Tag Archives: Cyber Attacks

70% of financial companies suffer cyber security incident in last 12 months

New research conducted by data security company Clearswift reveals that 70% of financial companies have experienced a cyber security incident in the past year, highlighting the serious threat that both data breaches and malicious attacks pose to the UK’s financial sector.

The research, which surveyed senior business decision-makers within enterprise financial organisations in the UK, found that almost half of the incidents reported over the past 12 months originated from employees failing to follow security protocol or data protection policies. This threat was biggest in mid-sized financial companies (with 3,000-4,999 employees) with 52% of respondents citing employee failure to follow corporate data protection policies as their biggest issue.

In addition to this, it was found that further causes of cyber security incidents within the financial sector included the introduction of malware and viruses via third party devices, including USBs and Bring Your Own Device (32%), file and image downloads (25%) and employees sharing data with unintended recipients (24%).

UKFinanceCyber

“The financial sector is the lynchpin of the UK’s economy and a vital part of our nation’s Critical National Infrastructure, so it’s alarming to see such high numbers of security incidents within financial organisations,” said Dr Guy Bunker, CTO at Clearswift. “Unfortunately, in this day and age it’s a case of ‘when’ not ‘if’ a firm is breached so the financial sector needs to shift gears and speed up the innovation and deployment of effective data protection and threat mitigation strategies.”

The numbers associated with security incidents are in stark contrast with further findings from the survey which revealed less than a quarter (23%) of respondents had an adequate level of budget allocated to cyber security within the firm. Unsurprisingly, 73% of respondents would like to see some – if not a significant – increase in their organisation’s cyber security spending.

Bunker added: “Whether it’s an inadvertent mistake, a malicious insider or an external threat actor that causes a security incident, the ramifications of data loss are extremely serious for any organisation. For those organisations who hold citizen data and their financial information, there’s a need for extra vigilance to protect that data no matter where it’s stored, how it’s processed or what digital collaboration channels it flows through. Understanding the latest threats and the potential consequences from next generation attacks will help drive the business case for investment in new technology to mitigate the risks.”

He continued: “Cyber security needs to rapidly evolve and the budgeting process should take this into account. The threat which can bring down a company may not have existed three months ago. Financial organisations need to be able to respond immediately in order to protect their reputation. While many areas of securing a company’s data can be improved by educating employees and developing clear policies and processes, technology plays a key role in mitigating today’s biggest threats through automating and enforcing security protocols. This requires investment. Great information security is a positive business differentiator and a driver of growth.”

Advertisements

Leave a comment

Filed under Risk Xtra

IDIS determined to focus on video cyber security at IFSEC International 2019

Network security and the threat of ‘cyber loopholes’ should be a top priority for video surveillance users, IDIS will tell visitors at IFSEC International. Launching a cyber security advisory video ahead of the show, the IDIS team at ExCeL in London from 18-20 June will also be on hand to demonstrate and explain how IDIS technology goes a step further to strengthen the resilience of traditional surveillance network processes.

IDIS will be highlighting the dangers of cyber attacks and the common vulnerabilities found in many surveillance set-ups – as well as showcasing a full range counter-measures – on Stand IF1110.

Users should plan for three specific risks, states the company: data access loopholes, data transmission weaknesses and the integrity of recorded footage.

“IDIS has consistently led the way in addressing cyber security concerns, taking a multi-pronged approach from R&D through to customer installation,” said James Min, managing director of IDIS Europe. “We’ve developed a rich, layered and comprehensive set of technologies and features to ensure maximum protection for end users.”

IDIS IFSEC Stand 2019 (1)

Visitors will see how IDIS DirectIP – the cornerstone of the IDIS Total Solution – closes-up widespread vulnerabilities and serves as a proprietary mutual authentication system for all IDIS IP products. IDIS DirectIP speeds up implementations and streamlines cyber security by eliminating the need for engineers to manage multiple IP addresses and associated passwords during implementation. It therefore mitigates human error and the common malpractice of saving passwords in vulnerable spreadsheets.

Using peer-to-peer technology, IDIS’ ‘For Every Network’ technology also lets engineers deploy and configure secure, multi-site surveillance solutions that use centralised monitoring and control without in-depth knowledge of routing or networking.

IDIS will also highlight the cyber security essentials for transmission and recording together with its own patented and proprietary technologies which prevent activities such as snooping, modification and the destruction of data.

James_Min_IDIS_Europe_MD

James Min

In addition, visitors to Stand IF1110 will learn how IDIS ensures the integrity of video recording, with its advanced ‘Chained Fingerprint’ technology authenticating footage such that it can be submitted to the police and the courts as evidence.

“Combined with these technologies, our industry-leading training programmes are helping installers and integration partners to work knowledgeably with devices and networks to ensure maximum cyber security for our end users,” concluded Min.

Leave a comment

Filed under Risk Xtra

NATO selects BlackBerry’s encrypted voice technology for secure calls

The NATO Communications and Information (NCI) Agency has awarded a contract for BlackBerry’s SecuSUITE for Government to encrypt the conversations of its technology and cyber leaders wherever they communicate – in the workplace, at home or when travelling abroad.

The NCI Agency helps NATO’s 29 Member Nations communicate securely and work together in smarter ways. It acquires, deploys and defends communication systems for NATO’s political decision-makers and Command Centres, working on the front lines against cyber attacks. Due to the classified nature of the information the NCI Agency handles, it’s critical that all communications remain secure, combating any opportunity for a cyber criminal to electronically eavesdrop on conversations.

BlackBerrySecusuite1

“As cyber criminals and state-sponsored actors become increasingly more sophisticated, we needed a highly secure way for our cyber leaders to have phone conversations with people inside and outside of our organisation regardless of where they are in the world,” said Kevin Scheid, general manager of the NCI Agency. “BlackBerry’s voice encryption technology helps solve this challenge and strengthens our elite cyber defence strategy.”

Dr Christoph Erdmann, senior vice-president of BlackBerry SecuSMART at BlackBerry, responded: “Eavesdropping on calls is one of the easiest ways to gain access to private information. We’re extremely proud that the NCI Agency, a world leader in the development and use of technology that keeps NATO nations secure, has put its trust in BlackBerry’s software to secure voice communication. No matter the operating system or ‘thing’ used to communicate, BlackBerry’s arsenal of cyber security technology ensures that our customers’ data remains private.”

BlackBerrySecusuite2

BlackBerry’s SecuSUITE for Government supports Android and iOS smart phones and tablets, and can be can be installed on-premise, in a Data Centre or in the cloud.

Use cases for the solution include: 

*Secure conferencing: Encrypts conversations between a secure conference bridge and a SecuSUITE for Government-enabled devices

*Secure landing: Encrypts mobile devices to a landline within a network

*Break-in: Protects any communication between a mobile or landline on the user’s home network to a SecuSUITE for Government-enabled mobile device

*Break-out: Secures mobile devices to the employee’s home network and from there to external mobile or landlines through PSTN extension

BlackBerryNATO

SecuSUITE for Government has been evaluated and certified to be compliant with the Common Criteria protection profile for VoIP applications and SIP servers. It has also earned a NIAP certification and has been placed on the NSA Commercial Solutions for Classified Program component list of products certified for use on classified systems.

*For more information on BlackBerry’s SecuSUITE for Government visit blackberry.com/government

Leave a comment

Filed under Risk Xtra

Dell “reinvents” endpoint security portfolio through strategic collaborations with Secureworks and CrowdStrike

Cyber criminals are continuously shifting their attack techniques to better target endpoints. As more than one-third (39%) of cyber attacks are now non-malware based, adversaries can exploit gaps in traditional anti-malware solutions used in isolation.

Considering that 50% of organisations also have insufficient endpoint or network visibility during incident response engagements, it’s clear many businesses are injecting ineffective security tools into their environments, ultimately adding complexity without directly addressing the problem.

These disconnected solutions require ongoing diligence and expert resources to analyse a multitude of security alerts and identify compromised devices. Yet, with the growing cyber security skills gap, businesses don’t have the resources needed to manage their security infrastructure effectively.

To help organisations in addressing these challenges, Dell is introducing Dell SafeGuard and Response, a portfolio of next generation endpoint security solutions that combines the managed security, incident response expertise and threat behavioural analytics of Secureworks with the unified endpoint protection platform from CrowdStrike.

Dell’s modern and effective approach designed to prevent, detect and respond to the shifting threat landscape makes it easy for organisations to protect their data with the industry’s most secure commercial PCs.

With Artificial Intelligence (AI)-driven and cloud-native endpoint protection powered by CrowdStrike and expert threat intelligence and response management by Secureworks, Dell SafeGuard and Response provides end user customers with the essential capabilities they need to protect their PCs and data. CrowdStrike endpoint security solutions prevent more than 99% of malware and non-malware-based threats, detect 100% of vulnerabilities and respond to sophisticated attacks rapidly.

DellLaptop

Secureworks’ RedCloak behavioural analytics are built into the prevention, detection and response capabilities, so customers benefit from an ever-smarter network effect of protection. When an emerging threat is discovered in one environment, countermeasures are created and deployed to all customers who may be affected. 

Prevent, detect and respond to threats

With Dell SafeGuard and Response, customers no longer need to worry about complex implementation involving numerous agents. Dell’s modern approach to security simplifies the buying process, allowing customers to order these new solutions alongside their new PC. Businesses will receive outstanding prevention combined with the ability to quickly detect compromised devices and remediate cyber incidents.

Customers can select from the following new Dell SafeGuard and Response solutions to meet their unique security needs:

CrowdStrike Falcon Prevent: This next generation anti-virus (NGAV) solution uses AI and machine learning to stop malware and malware-free attacks, offering organisations enhanced protection without requiring signatures and the heavy updates that come with them

CrowdStrike Falcon Prevent and Insight: In addition to the NGAV solution, customers can advance their threat prevention capabilities with Device Control and Falcon Insight, the leading endpoint detection and response solution. This enables full visibility into endpoint threat activity and real-time remediation designed to prevent, detect and investigate incidents and stop threats

Secureworks Managed Endpoint Protection: Combined with CrowdStrike Falcon Prevent and Insight and Device Control, this offer provides customers with 24×7 managed services from Secureworks to monitor the state of endpoints for indications of threat actor activity. Secureworks’ Security Operations Centre and Counter Threat Unit will investigate events to determine severity, accuracy and context to suggest remedial actions, in turn giving organisations peace of mind around the clock

Secureworks Incident Management Retainer: In the event of a serious security incident, Secureworks will deploy its on-demand incident response specialist team who are highly skilled to respond to and mitigate a cyber incident at any time. Now, organisations with and without SOCs can have the support and expertise needed in critical times. This service can also be used to build a proactive response plan for future security incidents.

Devices and data secure 

“Organisations are faced with what may feel like an exponentially expanding threat landscape and a mixed bag of solutions to fix it,” said Brett Hansen, vice-president and general manager of client software and security solutions at Dell. “To meet the evolving needs of our customers and stay ahead of ever-evolving threats, Dell is offering organisations the tools they need to keep their devices and data secure.”

Wendy Thomas, senior vice-president of business and product strategy at Secureworks, added: “Attacker techniques are becoming more sophisticated. Customers need managed solutions that are actively guarding against threat activity. Our modern approach with Dell ensures a co-ordinated defence against cyber threats at the scale and speed required for any customer’s evolving security needs beyond the network.”

Matthew Polly, vice-president of worldwide business development and channels at CrowdStrike, concluded: “Being selected by Dell is a testament to CrowdStrike’s market leadership and the proven value of our platform. Together, we are equipping customers with a unique and compelling solution to deliver an end-to-end approach to endpoint security that effectively stops threats, while also reducing enterprise complexity and modernising threat detection and management.”

*Dell SafeGuard and Response will be available globally in March through Dell and its authorised channel partners. Additionally, the comprehensive CrowdStrike Falcon platform can also be purchased through Dell

Leave a comment

Filed under Risk Xtra, Uncategorized

Barracuda Networks helps Leeds United FC to tighten up its cyber defence

Cloud-enabled security and data protection solutions specialist Barracuda Networks has been selected by Leeds United Football Club’s management team to help protect it from today’s advanced cyber threats.

Working with Leeds-based IT reseller and club sponsor Altinet, Barracuda Networks is providing Leeds United FC with its Message Archiver in order to make the storage and access of e-mails simpler, quicker and more secure. As well as being easy to set up and manage, the new e-mail archiving solution allows Leeds United FC to combine on-site hardware with cloud-based replication. This ensures that e-mail data is easy to recover in the event of an attack or data loss.

“As a multi-million pound business, we’re dealing with high volumes of important and confidential e-mails on a daily basis so we have to assume that we’re a high-value target for cyber attackers,” said Mark Broadley, head of IT and facilities at Leeds United FC. “Our legacy e-mail solution wasn’t providing a high enough level of protection, and had meant that staff within the HR and legal teams were spending a lot longer finding information than was needed. On the recommendation of Altinet, we were delighted to make Barracuda Networks the first signing of this very important project.”

LeedsUnitedFC

Barracuda Networks’ solution helps Leeds United FC to easily meet regulatory requirements and take complex discovery requests in its stride. This is particularly important given the club’s historical high turnover of personnel, and the need to find and read archived e-mails in minutes rather than hours or days.

Chris Ross, senior vice-president for international business at Barracuda Networks, said: “Being selected by Leeds United FC to improve and modernise the club’s data protection is an important accolade for us. With cyber attackers becoming ever-more sophisticated and data protection rising higher up the corporate agenda, it’s important that organisations replace legacy solutions and keep up-to-date with the latest threats.”

Ross added: “As it increasingly becomes about when you’re going to be attacked rather than if, data protection and recovery should form a key element of every organisation’s cyber security strategy. On top of keeping an eye on Leeds United FC’s cyber defences, we’ll be watching with interest and wishing the club the best of luck as it seeks promotion from the Championship back to the Premier League.”

Leave a comment

Filed under Risk Xtra

Egress Software Technologies CEO responds to ICO’s Data Security Incidents Report for Q2

On Friday 16 November, the Information Commissioner’s Office (ICO) published its Data Security Incidents Report for Q2 2018. Data security incidents, which are breaches of the seventh data protection principle or personal data breaches reported under the Privacy and Electronic Communications Regulations, are a major concern for those affected and a key area of action for the ICO.

On 18 July 2018, the Independent Inquiry into Child Sexual Abuse (IICSA) was fined £200,000 for revealing the identities of abuse victims in a mass e-mail. On 9 August, Lifecycle Marketing (Mother and Baby) Ltd, also known as Emma’s Diary, was fined £140,000 for illegally collecting and selling personal information belonging to more than one million people.

On 20 September, Equifax Ltd was fined £500,000 for failing to protect the personal information of up to 15 million UK citizens during a cyber attack in 2017 and, on 28 September, BUPA Insurance Services was fined £175,000 for failing to have effective security measures in place to protect customers’ personal information.

ICOLogoWeb

Tony Pepper, CEO of Egress Software Technologies, commented: “Looking at this report, it’s no surprise that the number of data security incidents filed to the ICO has continued to increase with no signs of plateauing. Overall, there has been a 29% increase in the number of reported data security incidents, from 3,146 between April and June 2018 to 4056 from July to September 2018. This demonstrates a 490% increase compared to the same quarter in 2017.”

Pepper continued: “Similar to the statistics we observed in the ICO’s previous report, this doesn’t necessarily mean that organisations are experiencing more incidents, but it definitely does mean that more are now being reported. The increased awareness for organisations to tread carefully has been fuelled by the General Data Protection Regulation, as well as the significant data breach incidents that recognisable brands have suffered in recent times.”

In terms of the monetary penalties, fewer fines were issued between July and September compared to those issued between April and June, with £875,000 issued under the Data Protection Act in the most recent complete three-month period.

Significant growth in data incidents

Although the report doesn’t summarise the type of incidents reported, it does detail the sectors that have experienced significant growth in these incidents. These include general business, which has experienced an increase of 87%, finance with 49%, insurance and legal with 63%, media with 633% and transport and leisure with 57%, while Government, at both the central and local level, experienced a 14% increase.

“We have also seen an organisation fined for unlawfully selling personal data, while Equifax was fined the highest amount under the Data Protection Act (£500,000) for a cyber attack that exposed the personal information of up to 15 million UK citizens.”

ElizabethDenhamICO

Information Commissioner Elizabeth Denham

Pepper added: “Clearly, there’s not only an issue with external attackers illegally obtaining and hacking an organisation’s systems to obtain data, but also with internal employees – and companies as a whole – misleading the population on why their personal data is being collected and how it will be used. As a result, organisations should be vigilant when it comes to ensuring data security protection is in place, and especially so to combat internal threats.”

Pepper feels that organisations should take a user-centric approach to data security, ensuring that every employee – from C-Suite executives to the average worker – is as security savvy as they need to be. This philosophy has been highlighted in recent Egress research, which revealed that 20% of an organisation’s employees don’t know what kinds of personal information should be protected when sharing data via e-mail.

“By taking a user-centric approach and equipping staff to protect personal data through technology that supports and secures the work they do,” urged Pepper, “as well as more training and awareness of what constitutes the mishandling of personal data, organisations will be able better placed to mitigate the chances of external and internal data security incidents.”

Leave a comment

Filed under Risk Xtra

UK’s SMBs battling average of five cyber attacks per annum

Small and medium-sized businesses (SMBs) in the UK have faced up to an average of five cyber attacks in the last 12 months. That’s according to research commissioned by online encryption specialists Appstractor Corporation that highlights the growing threat such businesses face from online criminals.

A significant number of IT decision-makers in these SMBs believe they’re being put at greater risk of attack because their security software isn’t keeping pace with the sophisticated nature of the attacks with which they’re confronted.

According to the new independent report entitled ‘Under Attack: Assessing the Struggle of UK SMBs Against Cyber Criminals’. some businesses (19%, in fact) faced as many as ten attacks in the last year. IT bosses who took part in the research survey suggested that one of the major causes for concern for SMBs in the UK is that security and encryption software is aimed at individual consumers or large corporations and Governments, meaning that they cannot be deployed effectively in a small business environment.

SMBCyberSecurity

In fact, only 44% of IT decision-makers in SMBs believe that they’re able to properly protect themselves against cyber criminals using current software and systems when compared to the ability of large businesses to protect themselves.

A third believe that the UKs small business community – which makes up 99% of businesses, according to the Federation of Small Businesses – is being “forgotten about” and placed at a higher level of risk when compared to their larger counterparts.

When it comes to the level of threat faced by these smaller companies, Appstractor Corporation’s research found that 17% of companies faced at least one attack in the last year, 28% were attacked two or three times, 32% faced four or five attacks and 19% were attacked between six and ten times.

A small proportion of companies – 2% – said that their company had been targeted up to 20 times in the last 12 months.

Commenting on the report, Paul Rosenthal (CEO and founder of Appstractor Corporation) agreed that current solutions were not up to scratch. but also said that some SMBs were making themselves an easy target for criminals.

“It’s the case that SMBs are at a disadvantage in the cyber security arms race because software and platforms are not being effectively designed for them, so they have to shoehorn consumer or large enterprise-grade solutions into their company which don’t work in small businesses. IT managers and small business owners need to rid themselves of their current ideas that they are too small to be targeted and so don’t have to worry about security and encryption software. The reality is that small businesses are being targeted by criminals more than ever before. Techniques like automated mass targeting are putting them at a serious and present risk of attack.”

*To access the full report click here

Leave a comment

Filed under Risk Xtra