DNS attacks cost finance firms millions of pounds a year

Average cost of recovering from a single DNS attack is $924,390 for a large financial services company, survey shows

 Average cost of recovering from a single DNS attack is $924,390 for a large financial services company, survey shows

 

The costs of restoring services after a DNS (Domain Name System) attack are higher for financial services firms than for companies in any other sector.

According to a survey of 1,000 large financial services firms in Europe, North America and Asia Pacific, the average cost of recovering from a single DNS attack is $924,390 for a large financial services company.

The survey, carried out by network automation and security supplier EfficientIP, and its subsequent 2018 Global DNS threat report found that the average cost of recovery for such finance firms had increased by 57% compared with last year.

It also revealed that financial services firms suffered an average of seven attacks each last year, and 19% of them were attacked more than 10 times.

The survey found that finance firms took an average of seven hours to mitigate a DNS attack and 5% of them spent a total of 41 working days mitigating attacks in 2017. More than a quarter (26%) lost business because of the attacks.

The most common problems caused by DNS attacks are cloud service downtime, compromised websites and internal application downtime.

David Williamson, CEO at EfficientIP feels that the DNS threat landscape is continually evolving, impacting the financial sector in particular. This is because many financial organisations rely on security solutions that fail to combat specific DNS threats.

Financial services increasingly operate online and rely on internet availability and the capacity to securely communicate information in real time. Therefore, network service continuity and security is a business imperative and a necessity.

The UK’s Financial Conduct Authority voices concerns about weaknesses in banks’ IT systems.

There was a 48% rise in the amount of money stolen from UK online banks in 2014, as criminals pilfered more than £60m. But IT security teams at large finance firms have to balance their resources in the face of increasing cyber threats. A survey commissioned by VMWare earlier this year showed that 90% of IT security professionals in financial services have to make compromises that could leave other areas of their organisation exposed to cyber threats, and half admitted doing this regularly.

Types of DNS attack include:

  1. Zero day attack – the attacker exploits a previously unknown vulnerability in the DNS protocol stack or DNS server software.
  2. Cache poisoning – the attacker corrupts a DSN server by replacing a legitimate IP address in the server’s cache with that of another, rogue address in order to redirect traffic to a malicious website, collect information or initiate another attack. Cache poisoning may also be referred to as DNS poisoning.
  3. Denial of service – an attack in which a malicious bot sends more traffic to a targeted IP address than the programmers who planned its data buffers anticipated someone might send. The target becomes unable to resolve legitimate requests.
    Distributed denial of service – the attacker uses a botnet to generate huge amounts of resolution requests to a targeted IP address.
  4. DNS amplification – the attacker takes advantage of a DNS server that permits recursive lookups and uses recursion to spread the attack to other DNS servers.
    Fast-flux DNS – the attacker swaps DNS records in and out with extreme frequency in order redirect DNS requests and avoid detection.

If you want to save yourself stress, money and a damaged reputation from a cyber incident – for a cyber security incident prevention, protection and training please ring us now on 03333 393 139 or email assist@cyber139.com or complete the form on our contact page NOWContact Cyber 139

 

O2 crash proves that humans are the weakest link in cyber security

The O2 mobile network failure that took out data access for some 30 million people recently was caused by an expired software certificate.

The O2 mobile network failure that took out data access for some 30 million people recently was caused by an expired software certificate

No programming error, no undiscovered bug, no malicious interference, but one of the most basic systems administration mistakes you can imagine. Someone somewhere just forgot to renew a certificate.

As a wise voice once said, there’s no patch for stupidity. And herein lies the great unspoken conundrum at the heart of the digital revolution.

Computers go wrong.

Why? Because they’re designed, manufactured, programmed, configured, secured and operated by the most fallible, unpredictable and unreliable resource in the technology world – people.

Of course, it’s those same people who every day ensure that the IT systems supporting every company and government in the world work mostly as intended, who keep the internet running and protect the vast majority of our personal data.

That’s because people are pretty good at computers these days. But we’ll never be perfect.

The job of running IT systems is becoming increasingly abstracted from the technology – virtualisation, cloud, containers, serverless, orchestration, all these trends aim to remove that human fallibility from everyday tasks. Not forgetting that it still takes another human somewhere to make those technologies work in the first place.

Much as artificial intelligence (AI) and automation are replacing or augmenting corporate jobs, so the IT department will see further dramatic change as more of its responsibilities are taken over by software robots. Of course, those software robots were created and programmed by humans too.

And they aren’t exactly perfect – as the Amazon workers in a New Jersey warehouse found out this week, when a robot accidentally punctured a can of bear repellent, sending 24 staff to hospital.

There is, correctly, much debate about ethics in AI and technology, not least the need to prevent human bias from becoming too infused in the algorithms they rely on.

People outside IT are taking more of an interest in the workings of IT than ever before. It’s fair to assume those non-IT types are pretty fallible too.

The outage was a small reminder of how reliant most of us have become on technology.

When O2 went down, there was much humour taken from the sight of people trying to consult paper maps to find their way around, and attempted insights from those who found a whole new world beyond the smartphone they’d been glued to until then.

For all the great advances of recent decades, it’s going to be a long time before we no longer see headlines screaming “computer crash”. Whether through malice or simple error, human fallibility is a part of our digital future too.

If you want to save yourself stress, money and a damaged reputation from a cyber incident – for a cyber security incident prevention, protection and training please ring us now on 01242 521967 or email assist@cyber139.com or complete the form on our contact page NOWContact Cyber 139

GCHQ warns of cyber security scams on Black Friday

GCHQ has issued an warning of cyber security scams on Black Friday.

GCHQ has issued an warning of cyber security scams on Black Friday.

Black Friday sales could be targeted as easy pickings for cyber-crime, according to Cheltenham-based GCHQ.

The National Cyber Security Centre, part of GCHQ, is advising shoppers of the risk of online threats. It is the first such official cyber security warning in the run up to Christmas.

GCHQ wants to start a “national cyber-chat” today (Black Friday), when billions are spent online. Known for working in secret, the agency wants to be open and engage with the public over the seriousness of the threat.

The National Cyber Security Centre has tackled more than 550 significant cyber incidents over the past year, and has taken down almost 140,000 “phishing” websites.

The National Cyber Security Centre (NCSC) is giving tips for shoppers to avoid cyber-crime – and for the first time it will be publishing answers to questions from the public on Twitter.

The agency recently warned of a serious and sustained threat from elite hackers in other countries, which could include the theft of millions from retailers and attacks on the financial networks the shops depend on.

The British Retail Consortium is backing the calls for better cyber security during the Christmas shopping season, and retailers continue to invest heavily in protecting themselves against cyber-threats.

The National Cyber Security Centre’s advice to reduce the risk of cyber crime is:

  • Install the latest software and app updates
  • Type in a shop’s website address rather than clicking on links in emails
  • Choose strong and separate passwords for accounts
  • Keep an eye on bank accounts for unrecognised payments
  • Avoid over-sharing unnecessary information with shops, even if they ask
  • Make sure all your home gadgets are secure

If you want to save yourself stress, money and a damaged reputation from a cyber incident – for a cyber security incident prevention, protection and training please ring us now on 01242 521967 or email assist@cyber139.com or complete the form on our contact page NOWContact Cyber 139

UK business in the dark on impact of cyber security attacks

UK businesses so not understand the resilience required to withstand cyber security threats, a study shows.

UK business in the dark on impact of cyber security attacks

While 99% of UK business leaders believe that making technology resilient to business disruptions is important, only 54% claim their organisation is as resilient as it needs to be, a study has revealed.

In recent years, the security industry has increasingly recognised the importance of focusing on resilience to ensure that when defences are breached, organisations are able to reduce the impact on the business.

A fifth of more than 1,000 UK business decision makers polled by security firm Tanium admitted they would not be able to calculate indirect costs from lost revenue and productivity following a cyber attack.

The Tanium resilience gap study also found that there are more barriers to achieving the resilience that 97% of respondents believe to be important, with 38% of respondents blaming their organisation’s growing complexity as one of the biggest barriers to building business resilience, while 21% blame siloed business units.

Asked about their team and tools, 35% of respondent said the issue lies with the hackers being more sophisticated than IT teams, 21% claim that they do not have the skills needed within the company to detect cyber breaches accurately in real time, and 27% said poor visibility of entry points is a barrier to resilience.

Business resilience is fundamental to any strategy for long-term growth, yet the findings suggest that many UK businesses still have a long way to go.

The study also revealed gaps in accountability and trust across organisations.

One of the main reasons organisations are unable to achieve business resilience against disruptions such as cyber threats is due to growing confusion internally on where the responsibility for resilience lies.

More than a quarter (28%) believe it should be the responsibility of the CIO or head of IT, the same proportion said every employee should be responsible, while 13% said full responsibility lies with the CEO alone. One in 10 (11%) believe it falls to senior leadership.

Businesses are becoming entirely dependent on their technology platforms. But if that technology stops running, the business will too, with potentially serious consequences for sales, customer confidence, and brand equity, not to mention productivity.

To deliver resilience, a new discipline needs to be instilled across governments and enterprise organisations. This discipline is more than prevention. It’s more than recovery. It’s a shared practice that should unite IT, operations and security teams to ensure strong security fundamentals are embedded across the entire company network. Only then can organisations act and react in real time to threats.

If you want to save yourself stress, money and a damaged reputation from a cyber incident – for a cyber security incident prevention, protection and training please ring us now on 01242 521967 or email assist@cyber139.com or complete the form on our contact page NOWContact Cyber 139

NSCS warns about business’s third party cyber security risks

GCHQ’s NCSC warns that third party suppliers may be businesses’ biggest cyber security risk.

GCHQ's NCSC warns that third party suppliers may be businesses' biggest cyber security risk.

Despite spending millions on cyber security enhancements and compliance around the General Data Protection Regulation (GDPR), organisations remain reluctant to address the weakest link in their IT security environment – their supply chain and associated third-party relationships.

A report in October from the UK National Cyber Security Centre revealed that the GCHQ offshoot had stopped almost 1,200 attacks in the past two years and is fighting off around 10 attacks every week.

Addressing third party cyber security risks are challenging and significant.

For larger organisations, procurement decisions are usually made without input from those responsible for cyber security, and such agreements can provide access to critical systems via open application programming interfaces (APIs) and other interaction mechanisms.

Supplier relationships are also overwhelming without a standard process to manage cyber risk when the relationship is via an arms-length contractual arrangement. Many organisations are struggling to address their internal network security issues and have not sufficiently considered the risks beyond their own network.

But third party cyber security risk is too significant and too dangerous an issue for board members to continue to overlook.

NIS Directive
Current regulatory initiatives including the Networks and Information Systems (NIS) Directive and GDPR require organisations to take responsibility for ensuring that external suppliers have implemented adequate cyber security measures.

Both NIS and GDPR require notification to the Information Commissioner’s Office (ICO) no later than 72 hours after an organisation is aware of a data breach or a cyber incident having a substantial impact on its services.

Many data breaches affecting large organisations occur within a third party service provider. Organisations that do not have the contractual provisions and processes in place with these suppliers to secure the necessary information surrounding the data breach are unlikely to meet the 72-hour deadline.

Missed deadlines and poor or inaccurate information reveal due diligence and contractual failures. These failures increase the risk of a regulatory investigation and significant financial penalties.

But regulatory fines are just the beginning. There are also civil liabilities, as well as loss of consumer trust and investor confidence that result from a cyber breach. Under GDPR, individuals can claim compensation for material and non-material damage.

A data controller is jointly and severally liable for the damage if it was in some way also responsible for a breach due to unlawful processing by a data processor.

To mitigate these risks, organisations that outsource cyber security functions should comprehensively review their third party contractual arrangements and revise their internal procurement processes and procedures to include cyber security assessments. These reviews should, at a minimum, assess, document and monitor these agreements.

Cyber threats are on the rise in both number and complexity. They are purposely attacking the supply chain. Recent regulatory approaches under NIS and GDPR require organisations to take an active role overseeing their third-party providers.

Failure to do so can result in regulatory fines, civil liabilities and reputational loss. Investing human and financial capital now to assess and mitigate risk can help significantly reduce these liabilities, protect an organisation’s reputation and strengthen consumer trust.

If you want to save yourself stress, money and a damaged reputation from a cyber incident – for a cyber security incident prevention, protection and training please ring us now on 01242 521967 or email assist@cyber139.com or complete the form on our contact page NOWContact Cyber 139

Investors target Board Directors for cyber security incidents PT2

Investors are growing concerned that directors are ill prepared for cyber security incidents and technological challenges.

Investors target Board Directors for cyber security incidents

An investor “We want the board to be tech savvy, but we wouldn’t just want it to be a tech board. Our fear is they appoint a tech expert but then no one else on the board is engaged. We want to understand the extent to which all the board is competent.”

Earlier this week, British Airways was forced to vow to compensate passengers after it revealed hackers had stolen data relating to about 380,000 customers from its website and mobile app during a two-week period in August. The data included personal and financial details.

Companies ranging from Equifax to JPMorgan Chase have all suffered data breaches in recent years. Meanwhile, large multinationals from Moller-Maersk to Reckitt Benckinser and FedEx were all forced to warn shareholders that the NotPetya cyber attack in 2017 had hurt profits, potentially costing each company hundreds of millions of dollars.

Ovidiu Patrascu, research analyst at Schroders, says it is crucial that companies have well-resourced cyber security teams that should ideally report directly to the highest levels of the organisation.

“As seen in a number of recent high-profile public failures, data breaches often uncover poor governance practices and weak management at the heart of companies, while also hitting their revenues and intangible assets such as reputation and trust,” he says.

“Cyber risk should also not just be the preserve of tech specialists — company boards also need to ensure they understand and can effectively oversee these very particular risks,” he adds.

A 2017 study by the Ponemon Institute, a research centre, found that there had been a 22.7 per cent rise in the cost of cyber security for businesses in just one year. It also found a 27.4 per cent rise in the number of data breaches at businesses, based on 2,182 interviews from 254 companies in seven countries — Australia, France, Germany, Italy, Japan, the UK and the US.

A follow-up study in 2018 found that the average cost of a data breach globally is $3.86m, a 6.4 per cent increase from the 2017 report. It also warned that so-called “mega breaches”, ranging from 1m to 50m records lost, could cost companies between $40m and $350m to deal with.

For many investors, the fact that a huge technology company such as Facebook could suffer a data breach has hit home how vulnerable smaller or less tech-savvy businesses could be. In July, Britain’s Information Commissioner’s Office hit Facebook with its first financial penalty over the data leak to Cambridge Analytica, accusing the social network of breaking the law.

A big investor at a large asset manager says that he wants boards to be able to explain where their key vulnerabilities are and whether they have stress tested the financial impact of tech issues. “We think every board member should be able to speak about this issue. They need to know where they are vulnerable, what the impact could be and how the board would respond,” he adds.

Mr Krefting says he wants the businesses M&G invests in to clearly outline in their reports and accounts what risks they face when it comes to technology and cyber security. “When we talk to companies about this, they often clam up — either because the CEO or chair doesn’t know about it or it is delegated to the chief information officer or someone below the board, or they say this is too sensitive.”

But he adds: “We want policies on governance and structures and how they are approaching cyber. We don’t necessarily need to know how many times they were faced with attempted hacks last week, but we want to see processes and that they are doing testing and that the right controls are in place.”

This article was first published by the Financial Times at https://www.ft.com/content/c70caa94-2d88-3ece-b802-79e9bac2f32c.

If you want to save yourself stress, money and a damaged reputation from a cyber incident – for a cyber security incident prevention, protection and training please ring us now on 01242 521967 or email assist@cyber139.com or complete the form on our contact page NOWContact Cyber 139

Cyber security criminals outspend businesses in security battles

Cyber security criminals are spending 10 times more money finding weaknesses in the cyber defences of organisations than the organisations they target are spending on protecting against attack.

Cyber security criminals are spending 10 times more money finding weaknesses in the cyber defences of organisations than the organisations they target are spending on protecting against attack.

Research from Carbon Black carried out in August also asked 250 UK-based CIOs, CTOs and CISOs about the attacks they faced over the past 12 months.

In total, 92% of UK businesses have had cyber security breaches in the past year and nearly half off those reported falling victim to multiple breaches (three to five times in the past year).

A total of 82% of respondents said they have experienced more attacks this year than last year. In the financial services sector, 89% said this is the case, while 83% of government organisations and 84% of retailers had also experienced an increase in the number of attacks.

Malware was the most common attack on the UK organisations surveyed, with about 28% experiencing at least one such attempted breach. Ransomware was the next most common, with 17.4% reporting at least one attack.

“Following a global trend, cyber attacks in the UK are becoming more frequent and more sophisticated, as nation state actors and crime syndicates continue to leverage fileless attacks, lateral movement, island hopping and counter incident response in an effort to remain undetected,” said the report. “This issue is compounded by resources and budgeting. Not only is there a major talent deficit in cyber security, there is also a major spending delta.”

The report found that IT leaders believe Russia and China to be the source of the vast majority of cyber attacks, but it identified North America as the starting point for more attacks than Iran and North Korea combined.

If you want to save yourself stress, money and a damaged reputation from a cyber incident with affordable, live systems protection please ring us now on 01242 521967 or email assist@cyber139.com or complete the form on our contact page NOWContact Cyber 139

Money transfer frauds are top aim of business email cyber attacks

Tricking recipients into transferring money to cyber criminals is the top objective of business email compromise (BEC) attacks.

Tricking recipients into transferring money to cyber criminals is the top objective of business email compromise (BEC) attacks.Business email compromise is increasingly popular with cyber criminals to steal money and information as well as spread malware, security researchers find

The second most popular objective is to get the recipient to click on a malicious link aimed at stealing information or spreading malware, according to an analysis of more than 3,000 BEC attacks by Barracuda Networks.

BEC attacks are also known as whaling or CEO fraud because attackers typically compromise the email accounts of CEOs and other top executives so those accounts can be used to send messages to more junior staff members, tricking them into taking some action by impersonating the email account holder.

This tactic is extremely effective in manipulating employees as well as partners and customers of targeted businesses because few organisations have processes in place for checking or verifying instructions ostensibly received from a top executive in an email message sent from a genuine account.

In most cases, cyber criminals focus efforts on employees with access to company finances or payroll data and other personally identifiable information(PII).

The study shows that PII is another top target for BEC attackers, accounting for 12.2% of the attacks studied. Another 12.2% were aimed at establishing a rapport with recipients, which in most cases was followed up with a request for a money transfer.

The effectiveness of this attack method has made it extremely popular with cyber criminals, as is indicated by an 80% increase in the number of BEC attacks in the second quarter of 2018 compared with the first quarter, according to a recent report by email management firm Mimecast.

The Barracuda study reveals that in 46.9% of the cases studied, the objective was to trick employees into transferring business money into accounts controlled by the attackers, while in 40.1% of the cases, the aim was to trick them into clicking on a malicious link.

According to Barracuda, email is the top threat vector facing organisations due to the growing number of email-related threats, which include ransomware, banking trojans, phishing, social engineering, information-stealing malware and spam, as well as BEC attacks.

Not surprisingly, the analysis shows that CEO email accounts are the most commonly impersonated (42.95%), followed by other C-level account holders (4.5%), including the CFO (2.2%), and people in the HR and finance departments (2.2%).

CFOs are among the top recipients of BEC emails, representing 16.9% of recipients in the attacks studied, on a par with the finance and HR departments in general and compared with 10.2% received by other C-level execs.

However, the analysis shows that most recipients of BEC emails are in more junior roles, with 53.7% holding roles outside the C-level, underlining the need for regular, ongoing user awareness training.

If you want to save yourself stress, money and a damaged reputation from a cyber incident with affordable, live systems protection please ring us now on 01242 521967 or email assist@cyber139.com or complete the form on our contact page NOWContact Cyber 139

LORCA identifies top priorities for cyber security innovation

The top priorities for cyber security innovation are identity management, patch management and configuration management.

The top priorities for cyber security innovation are identity management, patch management and configuration management.

“These are basic components of cyber security, but failure to do them well is still responsible for the bulk of cyber attacks that we are seeing.”said the new LORCA CEO  Hannigan

Identity is one area where the UK is particularly strong, with some great companies focused on it, he said, particularly in the academic “pre-company” sector, where universities are doing some “really innovative things” around identity management and authentication.

“Identity is key to cyber security, and if we can get a product out there that beats others, the sky is the limit, especially for the export market, and it will be about who gets there first with a viable solution,” he said.

Hannigan believes the internet of things (IoT) and cloud computing are two more areas where cyber security entrepreneurs should be focusing their efforts.

He said cloud computing is “problematic” because it makes it harder for companies to understand what the perimeters of their networks are.

“Even for those companies that have worked out what their cyber security policy is and managed the risks, suddenly to do all their processing and storage in the cloud complicates that,” said Hannigan. “It is not terminal, but it means they need to rethink their risks and mitigations.”

He advised organisations to look at the guidance on security in the cloud from the National Cyber Security Centre (NCSC).

IoT is ripe for innovation

The IoT is “ripe for innovation”, said Hannigan, because it is unlikely that regulation or government guidelines will address the immediate risks.

“It is going to be a long time before security by default is achieved, so in the meantime we need to find ways to mitigate potential disasters, with billions of devices connecting to the internet,” he said.

In terms of going to market, Hannigan advises cyber security entrepreneurs to spend some time considering things from the customer’s perspective.

“In the UK, companies are more likely to be conservative in their cyber security investments and stick with well-established suppliers than countries like the US and Israel, so startups need to take that into consideration,” he said.

Hannigan believes Lorca has a role to play here in helping startups to think through how their technology will integrate with existing IT environments, making it as easy as possible with minimal disruption.

Time and skills required by businesses

Although businesses do not necessarily need to spend a fortune on cyber security, it does require some time and sometimes skills that may be lacking in-house, said Hannigan.

“I do have sympathy for small businesses, but many are doing more than they used to in the past and are using things like Cyber Essentials and the small business guide because they are seeing how cyber attacks are affecting companies or because their insurance companies have told them to,” he said.

Hannigan believes there is a need for effective managed security services for small and medium-sized businesses. “A regular complaint I get is that managed security services suppliers are not really appropriate for small businesses and aren’t necessarily that effective, so there is a challenge there to the industry to come up with managed security services that really work and that don’t just dump the problem back onto the client, but actually do something about it,” he said.

LORCA to help drive UK cyber exports

LORCA – the new London cyber security innovation centre will help to boost exports of UK cyber security expertise.

LORCA - the new London cyber security innovation centre will help to boost exports of UK cyber security expertise.

A key part of the ambition for London’s £13.5m government-funded cyber innovation centre is that it will help drive UK exports, according to Robert Hannigan, former head of GCHQ.

“We hope that companies founded and given a boost and support in going to market will also go to market overseas,” he said at the official opening of the centre – to be known as the London Office for Rapid Cybersecurity Advancement (Lorca).

“The government’s ambition is very clearly to make the UK a leader in cyber security exports, and I see massive potential out there in countries around the world that need a variety of different solutions,” said Hannigan, who will lead Lorca’s industry advisory board.

“We know we have great talent, potential and possibilities, and bringing it all together was the challenge for government and what has led to this [cyber security innovation] centre,” he said.

The centre will play an important role in bringing together the many good innovators and incubators across the UK and provide a focal point for interacting with government, said Hannigan.

Lorca will also bring together cyber security innovators with academics in the field, with various industry sectors – starting with the cyber security-leading finance sector, with other technical and non-technical disciplines, and with international partners.

“This centre has links to the US, Israel and Singapore, and convening the three most prominent cyber security industry centres in the world is going to be very powerful in magnifying the value of this centre,” said Hannigan.

Commenting further on the potential for cyber security exports, Hannigan said there is a “massive market” out there because there are many economies that are some way behind the cyber security technology front-runners that are looking for solutions.

“There is massive potential, we have got some great companies, the UK has a good reputation and we should capitalise on that because if we put all that together and get it right, we will have a booming cyber security export industry,” he said.

“There is a lot of private sector capital looking to invest in cyber. So there is no shortage of capital, it is all about finding the right vehicle, and Lorca will help with that. But there is no reason why, in the future, there shouldn’t be more initiatives along the same lines.”

For this reason, Hannigan believes there is room for many more initiatives aimed at supporting cyber security entrepreneurs.

“There is no competition between incubators and accelerators within the UK – the more the merrier,” he said, explaining that each has something different to offer, with Lorca being more industry-focused with international links, for example, and the GCHQ accelerator and innovation centre in Cheltenham being more focused on national cyber security.

The government funding for Lorca will also promote its role as a convening body for other accelerators and incubators as a “useful way of amplifying the UK’s overall cyber security offering, particularly overseas, said Hannigan.