT issue, it is a business issue and is ineffective if not fully understood and backed from CEO level down. A targeted cyber attack could close your business down, ruin your reputation or leave you with severe debt due to large fines.

Cyber Attacks usually have one of 4 main functions.

  1. To cause major disruption to normal operations
  2. To steal large amounts of data and personal information
  3. To setup a ransom demand to release data
  4. To steal money from your bank or from Credit Cards

The more devices that are connected to the internet leads to more cyber crime requiring more cyber security to defend ourselves. It should also be noted that Cyber Crime is personal: you, your family, your business, your employees and your clients are all under attack. The Internet of Things (IoT) will generate 50 billion devices connected to the internet by 2020 and every one of these has the potential to be hacked and attacked. These devices control our physical lifestyle meaning when hacked can actually cause injury and possibly death. Previously the threat was commercial or reputational.

WHAT CAN I DO?
So now we know cyber crime is occurring and where it is occurring, what should we be doing about it?

STEP 1
Ensure there is an agenda point on each Board Agenda and each Senior Management team agenda to review and report on the Cyber Security Status.

This is critical as it proves the decision makers and key stakeholders understand and recognise the threat.
If this item is not on the agenda, get it on there and employ an expert to explain the threats in the context of your business.

STEP 2
Do not assume your current IT team are experts.

Use your Cyber Security expert to run workshops to interview the IT team from CIO down to find out what they know and then produce a Cyber security knowledge gap analysis.

STEP 3
Implement the recommendations

This is critical as Cyber Security reports often look like they were written by a purveyor of Doom however all of the gaps identified are potential entry points to your systems. Usually these gaps are risk analysed and can be dealt with in risk order.

STEP 4
As long as you require internet connected devices and systems you have to be persistent with keeping the Security up to date.

Cyber threats are changing daily and your protection software will help to ensure devices are protected if they are kept up to date. What is really important is to ensure that you budget for IT and software development includes enough to ensure that the security element is catered for.

Cyber Attacks

Reducing The Impact Of Common Cyber Attacks

Cyber Attacks: £600k- £1,15m is the average cost of a security breach. Who’s Attacking you?

Cyber Attacks are on the rise. A successful business works on the basis of revenue growth and loss prevention. It isn’t only large companies who are at risk.  Small and medium-sized businesses are severely affected if one of these requirements suffer. Data loss, business down-time and reputation loss can easily turn away new and existing customers if affected by a Cyber Attack. This could impact on profit margins. Cyber Attacks and network breaches can cost a business thousands of pounds and could even lead to lawsuits.

Security controls applied at each stage of an attack shown in this infographic, could reduce your businesses exposure to a successful Cyber Attack.  Malware Protection, Network Perimeter Defences and Patch Management are all areas to consider.

This infographic shared by the  UK government, will explain how you can reduce the risk to your business.

Cyber Attacks – Reducing the impact

Even with all the precautions and steps in place to minimise this risk, it is still possible for a business to be hit by an attack. To reduce the dramatic impact of this, it is paramount that such situations are handled appropriately and quickly.

To ensure you have protection in place and a contingency plan, that works for your business, speak to CRIBB on 0800 9 101 101.

Insider Security Threats

Insider Security Threats – the Biggest Challenge of Cyber Security

Businesses today are placing themselves in the firing line as they face the biggest challenge of cyber security. The recent cases of a data breach at Verizon and internal hacking at Expedia, outline how important cyber security is to business. Such cyber attacks pose a silent threat for a company with a damage potential running into billions, besides killing investor confidence and denting brand image.

In order to safeguard the business network, you must first understand what – and where – the biggest risks are.
According to the IBM 2016 Cyber security Intelligence Index, 60% of security incidents were carried out by insiders, either with malicious intent or carelessness. EY’s Global Information Security Survey discovered that 56% of organizations consider employees the most likely source of a cyber attack.

So your employees may be the biggest cyber security threat – the Trojan horse within. How do your employees compromise business security?

The 2017 Insider Threat Report cites inadvertent data breaches as topping the list of insider threats (71 %), followed by negligent data (68 %) and malicious data breaches (61 %). This is just the tip of the iceberg, as the “insider” is none other than your employee with physical or remote access to the company assets. He or she has insights into your business vulnerabilities and access to “insider-only” data. The average employee is also known to circumvent access controls, typically unconcerned with potential consequences of his actions.

The internal threat ecosystem affecting your business security
With businesses deploying most of their operations to the cloud and operating in an “always connected” environment, there is need to look at the threat ecosystems within the organization.

1. The BYOD culture
The adoption of bring-your-own-device (BYOD) practices, and proliferate use of mobile devices for access to business information, are the greatest security risks. Loss of devices, use of unsecured devices, and rampant sharing of unencrypted data put the business network at risk of cyber attacks.

2. Threats of Shadow IT
Even as security controls are deployed for known assets, the challenge of “Shadow IT” is a growing threat from within. The risks of non-approved SaaS and IaaS applications can put your data at risk, as they are outside the purview of network controls.

3. Unapproved / unsecured downloads
Downloading and file sharing is an everyday practice, that nevertheless exposes the system to malwares and hacks. An employee who downloads MP3 files on his device, or uses a peer-to-peer platform may unknowingly share company information.

4. Unsecure IoT
The increase in connected devices gives more entry points to hackers and cyber criminals. The IoT architecture’s sensor nodes and system network layer are vulnerable attack points.

5. Unprotected unpatched devices
Devices in use by your employees may not have firewalls or anti-virus programs installed. Unpatched and outdated software are also additional security holes.

6. Risks of unauthorized access and authentication
Unauthorized access to business data and lapses in the authentication process are some of the most common security breaches.

7. Illegal/unethical activities
If your employee or vendor with authorized access has mal intentions, he can indulge in the most unimaginable scenarios of data theft, data breach or damage.

8. The menace of social engineering
From email attachments and web links loaded with Trojans, to phishing and manipulated disclosure of passwords and sensitive information, this is the most dangerous, yet overlooked menace within an organization.

Types of insider risks
Security risks from insider behavior stem from accidents, negligence or malicious intent.

Accidental – The Verizon’s 2016 Data Breach Incident Report cites 30% of security incidents as accidental. When employees are not in the know of cyber security best practices, they may unwittingly put your business at risk by say, clicking on a malicious link, or as in Verizon, incorrectly setting the cloud storage to allow external access!

So an e-mail from what looked like the CEO, asking to pay £25,000 in a specified bank account, may be phishing, and the employee who opens the email may unknowingly cause a security risk.

Negligent – These are the insider threats that arise when your employees circumvent policies in place. For instance, your employees may be using unsecure public cloud applications for file sharing, opening you up to cybersecurity risks.

Malicious – Espionage, financial gain, or revenge are the prime factors responsible for deliberate malicious attempts at compromising business security. Unlike accidental and negligent risks, malicious insider threats are unexpected and yet, the most potent.

No room for complacency
Insider threats can remain undetected for years, as was found in the Expedia case, and very often hard to prove. Business leader and the C-suite executive thus need to have an internal cybersecurity strategy that minimizes risks of insider threats.

Have a Security Policy in place
Making cybersecurity a KPI ensures an employee-vested interest in data protection and security.

Strengthen your network access security protocols
A strong identity and access management (IAM) strategy reduces cyber risk by limiting employee access, adopting a strong authentication approach, and controlling privileges across the IT network.

Hack-proof / patch your connected devices
IAM strategies must also address the growing trend of personal and connected devices, by ensuring security compliance.

Minimize vulnerabilities of shadow IT

Implementing a fluid combination of technologies and practices can help cut down the risks of shadow IT.

Spread awareness
As much of insider threats come from lack of knowledge or a laid back approach to business networks, you must ensure effective training and awareness among your employees to ensure healthy practices.

Summary
With more and more cases of insider threats being discovered, businesses must understand the nature of threat perception from within. As a business leader, you cannot afford to be passive. Adoption of a robust cybersecurity strategy and a practice of internal security audits can help you reduce vulnerabilities and forestall network breaches.