[BreachExchange] Learning the lessons from cyber attacks

Fri Jun 23 14:36:28 EDT 2017

http://www.itsecurityguru.org/2017/06/23/learning-lessons-cyber-attacks/

Cybercriminals have been known to target businesses across all sectors.
Recent high-profile cyber attacks have successfully breached well-known
brands including telecoms providers, retailers and banks. Evidently, all
industries are potentially vulnerable. As businesses become ever more
negatively affected by cyber attacks, lessons need to be learnt and
effective cyber defences implemented in order to protect businesses and
their customers.

The problem is, this is easy to say, but much harder to do. Businesses of
all sizes will find it a struggle to minimise and ultimately block the
myriad of cyber threats they face. Some breaches occur due to bad practice
and poor security; however in other cases, organisations with even the most
robust security defences may face so many threats that some slip through
the cracks.

When a business is successfully breached and customer data is exposed, the
consequences can be severe. Recently, a national telecommunications company
was fined £400,000 by the UK regulator following a large-scale breach that
compromised a vast amount of customers’ data. The attacker was able to
access the personal data of 156,959 customers including their names,
addresses, dates of birth, phone numbers and email addresses. Evidently,
these breaches can be serious with businesses and their customers
susceptible to substantial financial and reputational damage.

The Role of the Deep & Dark Web

We know cybercriminals make use of the Deep & Dark Web in order to conduct
their illegal activities. Earlier this year, it was reported that gamers
were put at risk of having their private information sold on the dark web
following a data breach involving 2.5 million accounts. Effective cyber
defences need to include monitoring and understanding of the dark web.
Without it, a business is trying to defend itself whilst blindfolded and
with its arms tied behind its back.

Our research shows that cybercriminals are using the dark web to buy and
sell fraudulent gift cards. This type of crime has grown substantially over
the last several years because it can yield significant financial rewards
at a relatively low risk for criminals.

Cybercriminals’ continued interest in gift card fraud aligns with a common
practice among many gift card issuers: the prioritisation of user
experience and profits over security. Unlike bank-issued credit and debit
cards, gift cards are not held to strict anti-fraud standards, which means
that many gift cards may lack common-yet-effective security features aimed
to help combat fraud. This is just one example of criminal profiteering
using the Deep & Dark Web.

Attaining Effective Cyber Defence

Effective cyber defence requires barriers that deter cybercriminals
alongside effective risk intelligence. In the high stakes world of
commercial cybersecurity, prevention is better than cure. As previously
stated, any breach or cyber compromise has the potential to result in
substantial reputational and financial consequences. The recent case of the
telecoms company serves as a case in point — the company’s share price
plummeted after the attack and still hasn’t recovered fully.

Businesses need to prioritise cybersecurity and make sure it is a C-Suite
issue that is taken seriously by all departments and employees across the
entire business. The weakest link in the defence is most often what will be
exploited by criminals. As such, businesses need to ensure staff are
trained so they don’t create a gateway for criminals. Furthermore,
cybersecurity infrastructure needs to be updated and invested in to help
businesses detect and mitigate cyber threats more accurately and
effectively.

The latest cyber attacks once again shine the spotlight on cybercrime. It
is an issue that affects companies of all sizes and from all sectors. Even
countries are affected by it. It is a truly global challenge.

Above all else, it is crucial for businesses to focus on what they can
control. Having effective insight and intelligence about relevant threats,
investing in technology and people, providing training for staff on
cybersecurity, and prioritising defence from the most senior staff through
to the most junior is essential. Failure to take action will only make your
business more vulnerable to compromise. These are the lessons businesses
must learn from the latest high-profile cyber-attacks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170623/e4d461aa/attachment.html>