[BreachExchange] Companies must take cyber security more seriously than before

Audrey McNeil audrey at riskbasedsecurity.com
Tue Feb 27 18:45:58 EST 2018


Let’s examine the current threat

The threat from cyber attacks is growing. It doesn’t matter whether the
company is a UK high street success story, a major financial firm in the
city, or a London Borough, all types of operations that connect to the
internet in some fashion are under threat. Make no mistake about it.

For managers at the head of IT departments across the UK, making sure the
office network is secure is just the start of what’s required. Any
personnel who access the intranet from outside the company present a
potential access point for hackers if their smartphone gets left in a pub,
unlocked or snatched right out of their hand while talking to someone.

Let’s examine the current threat and the issues that are the most pressing.

Threat from Ransomware is on the rise

Schools, polytechnics, and universities across the UK and abroad from
Bangladesh to the United States have fallen prey to ransomware demands.
Computer systems, tablets, or smartphones get infected and the people
involved demand the payment of a ransom to unlock the device and remove the

Most often, the ransom to unlock the device is paid in a cryptocurrencylike
Bitcoin, Litecoin, Zcash, or any of the scores of digital currencies being
used to make it harder for authorities and investigators to track the
payment. Sums can be transferred from digital wallet to digital wallet,
without the need for an intermediary, until the balance can be converted to
a regular currency.

Russian hack of US election shows the scope of the problem

It is now generally acknowledged that the Russian government, through a
network of intermediaries, attempted to influence the US election. The
obtaining of Hillary Clinton’s emails provided enough dirt to cause damage
in the closing days of the election process. Wikileaks leaped on the chance
to release the documents and the results are well-known.

The original hack of the stored documents is believed to have occurred
using a phishing scam where an email was sent to the user’s email account.
If they open the email and click on the link or image, the malware takes
hold and allows other people to control the computer remotely. When not
properly managed, an innocent click is all it takes on an unprotected
system to let a virtual intruder in. Therefore, it’s critically important
that organisations large and small (and private citizens too) use respected
security software to protect against these vulnerabilities in the future –
Source: https://www.virtualarmour.com/blog/who-should-be-

Attacks are growing in number & severity

The threat of a cyberattack continues to increase. The data from the first
six months of last year indicate that attacks grew by over 160 percent
compared to the first half of 2016. More than 900 breaches were reported
(with numerous hacks going unreported) and over two billion personal and
business records were compromised. Do you think that these numbers will
decline or grow during 2018?

It’s certainly true that some firms are getting better at defending against
attacks, but they are few and far between. One of the main issues is the
access to a multitude of devices that staff use to connect to their
information. Workers use the cloud to store business documents, personal
information, private photos, videos, and other items that they would rather
not get shared or used against them. However, locking down every digital
device they use to prevent a data intrusion is often seen as a losing
battle unless everyone is using the right software to protect their
technology and themselves.

The real cost of a security breach

Companies in the UK are kidding themselves when it comes to the true cost
of an intrusion. The costs were found by the Ponemon Institute in
conjunction with Centrify to be over £2.5 million to clean up and resolve
issues caused by a data intrusion. For listed companies, their average
stock price fell by over five percent shortly after it was revealed that
they had suffered a breach (credit agency Equifax saw one-third lopped off
its share price after revealing its massive hack in 2017).

The damage to the business reputation of the brand was more significant
still. Firms that suffered a breach were found to lose sales of over two
million pounds, which were largely attributed to brand damage, loss of
trust in the business, and an unwillingness to trust them quickly
thereafter. Whether held to ransom by hackers, hit with a regulator’s fine
for lack of security preparation, or dealing with a swathe of lawsuits for
disgruntled customers, the financial cost, and distraction caused by a
breach is often immeasurable. It’s fair to say that some companies never
recover and go under.

Businesses of all sizes in the UK must take heed. The risk of a
cyber-attack is growing, and the costs are rising right along with the
danger. It doesn’t pay to be unprepared. Customers are no longer willing to
accept that a company “made a mistake” when a data breach is too extreme.
Many will vote with their feet by no longer dealing with the company and
the business’s situation becomes unrecoverable. Don’t let that be your
company’s fate.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180227/30e9db3f/attachment.html>

More information about the BreachExchange mailing list