Tag Archives: Crises Control

Social engineering “a top cause of cyber incidents” finds Cyber Resilience Report

Research commissioned by Crises Control from the Business Continuity Institute for its annual Cyber Resilience Report 2016 confirms much of what we already suspected about the changing nature of the cyber threat and the way that cyber criminals have found new ways to defeat corporate perimeter security.

66% of respondents to the survey reported that their companies had been affected by at least one cyber security incident over the last 12 months. The costs of these incidents varied greatly, with 73% reporting total costs over the year of less than €50,000, but 6% reporting annual costs of more than €500,000.

The increased difficulty of breaching perimeter security and the increased human resources available to cyber criminals has combined to produce a new point of attack. This is focused on the weakest link in the corporate security chain, which is now human beings rather than technology.

The term ‘social engineering’ describes this attack vector, which relies heavily on human interaction and often involves tricking people into breaking normal security procedures. The BCI research shows clearly that phishing (ie obtaining sensitive data through false representation) and social engineering is now the single top cause of cyber disruption, with over 60% of companies reporting being hit by such an incident over the past 12 months.

A further 37% were hit by spear phishing (ie phishing through identity fraud).

BCICyber

The research has also confirmed that, to effectively counter this threat, companies now need behavioural threat detection provided by a cyber security network monitoring solution. These plug-in devices monitor your network for signs of suspicious insider activity and failed attempts to hack into the system.

They can also provide invaluable intelligence to be acted upon proactively to nip a successful hack or insider threat in the bud.

Traditional anti-virus monitoring software is no longer enough. The BCI research shows that 72% of companies have this software in place, but only 26% of real cyber security incidents were actually discovered through this route. Much worse, 18% of incidents came to attention through an external source such as a customer, a supplier or the impact on a public website.

Network monitoring solutions are much more effective than anti-virus software in terms of alerting companies to a cyber breach, with 63% of businesses having network monitoring software in place and 42% of cyber incidents being brought to attention through the work of the IT Department to whom such systems report.

The scale of the cyber threat can feel overwhelming at times, but educating your own employees about the nature of the threat and then putting in place the right solutions can go a long way towards mitigating the social engineering threat and significantly enhancing your corporate cyber resilience.

The message is simple… Act now before it’s too late.

Advertisements

Leave a comment

Filed under Risk UK News

BCI European Awards 2017: Shortlist of finalists announced

The Business Continuity Institute (BCI) is pleased to announce the shortlist for the 2017 BCI European Awards. Some of the most outstanding business continuity and resilience professionals and organisations have made it to the final stage.

BCIEuropeanAwards

Continuity and Resilience Consultant 2017

Alberto Mattia (Panta Ray)
Petra Morrison (Daisy Group)
Werner Verlinden (Musena Consulting)

Most Effective Recovery 2017

BPER Banca
IBM
West Yorkshire Fire & Rescue

Continuity and Resilience Innovation 2017

Barclays Group Resilience
Crises Control
Everbridge

Continuity and Resilience Newcomer 2017

Elodie Huet (Arup)
Linda McAllorum (MUFG Investor Services)
Patrick Teves (Nestle Deutschland AG)
Timothy Dalby-Walsh (Needhams 1834)
Tinne Dewolf (Goffin Consulting)

Continuity and Resilience Professional (Private Sector) 2017

Joseph McClean (Ulster Bank)
Ken Clark (ARM)
Rob van den Eijnden (Philips)
Sarah Armstrong-Smith (Fujitsu)

Continuity and Resilience Professional (Public Sector) 2017

Carl Mayfield (Milton Keynes Council)
Rina Singh (NHS Professionals)
Russ Parramore (South Yorkshire Fire & Rescue)

Continuity and Resilience Provider (Service/Product) 2017

Alert Cascade
Business Continuity Training
ClearView Continuity
Send Word Now
Sungard Availability Services

Continuity and Resilience Team 2017

Aon
BT
Chief Fire Officers Association
Marks & Spencer

Sponsored by Sungard Availability Services, the BCI’s European Awards Gala Dinner and Ceremony takes place at The Principal Hotel in Edinburgh on Thursday 11 May. The awards will be presented by David Thorp, the BCI’s executive director.

Tickets to the event include reception drinks, a three-course meal with fine wines and the awards ceremony. Individual tickets costs £75.00 +VAT. Tables of ten are priced at £675 +VAT.

*To book your tickets for this event click here

Leave a comment

Filed under Risk UK News, Uncategorized

“Faster response times needed to combat cyber threat” finds BCI survey

Two thirds of respondents to a global survey carried out by the Business Continuity Institute report that they had experienced at least one cyber incident during the previous twelve months, while 15% stated they had experienced at least ten incidents during the same period.

The frequency of these cyber incidents demonstrates exactly why it’s so important for organisations to have plans in place to mitigate them or otherwise lessen their impact.

The Cyber Resilience Report, conducted by the BCI and sponsored by Crises Control, found that there was a wide range of response times for cyber incidents. Almost a third of organisations (31%) stated that they responded within one hour. However, one fifth (19%) take a worrying four hours or more in responding to a cyber event, while almost half (44%) take more than two hours to respond. This has clear implications for the time taken to return to business as usual, and the ultimate cost of the incident to the host organisation.

IntelligenceLedSecurity2

Even if businesses wish to respond immediately to a cyber attack, the nature of the attack may render them unable to do so. The research finds that phishing and social engineering are the top causes of cyber disruption, with over 60% of companies reporting being hit by such an incident over the past 12 months and 37% attacked by way of spear phishing.

The BCI has discovered that 45% of companies were hit by a malware attack and 24% by a Distributed Denial of Service episode. All these forms of attack will, in different ways, render an organisation’s own network either contaminated or inoperable. Their website may have been taken down and they may well have to switch off their Internet connection until they can secure themselves from further attack.

A detailed study of 369 business continuity and resilience professionals from across the world, the research also reveals that the costs of these incidents varied greatly, with 73% reporting total costs over the year of less than €50,000, but 6% reporting annual costs of more than €500,000.

David James-Brown FBCI, chairman of the BCI, commented: “This piece of research is one of the most timely, insightful and relevant the BCI has ever produced. Cyber attacks tend to target the weakest links of an organisation. That calls for a greater awareness of cyber crime. As the cyber threat evolves, it’s crucial to stay on top of it, building long-term initiatives and regularly updating recovery plans.”

Rickie Sehgal, chairman of Crises Control, added: “Rapid communication with employees, customers and suppliers is vital for any company in terms of responding effectively to a major business disruption event such as a cyber attack. When your business is at risk, even a one-hour delay in responding to an incident can be too long. Taking more than two hours to respond, as almost half of companies appear to do, is simply unacceptable.”

Leave a comment

Filed under Risk UK News, Uncategorized