BIBF thanks Standby Consulting for presenting at recent Cyber Security Forum

Sam Mulholland, Standby's Managing Director, recently presented at the Cyber Security Forum arranged by the BIBF.  The forum was an opportunity for all vendors to get together share information and recent advances in Cyber Security.  The timing could not have been better as this followed on from the weekend of the first WannaCry cyber attack.  

Some compelling arguments were put forward and for me, personally, the following stood out:-

  • Cyber Security is not only the responsibility of IT.
  • Cyber Security needs Senior Management and Board level buy in.
  • A company can be either defensive i.e. reactive to an attack or....
  • A company can be pro-active in their approach and use tools such as Threat Hunting; Digital Forensics, End Point Detection and Response (EDR) etc. to get a higher level of protection.
  • A company requires a "Cyber Plan" in place because it was agreed and stressed by all the presenters it is not a matter of "if" it happens but "when" and generally Cyber Security is not addressed separately within general BCM Plans and it needs to be. 
  • Companies need a good IT governance policies in place. 

There are a lot of new IT solutions out there, the difficulty arises in determining which is best for your company?  Forums like this can be very beneficial in that it gives companies the opportunity to collaborate and come up with better solutions and responses to the particular threat they face.  Howev

er none of this can be accomplished without Senior Management and Board level buy in.  IT personnel can attend workshops/forums/conferences forever a day but if they are not being heard changes and improvements can't be made.

If you should wish to review the script presented by Sam please click below to retrieve

https://static1.squarespace.com/static/56e7f0cb45bf21c0ab86d85d/t/5922c711d482e93bf82cfe0c/1495451416608/BIBF+Cyber+Security+Forum+-+Sam+Mulholland+Presentation+Script+May+2017.pdf

 

Cyber security is everyone's responsibility ...Business Continuity Institute

The BCI has released a 'Building Resilience by improving cyber security" report for Business Continuity Awareness week which was the 15-19 May 2017.  Please see the link to this report.

http://www.bcifiles.com/BCIBCAWReport.pdf

as well as a short info video

WannaCry Worldwide Cyber Attack - how does it affect you

In light of all the cyber security incidents over the weekend Standby Consulting felt we should get in touch to give an update of what has been going on and also check it is business as usual for your company!

So what has happened?

On Friday 12 May 2017, Tens of thousands of organisations were infected with a computer virus called WannaCry. WannaCry is a strain of Ransomware that locks down data and demands a payment of up to $300 a time before it will restore scrambled files.

There has been significant press coverage in the UK, as many hospitals fell victim and some health organisations diverted ambulances and also had to cancel non-essential services while they found a way to contain and clean up the infection. It has not however only the UK that has been affected, with reports of attacks taking place in over 100 different countries, with some of the hardest hit being Russia and Spain.

WannaCry appears to have been spread via a computer virus known as a worm, which has the ability to move around a network by itself. Once inside an organisation it will hunt down vulnerable machines and infect them too, which is in contrast to many other ransomware attacks which rely on individual users to spread it, by tricking them into clicking on an attachment or link containing the attack code.

Luckily a UK security researcher has now found a way to halt the spread of WannaCry. The researcher known as MalwareTech ‘accidently’ found the ‘Kill Switch’ in the code that has now been able to stop the spread. Though he has highlighted that this is only a temporary fix and people should act quickly to make sure their systems are protected against another strain of the WannaCry attack.

Read more about the WannaCry solution here - http://www.bbc.com/news/technology-39907049

Could WannaCry affect your business?

WannaCry currently only seems to be affecting windows systems and in particular any systems still running the legacy windows XP systems, which are no longer supported by Microsoft. Standby suggests software is updated immediately to a window system version supported by Microsoft, such as Windows 7 or 10. At the very least though the latest patches and updates should be applied to all windows software and for any XP users, there has now been an emergency patch developed. This event is a good reminder that you should always keep all your software up to date with all the latest releases and patches to help stay ahead of any potential hackers. Protect your business by using up to date firewalls and anti-virus software and by being wary when reading emailed messages. Send a message to all personnel informing them of the latest

If not doing so already, ensure any back up of key data is kept up to date, so files can be restored without having to pay should your systems be infected.

Read more about the attack and what other attacks that may also be coming soon – 

http://www.bbc.com/news/uk-39911385

http://gulfnews.com/news/americas/usa/uae-tra-warns-users-as-fast-moving-cyberattacks-wreak-havoc-worldwide-1.2026329

IT Security Checklist

It’s now time to look seriously at your current cyber security set up:

  • Are all Microsoft and other IT systems up to date?
  • Does your IT department have suitable safeguards in place to deal with an attack?
  • What if you do get hit? Does your company have an up to date IT DR plan or a specific   Cyber Security Breach Plan
  • Is your company’s vital data backed up correctly? Is there an up to date back up kept off the network and away from potential threats?
  • Does IT know how to deal with an attack quickly enough to ensure your customers, stakeholders will not be effected?
  • Are your Crisis Management Team trained and exercised to deal with the business impact of a Cyber Security Breach?
  • Are company finances secure?

There is now a lot of literature online to help build a resilient organisation to guard against cyber attacks, so it’s time to get researching.

If you have any questions on the WannaCry attacks or need some guidance on how you can build an effective Cyber Defence, Standby Consulting are here to help. Visit our website for more info – Standbyconsulting.com or contact us directly using the below info.

The Standby Team

 

Humans - The weakest link in the cyber security chain

Every year companies spend millions on cyber security, ensuring their important data is well protected from prying eyes. With an ever growing and evolving cyber threat, organisations must constantly ensure they are up to date with the latest malware and virus protection or have downloaded the latest firmware upgrade to ensure they will not be hit by the latest trending attacks.

shutterstock_248514361.jpg

According to the study by IBM/Ponemon “Cost of Data Breach Study: Global Analysis” - The average cost paid for each lost or stolen record containing sensitive and confidential information increased 6 percent, jumping from $145 in 2014 to $154 in 2015. These costs are linked to increased costs in items such as loss of customer confidence, company downtime as well as an increase in costs of recovery. Combine these findings with the Breach Level Index (BLI) statistics that 22 records were compromised every second (1.9 million every day) in 2015 and it shows Cyber-crime has now become a very profitable and attractive profession. Nobody needs to rob a bank with a gun anymore, not when they can do it with a computer from the safety and comfort of their own homes!

Huge budgets and resources are often plunged in to online data protection and other expensive technical tools to help ensure a company’s data is secure, but when was the last time your company spent the appropriate time or money arming you? Have you ever been trained to spot a cyber attack? Or block a spammer? Do you know the difference between a phishing attack and a Trojan horse?!

IBM’s “2014 Cyber Security Index” tells us that 95% of all security incidents involve human error. So it is actually you and I, the ‘trusted employee’, that is more often than not the cause of any major data breach, whether we know about it or not! As with most criminal activities a hacker will always aim for the softest target, the ‘lowest hanging fruit’ and unfortunately, when it comes to cyber security, that usually means us, ‘the user’.

At this point a few thoughts may cross your mind, ‘this doesn’t apply to my company’, ‘Our critical information is not important to anyone else’. Unfortunately though your critical data is always important to someone. The FBI estimate that cyber criminals collected $209 million in the first three months of 2016 by extorting businesses and institutions to unlock computer services. Ransomware, as this type of Cyber threat is commonly known does not have to break in to your data vault to steal your information, it just has to find a way to put a second lock on it so you can’t access it either. Once it has locked it up. You either pay for it to be unlocked, or you lose it.

One of the key finding highlighted in the IBM “Cost of Data Breach Study” was that – “Improvements in data governance initiatives will reduce the cost of data breach. Incident response plans, the appointment of a CISO (Chief Information Security Officer), employee training and awareness programs and a business continuity management strategy result in cost savings”.

As the front line operative on your computer, you are the first line of defense. In the current cyber-crime era it is now yours and your colleague’s job to protect your organisational data and information, not just the IT departments. If you feel under prepared for this task then perhaps you should ask your company security or IT department for a briefing on potential threats and weaknesses within your company IT infrastructure, or look online as there is now a huge amount of up to date research available which can get you quickly up to speed on current cyber-crime threats and trends.

  • In the meantime though, the below tips may help you to stay safe while logged in –
  • Keep your computer configuration current with the latest patches and updates
  • Choose strong passwords and keep them secure
  • Change any factory default passwords for technologies such as internet routers
  • Protect your personal information – be careful what websites you leave your personal                 details a with and also ensure you social networking profiles (Facebook, Twitter, LinkedIn etc.) are set to private
  • Secure your mobile devices by setting good passwords and not allowing 3rd party access through apps
  • Protect your computer with up to date internet security software
  • Emails and online deals that look too good to be true, usually are!
  • If you receive emails from unknown sources then do not open them especially if they have attachments
  • Encrypt your confidential data
  • Take regular backups of your data on an external hard disk/drive and keep these backups unconnected to your system
  • Report suspicious activity to your local administrator or CISO

Cyber-crime is now everywhere, it is not a case of if you or your company will get hit any more, it is now a case of when. Don’t be the one that lets the wolf through the door. Be aware, be vigilant, stay protected.

Tom Ham; Consultant and Client Services Manager

Additional Reading 

https://www.theguardian.com/world/2017/feb/12/uk-cyber-attacks-ncsc-russia-china-ciaran-martin

 

 

Cyber Security Predictions for 2017

Cyber attacks dominated the headlines in 2016. The tentacles of cyber threats span the globe and every industry; cyberwarfare involving critical infrastructure services, massive data breaches where troves of emails and data were stolen, and blackmarket ransomware attacks that have taken over control of critical IT systems - only to be released after the ransom sums were paid.

Over two billion records were stolen in 2016. The hacking of records and emails from the Hillary Clinton campaign and the US Democratic National Committee were just a handful of high-profile hacks that riled businesses and individuals in 2016. Data breaches to businesses such as Yahoo, LinkedIn, and numerous others comprised millions upon millions of Personally Identifiable Information (PII). PPIs consist of personal data used to distinguish or trace a person’s identity. It includes not only things such as their name, social security number, biometric records, etc., but it also other data like an individual’s photographic image, fingerprints, handwriting, facial geometry, passport information and credit card numbers read more.......https://www.clearswift.com/blog/2017/01/03/cyber-security-predictions-2017