Posts Tagged :

cyber security

Five: The average number of cybersecurity incidents UK business report each year

399 226 Stuart O'Brien

Attackers are seizing on vulnerabilities in hybrid working environments, creating more work – and also larger budgets – for security teams, despite organisations accelerating digital transformation projects.

The latest State of Security Report from Infblox, which surveyed 100 UK respondents in IT and cybersecurity roles in the UK as part of its global sample, discovered that the recent surge in remote work has changed the corporate landscape significantly.

In fact 64% of UK organisations have accelerated digital transformation projects in order to support remote workers since 2020. This is higher than the global (52%) average.  

  As part of this shift just under half (49%) of organisations have increased customer portal support for remote engagement and 43% have added resources to their networks and data basis. Given that over a third (34%) have close their physical offices for good, this investment may prove to be a strong strategic move.  

Cybersecurity still causing headaches   

An increased digital footprint inevitably brings increased digital risk and the reality of a hybrid workforce is causing headaches for IT teams and business leaders. The data reveals that the loss of direct security controls and network visibility has half (50%) of UK companies more concerned about data leakage than anything else. Almost as many (45%) are worried remote worker connections will come under attack.    

It appears that organisations have good reason to worry, given the report found that 61% experienced up to five security incidents in the last year. However, there is some good news: 66% report that these incidents did not result in a breach. This may be because 73% were able to detect and respond to a security incident within 24 hours.   

Of the 44% reporting a breach, insecure WiFi access (47%) was the biggest cause. The data also suggests that UK workers are continuing to fall for phishing scams. In fact 4 in 5 (82%) breaches reported in the last 12 months were caused by this attack method. Phishing usually signals the need for or failure of employee and customer security awareness training that require technological backstops  

Defense in depth   

Infoblox’s report discovered that the majority of organisations are investing heavily in security tools to protect their hybrid environments. In fact, 59% of respondents saw bigger budgets in 2021 and 64% anticipate an increase in 2022.   

Many are turning to defense-in-depth strategies, using everything from data encryption and network security to cloud access security brokers and threat intelligence services to defend their expanded attack surface. As part of this, almost half of organisations (47%) are relying on DNS (Domain Name System) to block back traffic.    

“The pandemic shutdowns over the past two years have reshaped how companies around the world operate,” said Anthony James, VP of Product Marketing at Infoblox. “Cloud-first networks and corresponding security controls went from nice-to-have features to business mainstays as organisations sent office workers to work from home. To address the spike in cyberattacks, security teams are turning to DNS security and zero trust models like SASE for a more proactive approach to protecting corporate data and remote devices.”  

The full report is available for download here.  

OPINION: Is the UK prepared for smart city threats?

960 640 Stuart O'Brien

By Professor Kamal Bechkoum (pictured), Head of the School of Computing and Engineering at University of Gloucestershire

People across the UK are increasingly living in smart cities – urban spaces packed with technology that receives, processes and transmits data on a 24/7 basis.

But despite the very real benefits on offer, the threat of cyberattacks to homes and businesses is increasing, writes Professor Kamal Bechkoum, Head of the School of Computing and Engineering at University of Gloucestershire:

On average we create 2.5 quintillion bytes of data, or one billion billion bytes, every day. Smart cities gather vast quantities of this ‘big data’ from digitally-linked objects and our online activities, and then use this to improve new services and products that aim to make city living better.

In ‘connected places’ this might involve any ‘Internet of Things’ connected system, ranging from better traffic management and pollution control, through to improved security, public transport and intelligent street lighting.”

Smart cities gather vast quantities of this ‘big data’ from digitally-linked objects and our online activities, and then use this to improve new services and products that aim to make city living better.

Although this offers the potential to transform our lives, it also comes with the same privacy concerns posed by any large-scale digital transformation.

While tracking, monitoring and automated systems can enhance safety, productivity and cost-effectiveness, potentially unethical and ongoing surveillance, along with the ever-present threat of cybersecurity breaches, can negatively impact people’s lives in new and unexpected ways.

The Cityware project, for example, tracked the physical interactions of 30,000 people using a combination of Facebook profiles and smartphone signals, resulting in reports that almost 250,000 owners of Bluetooth devices, mostly mobile phones, were spotted by Cityware scanners worldwide.

Privacy International, a UK charity with a stated aim of ‘defending and promoting the right to privacy across the world’ puts it like this: “Next time you’re lured into a coffee joint with the promise of free WiFi, be aware that what you are doing online could potentially be exposed especially, as is often the case, if the WiFi network does not require a passcode to get online.

“Unsecure networks like this make it easier for cybercriminals to eavesdrop on what you do online. You should also be aware of ‘rogue’ WiFi hotspots, which might deliberately use a name similar to the coffee shop you’re currently sitting in but has nothing to do with them. So be careful before you connect to ‘Stirbucks_wifi.’” It’s an easy slip-up to make.

Data generated by smart city infrastructure can even be culled from sources such as unprotected parking garages, EV charging stations or surveillance feeds, all of which offer cyber attackers targeted personal information that could be exploited for fraudulent transactions and identify theft.

A new report from the Department for Digital, Culture, Media & Sport shows that while cyberattacks are becoming more frequent, only 13% of businesses are using managed IT providers to review security risks.

In addition the National Cyber Security Centre (NCSC), a part of GCHQ, has published guidance for local authorities on how to secure connected places and notes that critical public services need to be protected from disruption.

One of the biggest challenges for smart city progression is a lack of technical skills, local authority funding, regulatory hurdles for large-scale projects, and low public trust in digital initiatives.

Research has found that security and privacy concerns have been raised about the use of smart city technologies, particularly those that collect data about citizens’ behaviour, public services or critical infrastructure.

Smart city projects may also raise inequality issues if the benefits or projects are not experienced equally by rural and urban communities, of if they disadvantage those without digital skills or access to digital technology such as smart phones.

The weakest link in any chain can have detrimental effects for an entire urban environment. To address this, councils and city planners should always invest in the data security of their cities’ critical infrastructure to minimise risk and ensure reliable and secure smart systems.

It is important to employ frameworks that promote a common security language wherever possible, and feature protocols for ‘Industry 4.0’ – shorthand for industrial digitalisation – that:

  • Identify specific security levels between cooperating partners and companies across a supply chain, covering the three essential cybersecurity components: People, processes and technologies
  • Include rigorous, transparent, and replicable testing of all new tools and technologies before they are introduced

These points are the minimum steps to take when introducing smart city living protocols. Longer term, if the UK is to move forward in the current hybrid divide that exists between office and home-working driven by the COVID-19 pandemic, there is an urgent need for legislative authorities and organisations to address their digital transformation plans.

Ultimately these actions are best guided by a strategy which addresses data-gathering legalities and key cybersecuritycomponents to ensure risk is appropriately managed at every stage of the process.

Protecting the Nation’s Critical Infrastructure’s Against Cyber Attacks is a key theme of this year’s University of Gloucestershire and C11 Cyber Security and Digital Innovation Centre ‘Cyber Tech Symposium’ on Thursday 7th July, 2022.

Government and educational institutions most vulnerable to cyber attack in 2021

960 640 Stuart O'Brien
According to the data presented by the Atlas VPN team, education and government organizations suffered most cyberattacks in 2021. At the same time, software vendors have experienced the largest growth in attacks compared to 2020. In addition, cybercriminals targeted corporate networks the most with Botnet attacks.
Education and research organizations were the most targeted industry in 2021, with an average of 1,605 weekly cyberattacks. Universities had to suspend classes due to suffered attacks, which impacted students, professors, and other staff members.
The government and military sector rank second with an average of 1,136 weekly cyberattacks. Government agencies hold tons of highly confidential data, which state-sponsored hackers can target to acquire desired information.
Communications organizations experienced an average of 1,079 attacks per week throughout 2021.
On the other hand, software vendors averaged just 536 cyberattacks. However, the average of attacks has significantly grown in the industry by 146% compared to 2020.
Cybersecurity writer at Atlas VPN Vilius Kardelis said: “After shocking large-scale cyberattacks in 2021, businesses must proactively react to the growing risks. Many governments have already expanded their cybersecurity budgets to deal with cyber threats and so should organizations. One successful cyberattack could cause devastating consequences to a company.”
Corporate networks under botnet attacks
Cybercriminals choose different attack methods based on what they are trying to accomplish.
Botnet attacks accounted for 31% of threats against corporate networks in 2021. A botnet is a group of malware-infected internet-connected devices controlled by a single operator.
Info stealers were responsible for 21% of cyberattacks targeted at corporate networks. As the name implies, info stealers are Trojan malware designed to gather data from the system.
Cryptominers accounted for 19% of attacks launched at corporate networks. Cryptocurrency miners are malware that uses a significant amount of GPU and CPU resources, causing your computer to run slower than usual.

Investing in channel support to survive the evolving security landscape

960 640 Stuart O'Brien

Security is a growing concern across every industry, particularly now with the growth of dispersed workforces around the world. Cyberattacks continue to increase and become more sophisticated, with businesses of all sizes needing to invest in the right support. This is even more crucial for small and medium-sized businesses (SMBs), who may lack the adequate internal resources and teams to protect themselves against such threats.

But, by partnering with an established Managed Service Provider (MSP) who can act as a trusted advisor to create a solid cyber security strategy, SMBs can benefit from the knowledge, skills and solutions available within the channel. MSPs, therefore, need to ensure they leverage this opportunity to support their end customers, while businesses crucially make the necessary investment to keep their network, data and people secure, as Mike Foster, Channel Manager, VIPRE, explains…

COVID-19 Transforms the Market

With businesses accelerating their digital transformation during the COVID-19 pandemic to ensure business survival and continuity, there has been a knock-on effect on cybersecurity strategies, which now must be prioritised and invested in. Over the past eighteen months, organisations have had to transition to working securely and efficiently from home, and then splitting their time between the office and remote work, in turn, creating new security challenges. This has demonstrated the crucial need for organisations to become more agile and have the ability to scale both up and down when regional rules change.

The importance of a secure and flexible workforce, one which is protected through layers of security and best practice, is key. This can be executed successfully by identifying existing weaknesses or gaps in infrastructure, which can be easily spotted by channel partners who specialise in cybersecurity. By leaning on an MSP, businesses can benefit from having access to the right support and advice, and MSPs, in turn, can offer the correct solutions to combat the challenges their clients face. This has led to organisations questioning issues such as; are the emergency measures put in place during the peak of the pandemic sufficient for long term secure and agile working practices? What tools do customers need to remain secure in the new modern hybrid working environment? It is clear that now is the time for businesses to reassess and build a flexible, future-proof plan.

The Trusted Advisor to SMBs

Smaller and medium-sized businesses often do not have the resources, time or dedicated teams to focus on their IT needs, while ensuring they have the right solutions in place to defend themselves against cyberattacks. They also do not think they are as much of a target for hackers, as they may not have as much revenue or data compared to larger and more corporate organisations, with 66% believing a cyberattack would be unlikely. However, according to Accenture’s Cost of Cybercrime Study, 43% of cyberattacks are aimed at small businesses, and only 14% are prepared to defend themselves.

Instead, by partnering with an MSP who can act as an external security partner for the SMB to help them achieve cyber resilience, the pressure and responsibility of defending the business against cyber threats will lay with the expert in the channel. This creates a unique opportunity for MSPs to guide customers on their cybersecurity journey and ensure they are receiving relevant education and have the right technology and tools in place to protect the business. It also helps the MSP to differentiate themselves from the ever-growing and competitive channel market, enabling them to become trusted IT security advisors for the businesses they support.

Critical Support Partner

Whether a business is big or small, investing in its cybersecurity foundations is not optional – it’s business-critical, especially in today’s threat landscape. By identifying the gaps in their cyber needs, or allowing an MSP to make these judgments, a strong infrastructure can be built upon the businesses existing setup. These solutions can be custom-built and tailored to each individual organisation, including email and endpoint protection, ongoing end-user training, as well as access services, such as ZTNA solutions.

With security breaches showing no signs of slowing down, MSPs must be constantly vigilant and develop cyber resilience approaches that go beyond deploying security solutions. This means having not only the market-leading technology available, but also the technical expertise to support business security plans and growth. MSPs must take a proactive role in understanding the current state of a customer’s ability to protect against, prevent and respond to modern cyber threats when recommending the best approaches to true cyber resilience.

For example, MSPs who roll out Office365 to their client base are not tapping into their customers’ needs for peace of mind when it comes to cybersecurity. Instead, they should add value to the partnership by emphasising good cyber security practices, providing the right tools and technologies and looking at specialist vendors – rather than providing a one-size-fits-all solution. Channel partners can both capitalise and draw on the importance of demonstrating to customers the benefits they bring by continuing their role as trusted advisors – resulting in growing their revenue while ensuring their key partner status.

Investing in Technology

An MSP’s portfolio should provide the correct tools and solutions businesses need to survive and thrive in the new normal. Businesses of all sizes prioritised their move to digital workspaces during COVID-19, including remote teamwork, learning and critical cloud infrastructure, with Microsoft’s Chief Executive saying that they’ve seen two years’ worth of digital transformation in two months. Innovative technologies can form the backbone of a workforce’s security foundations by adding layers of technology protection alongside employee tools and security awareness. Solutions can be embedded to prompt users to double-check their emails before a mistake is about to be made, for example, mitigating the risk of accidental data loss.

Additionally, security awareness training within businesses has become a security necessity. Without peer review or IT supervision, organisations need their users to be empowered to make good security decisions. Rather than a once-a-year cyber awareness course – often used to tick a compliance box – today’s businesses must invest in ongoing training, phishing simulations and solutions to help their employees make the right decisions – wherever they are working.

This is an important point for channel partners to take on board, as they have the power to ensure their customers’ end users are sufficiently trained in the threat landscape. Have they engaged in phishing penetration testing? Is sending an email to the wrong person an embarrassing mistake or a data breach? These are just some of the key questions MSPs should be asking when they look to fulfil their trusted advisor role. This is an area where partners will see real growth as businesses have woken up to the idea that with the right solutions, they can switch their employees from IT risks to IT assets, and the channel needs to ensure they have the necessary training and tools in place to help their clients make these decisions.

Conclusion

Organisations cannot be expected to stay one step ahead of cybercriminals and adapt to new threats on their own. Within the evolving cybersecurity landscape, it’s essential for businesses, especially SMBs, to find a partner that offers a varied portfolio of security offerings, as well as the knowledge and support, to keep their business data, workforces and networks secure.

By addressing pain points and providing assurance around the security of their working environments, channel partners can build and strengthen their existing relationship with their customers, while recognising the opportunity of additional revenue streams for their businesses. In turn, businesses can feel confident that they have the right technology, education and tools in place to combat the risk of cyberattacks and a trusted partnership they can rely on to keep them secure and agile.

Top five security predictions for 2022

1024 682 Stuart O'Brien

With the COVID-19 pandemic continuing to put businesses and society at risk, Andy Robertson, Head of Enterprise & Cyber Security, at Fujitsu UK&I, has laid out his top five predictions for 2022…

In these unprecedented times, organisations have needed to vastly adapt their security processes to the new ways of working and living. But just because the current security defences are able to withstand attackers now, that doesn’t mean cyber criminals won’t strike again in the future. Cyber criminals are always developing unique tactics to find and exploit new weaknesses.

As the UK still faces the COVID-19 pandemic, businesses are facing a hacking epidemic. For example, The National Cyber Security Centre’s (NCSC) 2021 annual review found that there were three times as many ransomware attacks in the first quarter of 2021 than in the whole of 2019. Current remote working practices have significantly changed the securitylandscape, but the need to keep everything connected and secure hasn’t changed. Businesses need to focus on embedding revised security measures right from the start so that their employees can keep operating securely, wherever they are in the world.

As we enter the third year, where the pandemic continues to impact organisations, here are my top five predictions cyber security in the coming 12 months…

  1. Trust will be maintained by Zero Trust Architecture in the hybrid working world  

2020 and the early part of 2021 were all about remote working. Moving into 2022, I expect to see more organisations embrace and establish hybrid working as the norm. New data from Glint reveals that 87% of employees would prefer to stay remote at least half of the time, even after it was safe to return to their workplace.

As organisations adapt to different working patterns and locations, this fairly new hybrid working approach introduces new security risks. A login from a remote location late at night – once considered suspicious – is now a much more common occurrence as hybrid workers balance work and life priorities.

To help reduce the risks and the burden of monitoring those risks, organisations should consider implementing a Zero Trust approach. It’s a remarkably simple concept. Businesses must assume that there will be a breach, that anything can be compromised, and that no-one is really who they say they are or is acting responsibly. This does not mean you don’t trust your employees, partners, suppliers, or customers – as people. It’s actually about knowing who they are, what they are doing, what technology they are using, and what level of authorisation they have for each thing they do, every time they do it, wherever they are doing it.

 

This means that data, systems, and equipment are treated equally and securely. It doesn’t matter where they are located, in your network or outside it. Nothing is trusted until you know it can be trusted.

  1. IT and OT cyber security will both be the CISOs concern 

In 2022, Operational Technology (OT) cyber security will be recognised as being as important as IT security for assuring business continuity. The number of large-scale attacks on OTs has grown in volume in 2021 – with 83% of critical infrastructure companies experiencing breaches in the last three years. I expect to see this continue in 2022 as cyber criminals seek to further exploit these potentially vulnerable systems that control critical processes – making them lucrative targets.

IT and OT cyber security will become a greater concern for the CISO as they seek to reduce overall risks for their organisation. The good news is that satisfying the new end-to-end cyber security paradigm brings benefits beyond pure risk mitigation. The cyber security measures an organisation deploys will become a key quality characteristic, which organisations will be required to demonstrate in order to be admitted to digitised supply chains.

CISOs will need to give the same attention to their OT security as they do IT to gain all of these benefits.

  1. True Business Continuity will require greater levels of collaboration and real-time insights

The COVID-19 pandemic reached an unprecedented scale and longevity that rippled through the way organisations operate, communicate, and safeguard against future disruptions. And these weren’t the only factors testing organisations’ continuity plans in the last 2 years. Society also simultaneously experienced civil unrest, wildfires, and hurricanes. This exposed weaknesses in organisations and demonstrated how historically siloed approaches to resiliency put organisations in grave danger. For instance, ransomware hackers targeted three US water facilities in 2021, which is concerning against the backdrop of droughts.

No one had a plan robust enough for 2020. It also prompted volatile and unpredictable market conditions. The pandemic not only demonstrated the interdependence of multiple areas of risk but showed organisations they must be vigilant about all disciplines simultaneously and holistically.

As we move into 2022, I expect to see more uncertainty and volatility that will stretch continuity plans. Organisations that want to build resilience and stability should bring together multiple disciplines such as business continuity, IT continuity/Disaster Recovery, risk management and procurement (supply chain) to collaborate on wider-reaching plans that facilitate real-time decision-making based on data instead of historic trends.

I also expect to see industries collaborating and regulators taking a greater interest in resilience across critical industries. A primary example of this is the operational resilience directive, released by the UK’s financial regulatory bodies, the Financial Conduct Authority (FCA), in partnership with Prudential Regulation Authority (PRA) and the Bank of England (BoE). This directive comes into effect in March 2022 for implementation, with full compliance being required in March 2025.

  1. The strongest form of defence… will come from being attacked 

To build organisational resilience against a rising tide of cyber threats in 2022, organisations will have to learn to think like cyber criminals. Cyber criminals are on the offensive and will always look for ways to exploit any weakness they find, without any regard for law and ethics. They rely on exploiting complacency and organisations focusing on agility at the expense of security.

One of the most critical vulnerabilities to watch out for in the years to come is the open source software Log4j. This vulnerability is currently leading to the compromise of systems and data and will continue to do so in 2022. Attackers will iterate on and develop exploits to target this vulnerability and deploy ransomware and bitcoin miners to successfully compromise systems. Log4j will likely be a target of further scrutiny by attackers and vulnerability researchers looking to identify other weaknesses within the logging utility.

To build the right defences, organisations must learn how to think like a cyber-hacker so that they can close down any gaps that could be exploited. Organisations should embrace attack simulations and wargaming, with a trusted security partner. That way, it will help them set up realistic scenarios, run them, and then learn from the results. A wargame is the simplest and best way to find gaps in your defences. What you learn in action strengthens your ability to avoid needing to take serious action in the future.

Working with security service providers that can deliver Breach & Attack Simulation services helps test the vulnerabilities and see how effective an organisation’s security posture is and where it needs to be strengthened, or even changed completely.

  1. Turning the tide on security alert fatigue

Covid has added to the urgency of many businesses’ migration to the cloud and boosted consumer adoption of cloud services, and that’s set to continue for a long time. One estimate predicts that the cloud computing market size will reach $1.2 trillion by 2028. Increased cloud consumption has been accompanied by an equally rapid increase in the number of threats and alerts from across those platforms.

Inevitably, in 2022 we will see more security alerts which will exacerbate the problem of ‘alert fatigue’ where IT security teams can become overwhelmed and miss the signs of a significant attack. The continuing skills shortage in the cyber industry combined with this fatigue means the organisations will need to think differently and provide greater incentive to explore the use of security automation solutions that can prioritise alerts and even enact pre-defined responses to reduce the burden for security professionals.

UK Cyber Security Council and SASIG partner for skills drive

960 640 Stuart O'Brien

The UK Cyber Security Council and the Security Awareness Special Interest Group (SASIG) have announce a new partnership to further enhance and develop careers, skills and training in cyber security.

The Council and SASIG will work together on key webinars and events designed to improve trust in the online environment and to harbour that trust they are committed to when it comes to education and knowledge sharing throughout the community. One of the forthcoming events that the Council will partner with SASIG on is their third Cybersecurity Skills Festival which takes place on Tuesday 22 February 2022. 

For those looking to re-skill into a new career sector, cyber security is an attractive option. With a new reliance on technology in all aspects of life, this means that a huge number of new technology-focused jobs are constantly emerging. Cyber security is a growing market, and it is estimated that the cyber industry will need an additional 3.5 million qualified professionals by 2023.

With skills, education and training in cyber security being firmly on the agenda for the work that the UK Cyber Security Council is doing, partnering with SASIG in this key area to help individuals transition into a career in cyber security was a natural choice.

Speaking of the partnership, Simon Hepburn, CEO of the UK Cyber Security Council, said: “We are delighted to partner with SASIG as we move forward with our careers and learning workstream. Getting more people to consider entering the cyber security industry is crucial, and we look forward to working with SASIG on this.  We will be launching a programme of joint activities in the coming months such as webinars and events and with skills, training and education in cyber security very high on the agenda for the UK Cyber Security Council, this was a very natural partnership that aligns with the core values of the UK Cyber Security Council perfectly.”
Martin Smith MBE, Chairman and Founder of SASIG, said: “It is a privilege to be working with the prestigious UK Cyber Security Council on the vital task of bridging the cybersecurity skills gap – in SASIG’s view, the single most important strategic challenge our profession faces. Our Skills Festivals have already established themselves as a successful way of bringing together those looking for new talent and those wanting to enter our dynamic and exciting profession, but there is much more to be done. This new partnership between SASIG and the UK Cyber Security Council will be central to these efforts.”

Americans lost a record $3.5bn to cybercrime in 2021 YTD

960 640 Stuart O'Brien
The wave of cybercrime is plowing throughout America with the biggest damages in history. Atlas VPN extracted data from publicly available government sources and found that US citizens already lost $3.49 billion to cybercrime in the first three quarters of 2021.
You don’t need to bring out the calculator – the damages come out to $12.78 million per day.
Edward Garb, a cybersecurity researcher at Atlas VPN explains the main driving forces behind the surge in cybercrime damages: “Cybercriminals are using the buzz around cryptocurrencies, NFTs, and the metaverse to trick people into investing in bogus projects that disappear after raising a hefty sum of money.”

The data for the analysis is based on reports submitted through the official Federal Trade Commission websites –  IdentityTheft.gov and ReportFraud.ftc.gov. Citizens can get help by receiving personal identity theft recovery plans.

Regarding monetary damages – the FTC does not resolve the allegations, but it does disseminate the information to over 3,000 law enforcement agencies across the United States for further investigation.

The analysis reveals that cybercrime damages sky-rocketed by 82.91% in 2021 compared to last year. To be exact, people lost $1.58 billion more (yes, billion) this year than they did in the same period in 2020.

These losses are a result of 1.6 million unique fraud and identity theft reports submitted to the Federal Trade Commission websites mentioned previously.  This means that the FTC has to deal with around 5,869 complaints every single day.
Last year, the number of reports stood at 1.09 million after the first three quarters of the year, which is around a third less than in 2021. Back then, they had to go through 3,981 complaints daily.
To better understand the current cybercrime landscape, Atlas VPN analyzed which crimes caused the most trouble.
It already noted that investment-related crimes are on the rise due to countless projects in the crypto, NFT, and metaverse markets. This year, US citizens lost a staggering $956 million to these types of scams, representing a 277.87% growth YoY.

What role does cyber security play in digital transformation?

918 612 Guest Blog

Richard Menear, CEO, Burning Tree

The capabilities of modern technology have continued to progress, with widespread digitisation sweeping through almost every aspect of our lives. Digital transformation takes digitisation one step further, integrating technology into each business area — including improving operations, refining the customer experience and fostering a more cyber-aware workforce.

And although digitisation was underway before the COVID-19 pandemic hit in 2020, many organisations — from universities to food delivery companies — were forced to ramp up this process and embark on total digital transformation in response to new remote working requirements and changing consumer behaviour. So much so that the adoption of technology sped up by three to seven years in the space of mere months as organisations raced to implement the latest software.

But in the modern world, simply adopting new technology or software into your business is not enough to keep pace with competitors. For a fully integrated digital transformation to succeed, IT professionals and business leaders must ensure security is built in at every stage — or risk falling foul of increasingly sophisticated cyber attacks.

What does digital transformation entail?

When a business undergoes digital transformation, its IT becomes the central hub for all its operations. Digital transformation will look different for every business (and even vary between teams within the same company) but generally involves a complete rethinking of how organisations operate using technology.

Digital transformation might mean investing in IT departments, building a new mobile application or e-commerce site, or implementing DevOps or Agile programs to improve system functionality. Whatever the case may be, the point of digital transformation is to embrace the improved agility, scalability and flexibility that modern technology has to offer to automate critical processes and make a business more efficient as a whole.

Without adopting technologies such as the Cloud or the Internet of Things (IoT), many businesses of all sizes and sectors will struggle to keep up with the demand for digital, as physical legacy systems become outdated and unable to support growth. In fact, what was once considered best-in-class adoption speed, even just a few years ago, is now slower than the average for most businesses.

An effective digital transformation will allow a business’ IT to contribute to offerings and generate revenue — not just prop up existing functions. Plus, by streamlining processes and building the infrastructure necessary to do so, technology can improve communication, customer service and, most importantly, security. But only if security is built in from the outset…

When can digital transformation threaten security?

In a rush to get the newest technology and software online, many businesses make cyber security an afterthought — leaving them and their customers vulnerable to attack.

In the past year, there have been a staggering number of cyber attacks in the UK alone. Microsoft’s Exchange servers were famously corrupted in 2021, claiming at least 60,000 known victims around the world before the breach was detected. Even schools have fallen victim to hackers, such as six schools in the Isle of Wight recently compromised by a ransomware attack.

And it is not just the large corporations at risk; small and medium-sized enterprises (SMEs) are regularly subjected to hacking attempts. Around 65,000 attacks are carried out every day in the UK — approximately 4,500 of which are successful.

So, as IT infrastructures grow in size and companies lean on cloud-native technology for daily functions, new systems must have the capability to identify and mitigate security risks at an early stage of software lifecycles. Otherwise, application vulnerabilities could introduce an unacceptable amount of risk and prevent a system from keeping pace with changing threats and developments, negating the purpose of implementing new technologies in the first place.

Therefore, effective digital transformation must involve a complete overhaul of how businesses think about security — from educating a more cyber-aware workforce to securing the appropriate budgets for IT departments and cyber security software.

Cybersecurity: The crucial double check 

918 612 Stuart O'Brien

Cybersecurity has quickly become the world’s fastest growing form of criminal activity, and is showing no sign of slowing down with the number of attacks on businesses continuing to increase. COVID-19 has acted as a catalyst for this, with hackers taking advantage of remote workers during challenging times.

Despite innovations and sophistication in hacking methods, one of the main means of data loss is insiders, including employees making mistakes. Humans make errors – stressed, distracted employees will make even more mistakes. And with sensitive information on the line, such as regulatory compliance to safeguarding Intellectual Property (IP), companies are increasingly concerned about the risk of inadvertent data loss. But how can this threat be mitigated?

Andrea Babbs, UK General Manager, VIPRE SafeSend, emphasises the importance of implementing a crucial double check to improve email security culture…

Human Error 

Business reliance on email is creating a very significant cyber security risk – and not simply due to the increasing volume and sophistication of phishing and ransomware attacks. Given the sheer volume of emails sent and received a day (over 300 billion every day in 2020), mistakes are inevitable. Employees are trusted with company-sensitive information and assets, and many are permitted to make financial transactions – often without requiring additional approval. Furthermore, with strict data protection requirements in place, not only GDPR, but also industry specific regulations, organisations clearly require robust processes to mitigate the risk of inadvertent data loss.

According to reports, 34% of all breaches are caused by insider fault, yet many employees are unaware of their responsibility when it comes to data protection. Should confidential corporate information fall into the wrong hands, the consequences could be devastating, including financial penalties, loss of trust and competitors gaining an advantage. BitMEX, one of the world’s largest cryptocurrency trading platforms accidentally leaked thousands of private customer email addresses when they sent out a mass mailshot without using the BCC function. But how could this mistake be stopped? What employees need is a way to better manage their email functions, with an opportunity for potential mistakes to be flagged before an individual hits send, for example showing who is in the to, cc and bcc fields.

Additional Layers 

Few organisations have a clear strategy for helping their employees understand how a simple error can put the company at significant risk; even fewer have a strategy for mitigating that risk and protecting their staff from becoming an insider threat. But more importantly, what they may not be aware of is that there is a solution available that can add a layer of employee security awareness.

Businesses can help employees avoid simple mistakes, such as misaddressed emails, by providing a simple safety check, which alerts users to confirm both the identity of the addressee(s) and, if relevant, any attachments. The solution can be configured to work on a department or user basis, for example, a business may not want HR to be able to mistakenly send sensitive personal information to anyone internally and therefore require a confirmation for all emails.

In addition to confirming email addresses and attachment(s), the technology can also check for keywords within the email content using Data Loss Prevention rules, and each business can set its own requirements and parameters determined by corporate security protocols. Any emails, including attachments containing these keywords, will be flagged, requiring an extra process of validity before they are sent without impeding working practices, and providing users with a chance to double check whether the data should be shared with the recipient(s).

The Essential ‘Pause’ Moment 

Deploying an essential tool that prompts for a second check and warns when a mistake is about to be made helps organisations mitigate the risk of accidental error, and the potentially devastating consequences that might have on the business. Accidentally CCing a customer, rather than the similarly named colleague, will be avoided because the customer’s domain will not be on the allow list and therefore automatically highlighted. This is more crucial than ever before with employees dispersed across a range of locations as part of hybrid working. Such tools can support mixed operating system environments and DLP add-ons can be given to certain departments and groups who handle very sensitive information such as employee or legal data.

This type of tool is key for companies and reinforces a security culture, building on education and training, with a valuable solution that helps users avoid the common email mistakes that are inevitable when people are distracted, tired or stressed. It provides an essential ‘pause’ moment, enabling individuals to feel confident that emails have been sent to the right people and with the right attachments.

In addition to checking the validity of outbound and inbound email addresses and attachments, it can also support in minimising the risk of staff falling foul of a phishing attack. For example, an email that purports to come from inside the company, but actually has a cleverly disguised similar domain name, such as receiving an email from V1PRE, as opposed to VIPRE. The technology will automatically flag that email when the user replies showing that it is not from an allowed domain, enabling the user to cancel send and avoid falling for the phishing attack.

Conclusion

Email is arguably the key productivity tool in most working environments today, placing much of the responsibility for secure use of that tool on employees. But supporting staff with an extra prompt for them to double check they aren’t mistakenly sharing confidential data helps to raise awareness, understanding and provides that essential security lock-step – before it’s too late. The premise is not to add time or delay in the day to day management of email; it is about fostering an attitude of awareness and care in an area where a mistake is easily made

No organisation is immune to human error, but by having a clear strategy in place to address the issue of misaddressed emails and data loss through emails, as well as mitigating the associated risks helps businesses to remain compliant and secure. It’s all about increasing awareness and improving email culture where mistakes can so easily be made, while reinforcing compliance credentials.

UK holds Chinese state responsible for ‘pervasive pattern of hacking’

960 640 Stuart O'Brien

The UK is joining what it calls likeminded partners to confirm that Chinese state-backed actors were responsible for gaining access to computer networks around the world via Microsoft Exchange servers.

The attacks took place in early 2021, affecting over a quarter of a million servers worldwide.

The government says the attack was highly likely to enable large-scale espionage, including acquiring personally identifiable information and intellectual property.

At the time of the attack, the UK says it quickly provided advice and recommended actions to those affected and Microsoft said that by end of March that 92% of customers had patched against the vulnerability.

The UK is also attributing the Chinese Ministry of State Security as being behind activity known by cyber security experts as “APT40” and “APT31”.

Widespread, credible evidence demonstrates that sustained, irresponsible cyber activity emanating from China continues.

The Chinese government has ignored repeated calls to end its reckless campaign, instead allowing its state-backed actors to increase the scale of their attacks and act recklessly when caught.

This coordinated action today sees the international community once again urge the Chinese government to take responsibility for its actions and respect the democratic institutions, personal data and commercial interests of those with whom it seeks to partner.

The UK is calling on China to reaffirm the commitment made to the UK in 2015 and as part of the G20 not to conduct or support cyber-enabled theft of intellectual property of trade secrets.

As part of a cross-Government response, the National Cyber Security Centre (NCSC) issued tailored advice to over 70 affected organisations to enable them successfully to mitigate the effects of the compromise.

In 2018, the UK government and its allies revealed that elements of the Chinese Ministry of State Security (MSS) were responsible for one of the most significant and widespread cyber intrusions stealing trade secrets.

Foreign Secretary Dominic Raab said: “The cyber attack on Microsoft Exchange Server by Chinese state-backed groups was a reckless but familiar pattern of behaviour. The Chinese Government must end this systematic cyber sabotage and can expect to be held account if it does not.”