Million new cyber phishing sites created each month

Cyber phishing attacks continue to increase in volume and sophistication, according to researchers at security firm Webroot.

Cyber phishing attacks continue to increase in volume and sophistication, according to researchers at security firm Webroot.
In May 2017, the number of new phishing sites reached a new high of 2.3 million in that month alone, according to the September 2017 Webroot Quarterly Threat Trends Report.

Data collected by Webroot shows that the latest phishing sites use realistic web pages that are almost impossible to find using web crawlers to trick victims into providing personal and business information.

Once this data is harvested, attackers are able to steal digital identities to access business IT systems to steal data and compromise business email accounts to carry out CEO fraud attacks.

The Webroot data also shows phishing attacks have grown at an unprecedented rate in 2017, with it continuing to be one of the most common, widespread security threats faced by both businesses and consumers.

According to the report, phishing is the top cause of cyber breaches in the world, with an average of more than 46,000 new phishing sites created each day.

The sheer volume of new sites makes phishing attacks difficult to defend against for businesses, the report said.

Even if the block lists are updated hourly, they are generally 3–5 days out of date by the time they are made available, the report said, by which time the sites in question may have already victimised users and disappeared.

Attacks are increasingly sophisticated and more adept at fooling the victim, the researchers found. The note that while in the past, phishing attacks randomly targeted as many people as possible,today’s phishing is more sophisticated.

Cyber attackers now typically research their targets and use social engineering to uncover relevant personal information for individualised attacks. Phishing sites also hide behind benign domains and obfuscate true uniform resource locators (URLs), fooling users with realistic impersonated websites.

The researchers found that zero-day websites used for phishing may number in the millions each month, yet they tend to impersonate a small number of companies. Webroot categorised URLs by the type of website being impersonated and found that financial institutions and technology companies are the most phished categories.

According to an FBI public service announcement issued on 4 May 2017, phishing scams cost US business $500m a year, while Verizon found phishing to be involved in 90% of breaches and security incidents and a report by ESG showed that 63% of surveyed security and network influencers and decision makers have suffered from phishing attacks in the past two years.

In the ESG report, 46% of respondents said malware attacks have become more targeted over the past two years, and 45% said there is a greater volume of malware than in the past two years.

“Today’s phishing attacks are incredibly sophisticated, with hackers obfuscating malicious URLs, using psychology and information gleaned from reconnaissance to get you to click on a link,” said Hal Lonas, chief technology officer at Webroot.

“Even savvy cyber security professionals can fall prey. Instead of blaming the victim, the industry needs to embrace a combination of user education and organisational protection with real-time intelligence to stay ahead of the ever-changing threat landscape,” he said.

So if you want to save yourself stress, money and a damaged reputation from a cyber incident with affordable, live systems protection please ring us now on 01242 521967 or email [email protected] or complete the form on our contact page NOWContact Cyber 139

Wannacry cyber security money laundering attempt thwarted

The Wannacry cyber security ransomware hackers have tried to conceal who they are by using a virtual currency that is more anonymous than Bitcoin.

Wannacry cyber security money laundering attempt thwarted

Victims paid more than £107,000 in bitcoins to recover files scrambled by Wannacry.

Earlier this week the gang behind the attack started to move the bitcoins out of the wallets they were paid into.

But the operators of the exchange they used to swap the bitcoins have now frozen the accounts they used.

Wannacry caught out thousands of firms around the world when it infected computers on corporate networks and encrypted their files, making them useless.

Victims were told to pay between £229 and £458 in bitcoins to have their files unscrambled and return computers to a working state.

Many security experts believed the money paid into three bitcoin wallets set up by the Wannacry creators would never be moved, because there was so much attention focused on who was behind the attack.

Moving the cash might expose key details about the attackers that could be used to track them down.

Whilst no one knows who owns the 3 accounts- the details of the acounts are known to the blockchain community as they can track the specific accounts.

But the bitcoins were moved earlier this week and some were piped to an exchange network called Shapeshift.io in an attempt to convert them to another virtual currency called Monero.

The Monero crypto-currency was set up to be more anonymous than Bitcoin and seeks to hide as much information as possible about every transaction.

The Wannacry gang is believed to have chosen Shapeshift.io for the digital cash transfer because the service can be used without signing up for an account.

However, the attempt to launder the cash via the platform seems to have been thwarted soon after Shapeshift was told what was happening.

Shapeshift said it would block any further attempts to change the Wannacry bitcoins into Monero or any other crypto-currency.

So if you want to save yourself stress, money and a damaged reputation from a cyber incident please ring us now on 01242 521967 or email [email protected] or complete the form on our contact page NOWContact Cyber 139

Defence minister opens £3m cyber security centre in

UK minister for defence procurement has opened a new cyber security centre aimed at boosting UK cyber defence capability and skills.

UK minister for defence procurement has opened a new cyber security centre aimed at boosting UK cyber defence capability and skills.

The Cyber Works centre, which employs 90 people, will enable Lockheed Martin to work more closely with UK partners to share knowledge and best practice, undertake research and develop new cyber defence capabilities.

In February 2017, Lockheed Martin announced that it would support the UK government’s CyberFirst scheme to inspire and support young people considering roles in cyber security.

The Cyber Works centre is designed to deliver cyber capabilities to UK government as well as support the development of skills and careers in cyber security and intelligence.

Harriett Baldwin, UK minister for defence procurement, said that with its £1.9 billion National Cyber Security Strategy, the country is a world leader in the field.

“The opening of today’s cutting-edge centre is a great example of how partnerships with industry are at the heart of that strategy,” she said. “Together, we are developing solutions to national security risks.”

A key part of the Cyber Security Strategy is partnerships with industry, with £10 million being invested in a new Cyber Innovation Fund to give startups the boost and partners they need

Baldwin said the UK is already leading Nato in its support for offensive and defensive operations in the fight against Islamic State (IS) and complex cyber threats. “This centre will further boost the UK’s cyber capabilities,” she said.

Lockheed Martin is the world’s largest aerospace and defence company and a longstanding leader in the fields of cyber security and intelligence.

The company pioneered the development of the cyber kill chain, an analysis method for cyber network defence that has been broadly adopted across industries and sectors.

Lockheed Martin is also a top provider of capabilities to defence and intelligence communities around the world and operates facilities to defend its own networks across 70 countries.

As well as investing in the new facility, Lockheed Martin plans to take part in the National Cyber Security Centre’s £6.5 million CyberInvest scheme to support cutting-edge cyber security research in the UK.

With National Offensive Cyber Planning allowing the UK to integrate cyber into all of its military operations, defence plays a key role in the country’s cyber security strategy, according to the Ministry of Defence (MoD).

Offensive cyber is being routinely used in the war against IS, not only in Iraq but also in the campaign to liberate Raqqa and other towns on the Euphrates, the MoD said.

In defence, the MoD said the £800m Innovation Initiative has already boosted investment in UK research and business, with multimillion-pound competitions to develop artificial intelligence and automated systems.

In January next year, the ministry will open a dedicated state-of-the-art Defence Cyber School at Shrivenham, bringing together all military joint cyber training into one place.

The MoD also has a key role to play in contributing to a culture of resilience, which is why the Defence Cyber Partnership Programme was set up to ensure its industrial partners protect themselves and meet robust cyber security standards, the ministry said.

 

So if you want to save yourself stress, money and a damaged reputation from a cyber incident please ring us now on 01242 521967 or email [email protected] or complete the form on our contact page NOWContact Cyber 139

 

UK firms buying bitcoins for ransomware attacks

Large UK firms are prepared to pay out more than £136,000 on average to cyber criminals who launch ransomware attacks.

Large UK firms are prepared to pay out more than £136,000 on average to cyber criminals who launch ransomware attacks.

The amount firms with 250 employees or more are willing to pay ransomware attackers is up nearly four times compared with a year ago, according to a survey of 500 IT decision makers by One Poll.

The survey, commissioned by secure connectivity firm Citrix, also shows that more than two-fifths are stockpiling bitcoins in case of a ransomware attack, compared with a third a year ago.

On average, UK firms are stockpiling bitcoin cryptocurrency worth around £46,000, while a third have bitcoins worth more than £50,000 on standby.

The survey also shows that smaller companies are more likely to keep a supply of cryptocurrency such as bitcoin on hand than larger businesses.

Half of the businesses with 250-500 employees polled said they were stockpiling digital currency, up from 36% of this group a year ago. In comparison, just a quarter of businesses with 1,000 or more employees are accumulating cryptocurrency, which is unchanged from 2016.

The decision to stockpile digital currency reflects a widespread attitude that paying a ransom may be necessary. Only 22% of businesses polled said they would be unwilling to pay anything if struck by a ransomware attack, down from 25% a year ago.

UK firms unprepared for ransomware cyber security attack

The 2016 research revealed that one-fifth (20%) of companies with 250-500 employees did not have any contingency measures in place in case of a ransomware attack, however this has fallen to just 7% in 2017.

While many businesses are preparing to block ransomware attacks or pay out if hit, others are missing out on simple cyber hygiene procedures which can limit the impact of a ransomware attack. For instance, over half of large UK firms (55%) still do not back up their data at least once a day.

“Cyber criminals are resorting to ransomware to exploit the vulnerabilities that exist within UK organisations,” said Chris Mayers, chief security architect at Citrix.

“This is no secret, with global attacks hitting the headlines, yet many businesses are still being caught out. Organisations must ensure they’re prepared for the reality of this threat and take action to safeguard the IT network for an attack and protect mission-critical data,” he warned.

Stockpiling a potential ransom may alleviate concerns about ensuring constant access to data, but Mayers said there was no guarantee that data would be returned once a ransom had been paid.

“Instead, committing to robust cyber security techniques and ensuring specific contingency measures are in place to deal with an attack can reduce the chances of falling prey to ransomware in the first place.”

“While more companies are preparing to pay out, many still fail to back data up each day. Organisations should look at dedicated techniques, from encryption to virtualisation, to keep data and apps safe across all devices and desktops – and out of reach of today’s persistent cyber attackers,” he said.

 

 

So if you want to save yourself stress, money and a damaged reputation from a cyber incident please ring us now on 01242 521967 or email [email protected] or complete the form on our contact page NOWContact Cyber 139

Twenty years of online banking has increased financial awareness

Online banking is helping people manage their finances better and reduce their debt as a result

More than two-thirds of consumers can keep on top of their finances because of the arrival and evolution of online banking, and even more control is guaranteed as competition in the banking sector drives investment in technology.
Download this free guide
94.4% of cloud apps are not secure enough for enterprises

Twenty years after Nationwide launched the UK’s first online banking service, the building society has surveyed 2,000 people in the UK to find out how online banking has changed the way they manage their money.

The survey revealed that 22% of people are in less debt because they can keep a closer eye on their finances. Almost 70% of people said online banking helps them keep on top of their finances and 40% said it helps them budget better.

Saving time is another benefit identified for online banking, with 28% of people saving at least an hour a week by not having to carry out traditional banking tasks such as waiting at ATMs and visiting branches.

Although 10% of people still don’t use online banking services, the pace of take-up and use has accelerated in recent years as the fintech revolution leads to more customer acceptance. Nationwide itself has reported a 73% increase in the number of customer logins in 2016 compared with 2015.

James Smith, Nationwide’s director of mobile and digital, said: “People are using the ability to log on any time, anywhere to try to ensure they are staying well in control of their finances and attempting to avoid any unnecessary debt.”

Smith said consumers are increasingly being drawn to new ways of making their money management easier. “Innovation in personal finance is clearly something that intrigues people, as three in five believe we will be paying for everything via our thumbprint by 2037,” he said.

According to the survey, about half (55%) of people think phones or watches will be used to pay for everything by 2037, and 40% think cash will stop being used in the next 25 years.

But despite the undoubted consumer thirst for online banking services, a recent major survey of UK consumers revealed that bank branches are more important than mobile apps.

The report, conducted by PwC and the British Banking Association, surveyed 2,000 consumers in the UK about their banking preferences. It showed that 68% of consumers think a bank branch is essential when opening a new current account, compared with 25% who favour a mobile app.

So if you want to save yourself stress, money and a damaged reputation from a cyber incident please ring us now on 01242 521967 or email [email protected] or complete the form on our contact page NOWContact Cyber 139

Top UK firms’ websites violate key GDPR principle

Over one third of all the public web pages of leading UK companies that collect personal information violate a key principle of new European data protection

Over one third of all the public web pages of leading UK companies that collect personal information violate a key principle of new European data protection

With just a year to go before the deadline to comply with the EU General Data Protection Regulation (GDPR), many UK firms’ websites are capturing personal data insecurely, a study shows.

More controls are needed because most data capture forms found on websites fall within the scope of the GDPR, according to new research by digital threat management firm RiskIQ.

h3::
The EU regulation requires that provisions should be in place to ensure that personally identifiable information (PII) is captured and processed securely.

In the UK, the Information Commissioner has provided guidance that, in the case of data loss where encryption software has not been used to protect the data, regulatory action may be pursued.

The study revealed that 34% of web pages of FT30 firms that collect PII are doing so insecurely, 29% are not using encryption, 3.5% are using vulnerable encryptions algorithms, and 1.5% have expired security certificates.

While the insecure collection of PII is a violation of the GDPR, the study said the loss of personal data, profit and reputation resulting from the use of insecure forms is a legitimate concern for consumers and shareholders.

In addition to personal claim liability, Article 83 provides guidance on fines for GDPR faults, which start at €10m or 2% of global annual turnover for the preceding financial year, whichever is greater – or even double, depending on the infraction.

This applies to all companies actively engaging with European citizens, regardless of whether the firms have a physical presence in Europe.

The GDPR also requires companies to state clearly at the point of capture how they will use an individual’s data. Permission to use their data must be explicit and demonstrated through an action such as ticking a box – a significant departure from the “opt out” process most organisations currently have in place.

The challenge for large, global organisations is the sheer volume and complexity of websites and web applications that need to be accounted for, not only for security purposes, but also for regulatory compliance, such as the GDPR.

Information commissioner Elizabeth Denham called on businesses to see the benefits of sound data protection and act now to prepare for what she called “the biggest change to data protection law for a generation”.

However, 24% of companies polled in the UK and US expect to miss the GDPR compliance deadline and 30.6% said they had no timetable for being GDPR compliant, according to security firm Guidance Software.

Almost 18% said they were in the moderate planning stages and 11% said they were only in the initial stages of implementing processes to ensure compliance.

So if you want to save yourself stress, money and a damaged reputation from a cyber incident please ring us now on 01242 521967 or email [email protected] or complete the form on our contact page NOWContact Cyber 139

People can be strongest link in cyber security, says NCSC

People are often seen as the weakest link when it comes to cyber security, but that must change, says the National Cyber Security Centre (NCSC).

People are often seen as the weakest link when it comes to cyber security, but that must change, says the National Cyber Security Centre (NCSC).

Information security has traditionally been led by technology and, as a result, the role and value of people has been overlooked. That is the view of Emma W, people-centred security team lead at the UK’s National Cyber Security Centre.

From a hacker perspective, many organisations are still leaving the front door open and the windows unlocked. Failure to protect and handle data correctly can also result in punitive actions for companies participating in the digital economy. Wake up and get the knowledge to get protected.

The perception of people as the weakest link is unfair and a natural consequence of a technology-led security culture.

“We have not always had people working in cyber security with a deep understanding of human behaviour or the input of psychologists, social scientists and the like to tell us why people behave the way they do.

“As a result, organisations tend to treat users as people who should do as they are told, but they don’t always, and often the reason is because they can’t.

“However, these reasons are often not recognised, and instead users are seen as either being unco-operative or stupid, but this is not true and is a perception that we have to turn around,” she said.

An example of where end-users are typically blamed for failures is around passwords, but many organisations have unreasonable expectations.

Most people find it challenging to remember multiple passwords, especially when organisations insist on long and complex passwords that must be changed regularly.

Instead of being critical of employees who fail to adhere to unreasonable password policies, organisations need to have a more sophisticated understanding of how humans can be a security asset, she said.

“They need to understand that if humans appear to be poor at security, it is because they are being required to do things that are difficult or impractical to do.”

The NCSC believes this indicates a need to reshape the relationship between the IT security team in an organisation and users of the IT systems.

While some information security professionals understand that their role is to support and enable the business, Emma W said less progress has been made in understanding how to relate to end-users.

Users still commonly see security as policing role, she said, and do not feel confident enough or too afraid to talk to security teams about the challenges they have and where they feel the need to bend or even flout security rules in order to get their jobs done, for fear of being sanctioned in some way.

“This is the relationship we need to reshape, and a critical part of that is enabling two-way communication between security teams and the rest of the organisation, rather than users’ current common perception that security just sits in its own silo and tells everybody else what they need to do,” she said.

“In reality, security professionals don’t have all the answers and users have a contribution to make in supplying some of the answers. Security professionals need to start listening to what users are trying to do and understand that they can be the strongest, not the weakest link in security.”

End-users should be viewed as a positive asset who have information that security professionals do not have about how the business runs and how it needs to run, rather than be seen as a liability that has to be managed, said Emma W.

“Security professionals need to review how they gather information about security, so they can get the right support to discover the real problems facing their business and fix them,” she said.

Security professionals also need to understand that occasional security awareness training and a poster-based awareness campaign are no substitute for meaningful two-way communication that enables them to know what people need from security and how security can help to support the business.

“It is about security teams finding out what is really going on in an organisation, and why people are not doing the things the security team want them to do – and it is probably not because people are weak, stupid or deliberately trying to sabotage security efforts,” said Emma W.

“Mostly people are well-intentioned and know what they are supposed to be doing, but they are trying to get a work task done and the organisation is not giving them the right way to do it,” she said, with the result that the task may be getting done, but not in the most secure manner possible.

Where employees feel they cannot work within the system or that they are running the risk of being punished for things beyond their control, they will look for alternative ways of working and that is what gives rise to shadow IT and real work processes being driven underground, she said.

For this reason, the NCSC is championing the view that people are potentially organisations’ strongest link when it comes to cyber security and are encouraging organisations to move towards generating positive, collaborative solutions that give users a chance to show that they are the greatest assets in security, as much as they are in business.

Users are typically blamed for failings around passwords, but this is mainly because most people find it difficult to follow company policies on passwords.

 

UK businesses urged to prepare for GDPR a year to day

With exactly one year to the compliance deadline, the Information Commissioner’s Office has urged UK firms to seize the business benefits of being GDPR-ready

With exactly one year to the compliance deadline, the Information Commissioner’s Office has urged UK firms to seize the business benefits of being GDPR-ready

There is no time for businesses to delay in preparing for the General Data Protection Regulation (GDPR), says the UK information commissioner.

In a video address to UK business leaders, Elizabeth Denham called on businesses to see the benefits of sound data protection and act now to prepare for what she termed “the biggest change to data protection law for a generation”.

It is not just western countries such as the US and the UK that are being targeted by hackers, as the rapidly developed and wealthy nations of the Middle East become targets of both politically and financially driven attacks.

“If your organisation can’t demonstrate that good data protection is a cornerstone of your business policy and practices, you’re leaving your organisation open to enforcement action that can damage both public reputation and bank balance.

“But there’s a carrot here as well as a stick: get data protection right, and you can see a real business benefit,” she said.

Deputy commissioner Rob Luke also highlighted the business benefits of GDPR compliance at a discussion about the legislation hosted by IT industry body TechUK.

The best outcome, he said, would be where organisations take an approach to data protection that earns the trust of consumers in a more systematic way, and where that trust translates into competitive advantage for those who lead the charge.

Luke said that while the GDPR presents some opportunities for organisations, the ICO recognises that there are some challenges too, noting that the GDPR is an indicator of change as much as it is an instigator.

“The GDPR is part of the response to the challenge of upholding information rights in the digital age; of protecting the rights and interests of the individual in the context of an explosion in the quantity and use of data and in an environment of extremely rapid technological change,” he said.

Luke said that GDPR is going to be an important part of the global data protection landscape over the years ahead, with great relevance to UK organisations, the public and their data.

“The moment at which GDPR takes effect in the UK on 25 May 2018 will, of course, mark a change. In delivering legislation fit for the digital age GDPR confers new rights and responsibilities, and organisations need to be working now to prepare for them,” he said.

Luke said he hoped that UK organisations have already deployed the ICO’s 12 steps to take to prepare for GDPR and were familiar with the ICO’s Overview to GDPR, and were drawing on the ICO’s wider resources.

The ICO, he said, is working at pace to produce detailed guidance, both at a national and a European level, through the Article 29 EU Working Party.

While this guidance will continue to be developed, Luke said organisations should not wait for definitive guidance on every aspect of the GDPR before taking action.

“I urge you not to wait, nor to take a reactive approach to your GDPR preparations, motivated solely by a mindset of compliance or risk management. Those organisations which thrive under GDPR will be those who recognise that the key feature of GDPR is to put the individual at the heart of data protection law.

Thinking first about how people want their data handled and then using those principles to underpin how you go about preparing for GDPR means you won’t go far wrong,” he said.

Preparation for compliance with the GDPR can be boiled down to transparency and accountability, said Luke.

“It is about being clear with individuals how their personal data is being used, and placing the highest standards of data protection at the heart of how you do business,” he said.

As a result, said Luke, this means GDPR compliance is a board-level issue for every size of organisation, not only because under the GDPR the ICO can fine companies up to €20m or 4% of a company’s total annual worldwide turnover for the preceding year, whichever is greater, but also because of potential brand damage.

“As we’ve seen in well-publicised examples, the cost to business of poor practice in this area goes above and beyond any fine we can impose. Losing your consumers’ trust could be terminal for your reputation and for your organisation,” he said.

The ICO recognises that data is the fuel that powers the digital economy, said Luke, and the GDPR is a response to this evolving landscape. The GDPR builds on previous legislation, he said, but brings a 21st century approach and delivers stronger rights in response to the heightened risks.

These new rights include individuals’ rights to:

Be informed about the use of their data;
Access their information and move that information around;
Rectify and erase data where appropriate;
Revoke consent;
Challenge automated decisions.

“Good practice tools that the ICO has championed for a long time, such as privacy impact assessments and ensuring privacy by design, are now legally required in certain circumstances,” said Luke.

Being transparent and providing accessible information to individuals about how you will use their personal data is another key element of the new law and our privacy notices code of practice is GDPR-ready, said Luke.

Luke also noted that data breach reporting would also change under the GDPR. Organisations will be required to notify the ICO, within 72 hours, of a breach where it is likely to result in a risk to the rights and freedoms of individuals.

The widespread availability of personal data on the internet and advances in technology, coupled with the capabilities of big data analytics, mean that profiling is becoming a much wider issue, he said.

According to the ICO, the GDPR is a principles-based law well equipped to take on the challenges of 21st century technology.

“It aims to be flexible – protecting individuals from harm while enabling you to innovate and develop services that consumers and businesses want,” said Luke.

In addition to gearing up the GDPR compliance within the ICO and the higher volume of activity that is bound to come as a result of mandatory breach notifications, Luke said the ICO is looking at how it might be able to engage more deeply with companies as they seek to implement privacy by design.

The ICO is also looking at how it can contribute to a “safe space” where companies can test their ideas and at how it can recognise good practice.

“We should be able to find ways to give credit where credit is due without that translating into a free pass for an individual organisation or practice. GDPR explicitly foresees wider use of tools such as codes of conduct and certification schemes, which potentially have an important role to play,” said Luke.

So if you want to save yourself stress, money and a damaged reputation from a cyber incident please ring us now on 01242 521967 or email [email protected] or complete the form on our contact page NOWContact Cyber 139

Travelling C-level executives are major risk to business security

C-suite executives logging on to unsecured public Wi-Fi hotspots seem to present one of the biggest security risks to enterprise networks

C-suite executives logging on to unsecured public Wi-Fi hotspots seem to present one of the biggest security risks to enterprise networks

Close to half of enterprises believe that their C-level executives, including CEOs, present the biggest risk to the business of being hacked through extensive use of unsecured public Wi-Fi hotspots.

This is according to mobile connectivity provider and network aggregator iPass, which, in its latest annual Mobile security report, found that cafés and coffee shops were perceived as the number one risk venue on a list that included airports, hotels, exhibition centres and planes.

The supplier compiled responses from 500 enterprises in France, Germany, the UK and the US to get an overview of how businesses are approaching concerns around mobile device and hotspot security.

The vast majority – 93% of respondents all told – told iPass’ researchers that they were concerned about the security challenges posed by mobile workforces, and almost half said they were very concerned, up several percentage points on the 2016 edition of the report.

In addition, 68% of organisations told the researchers they had banned employee use of free public Wi-Fi hotspots to some extent, up 6% on 2016, and 33% had banned it outright, up 9% on 2016.

“The grim reality is that C-level executives are by far at the greatest risk of being hacked outside of the office. They are not your typical nine to five office worker. They often work long hours, are rarely confined to the office and have unrestricted access to the most sensitive company data imaginable,” said iPass VP of engineering, Raghu Konka.

“They represent a dangerous combination of being both highly valuable and highly available, therefore a prime target for any hacker.

“Cafés and coffee shops are everywhere and offer both convenience and comfort for mobile workers, who flock to these venues for the free high-speed internet as much as for the coffee. However, cafés invariably have lax security standards, meaning that anyone using these networks will be potentially vulnerable.”

Most businesses with concerns over public Wi-Fi were worried about man-in-the-middle attacks, but high numbers also cited a lack of encryption, unpatched network operating systems and hotspot spoofing as major concerns.

IPass said enterprises were more aware of mobile security threats with every year that goes by, but are still finding it hard to balance the need to keep safe – which is more acute than ever – with the productivity boost that being able to work from any location can bring.

In Konka’s view, unfortunately too many enterprises were choosing to simply ban employees from using hotspots outright, which he characterised as detrimental to business health, not to mention largely unenforceable.

So if you want to save yourself stress, money and a damaged reputation from a cyber incident please ring us now on 01242 521967 or email [email protected] or complete the form on our contact page NOWContact Cyber 139

WannaCry biggest incident to date for National Cyber Security Centre

The WannaCry ransomware attack that started on 12 May 2017 is the biggest single incident that the new UK National Cyber Security Centre (NCSC) has faced.

The WannaCry ransomware attack that started on 12 May 2017 is the biggest single incident that the new UK National Cyber Security Centre (NCSC) has faced.

Although the global ransomware attack that heavily affected the NHS was unwelcome, it has provided an opportunity to test systems and raise awareness on key issues, according to Alex Dewdney, director for engagement and advice at the National Cyber Security Centre (NCSC).

“If you wanted to mount a national communications programme to make people sit up and take notice, you couldn’t have designed one better than this,” he told the Security Innovation Network (Sinet) Global Cybersecurity Innovation Summit in London.

“I never thought I would hear so many ministers using the word ‘patch’, which has now become part of everyday conversation, so we need to take that opportunity and to build on that.”

Dewdney emphasised that the NHS was not targeted specifically, although NHS networks were affected significantly in the UK. Other UK organisations were affected, but the diversity of victim organisations was much greater in other countries around the world, including Russia.

Although the spread of the ransomware has slowed, it spread initially very quickly by using a specific vulnerability in the Microsoft file sharing protocol sever message block known as SMB to propagate in and between networks.

“In March 2017, Microsoft issued a patch for supported operating systems, and following the attack they issued emergency patches for unsupported operating systems as well,” said Dewdney, noting that while these patches prevent the spread of the infection, they do not help organisations to get back encrypted data.

Dewdney confirmed that the attackers behind the ransomware are still unknown, but he said the level of sophistication is well within the reach of “criminal entities” requiring the NCSC to work at an extremely high tempo. “It is easily the biggest and most complex cyber incident the NCSC has had to manage so far,” he said.

In response to the attacks, the NCSC’s incident management function was called into action. The initial focus was on understanding the technical characteristics of the attack, how it was spreading, and who the victims were.

The incident management team was also working to establish who was behind the attack and what the initial attack vector was, but these questions remain unanswered to a high level of confidence five days after the attack.

The NCSC also started looking at ways to protect victims and potential victims in terms of publishing advice on how to immunise against the ransomware and contain its spread, as well as what to do if already a victim. The NCSC was also working directly with some victim organisations to help put guidance into practice and help remediate.

The incident underlined the importance of partnerships for the NCSC, said Dewdney, including partnerships that were formed to scale the response and make inroads into this problem in a way that the NCSC could not have done on its own.

“We are still working very closely with the National Crime Agency (NCA), which has staff embedded in our teams. The NCA was able to deploy on the ground with victims at scale. They are also a vital source of information and forensic data, as well as analytic and investigative effort,” he said.

The NCSC is also still working with NHS digital and Care Cert. “The size and complexity of the health sector meant that we needed that central docking point to work with, and they did a fantastic job under very difficult circumstances,” said Dewdney.

The role of the NCSC’s industry partners was also absolutely critical, he said. “I cannot emphasise enough how grateful we are for the extent to which our partners in the cyber security industry really leaned in to help and pool the information they were gathering.”

According to Dewdney, the Cisp cyber information sharing platform “really came into its own”, both as a platform for sharing information and for discussion. “We need to build on that as a really key way of getting stakeholders to have live discussions about this kind of problem,” he said.

There was an international aspect too, said Dewdney, including the information that was provided to the international computer emergency response network and collaboration with the US.

At the same time, he said it was a truly national response, with the NCSC quickly establishing contact with authorities in Northern Ireland, Wales and Scotland.

Dewdney also highlighted the importance and the challenges of the media. “I think we did pretty well at pace in briefing senior politicians to speak, preparing ourselves directly in broadcast media, and using our web presence and social media to get the right messages across at the right time.

“LinkedIn proved to be a really important and useful platform, but we didn’t really engage in that, and that is an important lesson for us,” he said.

Overall, Dewdney said the NCSC bringing various organisations together under one roof also really proved its worth.

“There was a lot of consistency in what government was saying – officials, ministers and across our platforms. We achieved a greater consistency and therefore a greater sense of authoritativeness in what we were saying than we would have achieved before the NCSC was set up. We were able to get the messages out quite quickly and provide the assurance that patients’ confidential data had not been stolen,” he said.

However, he admitted that producing specific, usable and helpful guidance was a challenge. “How do you get messages across that are sufficiently technically detailed to be of practical use, but also easy to understand and follow.”

The NCSC decided therefore to publish a set of guidance for enterprises and another set for small to medium-sized enterprises (SMEs) and consumers, which is continually being refined and updated in response to feedback from those communities.

“We are really in the market for feedback around how we are getting those messages across and how they can be improved and made more useful,” said Dewdney.

One of the key lessons learned, he said, was about the power as well as the limitation of advice and guidance.

Dewdney said people are continually told to patch and update the systems, “but the fact is that people don’t always do it, so what we have got to realise as cyber security practitioners is that advice and even instruction is much easier to give than it is to follow”.

“We have to recognise that in the real world competing pressures and hard choices can easily get in the way. So we will continue with those exhortations, but as we mobilise campaigns to really make this happen across government, business, critical infrastructure and for consumers, we need to find the right mix of the ‘stick’ on the one hand and help to overcome those hurdles on the other,” said Dewdney.

So if you want to save yourself stress, money and a damaged reputation from a cyber incident please ring us now on 01242 521967 or email [email protected] or complete the form on our contact page NOWContact Cyber 139