data Archives - Page 3 of 4 - Cyber Secure Forum | Forum Events Ltd
Posts Tagged :

data

Ramnit Trojan resumes attacks on European financial institutions

 960 640 Stuart O'Brien
By:
0
0

The Ramnit banking Trojan has returned to its old hunting ground after recent forays into the e-commerce space,

The discovery follows analysis by F5 Labs and F5’s EMEA-based F5 Security Operations Center (SOC) examining active Ramnit banking Trojan Malware configurations in February and March 2019.

All signs indicate that Ramnit’s authors are —once again—largely targeting financial services websites to coincide with Tax return activity, primarily in Italy.

Ramnit was previously hitting the headlines during the 2018 holiday season for shifting its attack focus to US e-commerce sites1.

In the most recent studied Ramnit sample active in March this year, the Trojan’s authors were primarily focused on financial services and financial tech sites in Italy (40% of all attacks). 9% of attacks were aimed at the UK and 8% at France2. Overall, 70% of all Ramnit targets in March were European, 27% American and 3% were located across the rest of the world3.

Interestingly, while social networking sites made up a smaller portion of targets observed in February and March, some of the biggest social networking platforms in the world were still under fire, including Twitter, Facebook, Tumblr, and YouTube. 

In other notable developments, F5 Labs was able to discover how this March’s Ramnit configurations are continually adapting, including scaling web injection tactics4 to attack websites5. An interesting innovation in this respect entailed going after targets with no link to a specific company or website.

Instead, several words in French, Italian, and English were added to the mix in the hope of catching random websites. Along with the simple word targets, Ramnit also included the name of an Italian Opera and a few misspelled domain names. 

“Ramnit is a persistent banking Trojan that first emerged in 2010 as a less sophisticated form of a self-replicating worm. Today, both its tactics and targets have evolved to include many other industries. It is highly adaptable, as we can see with this recent shift back to the financial sector, as well as its authors’ new attempt to expand the attack surface,” said Roy Moshailov, head of security and malware research, F5 Networks.

“It is critical for banks and financial institutions to implement web fraud protection solutions to protect their customers and to help ease the burden of fraud expenses—especially banks that are actively being targeted. Other industries also need to be aware of attackers’ increasingly clever techniques so they can take similar precautions. The main thing is not to be complacent. Because Trojan malware is typically installed through phishing or malicious advertising, it’s also vital that all organisations to provide security awareness training to employees and clients.”

Image by dawnfu from Pixabay

Cybersecurity’s biggest asset: Why use the cloud?

 960 640 Guest Post
By:
0
0

The cloud is one of those hot buzzwords that gets thrown around a lot both in the tech world and in our daily lives.

No longer reserved for IT departments alone, the cloud has become something that we depend upon greatly, especially in the way companies go about their business. And it’s about to become even more important.

In fact research shows that companies are looking to drastically increase their investment in the cloud in the coming years. Morphean recently conducted an independent survey of more than 1500 IT decision makers across Europe to discover their views on cloud services. The survey reported:

  • 78% expect their spending on the cloud to increase in the next two to five years
  • 47% said their internal data would be cloud processed within the same time frame
  • 45% said they would definitely consider migrating their physical security systems, such as video surveillance, to the cloud

There’s no doubt that the cloud is becoming a more important part of everyday business dealings, but some people still have reservations about the safety of this storage system, and whether or not it is worth it. We believe it is, and let us tell you why. 

But what exactly is the cloud?

Short for ‘cloud computing’, the cloud is essentially a terrestrial home for your data. So instead of being stored on the computer in front of you, it’s stored somewhere else, or in multiple places, and it is up to a network of servers to take you to it.

Some everyday examples you may recognise include the Apple iCloud, Dropbox, Google Drive, Microsoft OneDrive, and even Netflix.

Is the cloud the future of cybersecurity?

Unfortunately, the cloud has received some negative press in the last few years in regards to security and safety. In fact, according to the Morphean survey, 45% of people cited security risks as being their biggest obstacle to instigating a full move across to the cloud. 

The only way to truly protect your information is to lock it up underground, but you can rest assured that the cloud is far safer than information stored on a local device. Cloud computing services have more complicated security methods in place than the average computer owner can come up with. Any wannabe hackers would then have to get past the cloud system’s first line of defence; encryption.

Encryption is the practice of using complex algorithms to protect your data. In order to get past these algorithms, the hackers would need something called an encryption key. 

But it’s not all down to these intricate and convoluted systems. In fact one of the biggest threats to cloud security is the barriers set by individual people. In other words, easy-to-guess password and security questions. 

Above we talked about negative press aimed at the cloud over the past few years, most notably the infamous Apple hack where celebrities had photos stolen and leaked. The media reported that the cloud had been hacked, which led to a drop in public confidence and has no doubt contributed to people’s existing fears. In reality the cloud itself wasn’t hacked, but rather the accounts of individuals who used the cloud to store their data.  

The truth is that the cloud is incredibly safe and secure, but it’s up to individual users to do their part. That means choosing strong passwords by adding letters, numbers and symbols, using different passwords for different accounts, and avoiding using passwords that relate to your personal life.

But if that’s not enough to convince you of the cloud’s excellent security systems, did you know that online retailing giant Amazon runs its entire business off of its own cloud service, AWS? 

Other benefits of using the cloud

It’s not only the increased security that comes along when you start using the cloud. Here’s a few more that you can expect for your business.

Continuity

No matter what kind of industry you are in, having a continuity plan in place is vital for protecting your sensitive data and systems. Disasters can strike at any time and for a whole multitude of reasons, ranging from the weather and natural disasters to power failures. By having your information stored off-site in the cloud, you can rest assured that it is backed up and protected in a secure and safe location. Even if you have to move office, you will be able to access and download your data from any location with internet, therefore minimising your downtime and avoiding loss of productivity.

Working flexibility

The world is getting smaller. Not literally of course but modern technology is drastically reducing businesses’ needs for a physical office with staff present 100% of the time. The cloud helps to make this even more possible by granting flexibility in staff’s working practices. Once employees are able to access their work from home, on their commute or even on holiday – anywhere with an internet connection – suddenly the whole world is your office.

Scalability

When it’s time to scale your business up, purchasing and installing upgrades to your storage needs can be both expensive and incredibly time consuming. But when you work with the cloud, everything can be done quickly to suit your exact needs. Whoever provides your cloud computer services will be able to handle all upgrades for you, leaving you free to get on with the important task of running your business.

It’s natural for any business owner to be concerned about the safety and security of their important data. Your business is your baby, and you of course want to protect it. The cloud is undoubtedly the best option and as research shows, more and more businesses will be placing their trust in this extraordinary technology, for more than its safety benefits, to further their growth and secure a strong future.

Image by Patricia Alexandre from Pixabay

Survey reveals increasing IT investment in containers

 960 640 Stuart O'Brien
By:
0
0

87 percent of IT professionals are now running container technologies, with 90 percent of those running in production and 7 in 10 running at least 40 percent of their application portfolio in containers.

That’s up considerably from two years ago, when just 67 percent of teams were running container technologies in production, according to the 2019 Annual Container Adoption Survey from Portworx and Aqua Security.

The report features insights from over 500 IT professionals across a variety of industries and company sizes. The survey, conducted in April and May, asked questions about the state of container usage, tooling, environments and barriers to adoption, to get a snapshot of the container market landscape today and its evolution over time.

Yet despite their pervasiveness, the report highlights that containers aren’t without hurdles: when asked to name their top challenges to container adoption, respondents most frequently cited security (51%), data management (40%) and cross-cloud/multiple cloud support (36%). 

Other Key Findings:

  • Organisations are making bigger investments in containers. In 2019, nearly one in five organisations is spending over $1 million annually on containers (17%). Compare this to just four percent in 2016.
  • Data security tops the list of security challenges with a super majority of respondents (61%) listing this as their top security challenges, followed by vulnerability management (43%) and runtime protection (34%).
  • For the third year in a row, increasing developer speed and efficiency is the primary driver of container adoption with 37 percent of respondents listing it as the top benefit.
  • When asked which team bears the main responsibility for container security, most (31%) named the organisation’s security team, with a joint responsibility or DevSecOps in second place (24%). However, respondents’ own roles influenced their answer, with 47% of DevOps respondents naming DevSecOps as the main owner and 54% of Security respondents named Security as the main owner. 

Download the full 2019 Portworx & Aqua Security Container Adoption Survey Report here.

Digital skills shortages ‘costing UK £63bn a year’

 960 640 Stuart O'Brien
By:
0
0

A lack of technical expertise has fuelled skills shortages across the UK for the last two decades.

That is according to comparative analysis of the professional jobs market by The Association of Professional Staffing Companies (APSCo).

A 1999 report from University College London said almost half (47%) of all ‘skill-shortage vacancies’ that year could be attributed to a lack of technical expertise.

For ‘associate professional and technical’ roles, the need for ‘advanced IT’ skills was responsible for 31% of vacancies, while a lack of ‘other technical and practical skills’ were responsible for a further 49% of all open roles.

A separate report published the same year by Computer Weekly revealed that C++ developers were the most in-demand professionals with Java the second most sought-after skill in the IT recruitment market.

Now, research from The Edge Foundation suggests that around half of all employers (51%) have been forced to leave a role open because there are no suitable candidates available, and that tech job vacancies are costing the UK economy £63 billion a year.

LinkedIn data indicates that cloud and distributed computing is the most valued skill among employers, with user interface design, SEO/SEM marketing and mobile development also featuring in the top 10.

Commenting on the analysis, Ann Swain, Chief Executive of APSCo, said: “While the specific skills that employers are seeking have changed dramatically over the past two decades, the fact that talent gaps continue to be aligned with technical competencies suggests that we need to do more to boost Britain’s digital capabilities.

“Our members have long reported shortages of talent across the IT and digital fields. For this reason, it is crucial that we ensure that we retain access to the STEM professionals that businesses need in the short term – through maintaining access to global talent and retaining our flexible labour market.

“However, perhaps more importantly, we must pipeline the calibre and volume of skills we need for the future so that we break free from this perpetual skills shortage. As this data indicates, for the past 20 years we have been playing catch-up – and we must break the cycle if individual businesses, and the wider UK economy, are to fulfil their full potential.”

Cyber attacks rise as readiness levels fall

 960 640 Stuart O'Brien
By:
0
0

A sharp increase in the number and cost of cyber attacks is the key finding in a study of more than 5,400 organisations across seven countries, commissioned by insurer Hiscox.

More than three out of five firms (61 per cent) report one or more attacks in the past year, yet the proportion achieving top scores for their cyber security readiness is marginally down year-on-year.

The Hiscox Cyber Readiness Report 2019 surveyed a representative sample of private and public sector organisations in the US, UK, Belgium, France, Germany, Spain and the Netherlands.

Each firm was assessed on its cyber security strategy and execution, and ranked accordingly. Only 10 per cent achieved high enough marks in both areas to qualify as cyber security ‘experts.’

Among the key findings:

  •    Cyber attacks reach a new intensity:More than three in every five firms (61 per cent) experienced a cyber incident in the past year, up from 45 per cent in the 2018 report. The frequency of attacks also increased. Belgian firms were the most heavily targeted. 
  •    More small and medium-sized firms attacked this year:While larger firms are still the most likely to suffer a cyber attack, the proportion of small firms (defined as those with less than 50 employees) reporting an incident is up from 33 per cent to 47 per cent. Among medium-sized firms (50 to 249 employees) the proportion has leapt from 36 per cent to 63per cent.
  •    Cyber losses soar:Among firms reporting attacks, average losses associated with all cyber incidents have risen from $229,000 last year to $369,000 – an increase of 61 per cent. For large firms with between 250 and 999 employees cyber-related losses now top $700,000 on average compared with $162,000 a year ago. German firms suffered the most, with one reporting a cost for all incidents of $48 million.
  •    More firms fail cyber readiness test:Using a quantitative model to assess firms for their cyber readiness, only one in ten (10 per cent) achieved ‘expert’ status this year, slightly down from 11 per cent in 2018. Nearly three-quarters (74 per cent) ranked as unprepared ‘novices’. There was a sharp drop in the number of larger US and German firms achieving ‘expert’ scores.
  •    Cyber security spending up by a quarter:The average spend on cyber security is now $1.45 million, up 24 per cent on 2018, and the pace of spending is accelerating. The total spend by the 5,400 firms in the survey comes to $7.9 billion. Two-thirds of respondents (67 per cent) plan to increase their cyber security budgets by 5% or more in the year ahead.

Gareth Wharton, Hiscox Cyber CEO, said: “This is the third Hiscox Cyber Readiness Report and, for the first time, a significant majority of firms report one or more cyber attacks in the past 12 months. Where hackers formerly focused on larger companies, small and medium-sized firms now look equally vulnerable. 

“The cyber threat has become the unavoidable cost of doing business today.  

“The one positive is that we see more firms taking a structured approach to the problem, with a defined role for managing cyber strategy and an increased readiness to transfer the risk to an insurer by way of a standalone cyber insurance policy.”

The study also shows:

  •    Wide disparity in readiness scores: Overall, US, German and Belgian firms score highest on the cyber readiness model, while more than four-fifths of French firms (81 per cent) are in the ‘novice’ category. Along with the Netherlands, France has the smallest proportion of large and enterprise firms that rank as ‘experts’, at 9per cent.
  •    Cost figures skewed by large incidents: Among firms that were targeted by hackers, there has been a sharp rise in the cost of the biggest single incident reported in the past year. The mean cost has jumped from $34,000 to a fraction under $200,000. 
  •    Supply chain incidents now commonplace: Nearly two-thirds of firms (65 per cent) have experienced cyber-related issues in their supply chain in the past year. Worst affected are technology, media and telecoms (TMT) and transport firms. The majority of firms (54 per cent) now evaluate the security of their supply chains at least once a quarter or on an ad hoc basis.
  •    Reasons to be optimistic: The proportion of firms with no defined role for cyber security has halved in the past year – from 32 per cent to 16 per cent – and there has been a marked fall in the number of respondents saying they changed nothing following a cyber incident (from 47 per cent to 32 per cent). New regulation has also prompted action, with 84 per cent of Continental European firms saying they have made changes following the advent of the General Data Protection Regulation (GDPR). The figure for UK firms is 80 per cent.
  •    Rising uptake of cyber insurance: More than two out of five firms (41 per cent) say they have taken out cyber cover in the past year (up from 33 per cent in 2018). A further 30 per cent plan to but only 27 per cent of small firms.

The full report can be accessed here: https://www.hiscox.co.uk/cyberreadiness

Majority of British businesses fear disruption to business critical apps

 960 640 Stuart O'Brien
By:
0
0

Nearly 50 per cent of UK organisations do not prioritise the protection of the applications that their business depend on – such as ERP and CRM systems – any differently than how low-value data, applications or services are secured. 

That’s according to an independent survey was conducted among 1,450 business and IT decision makers, primarily from Western European economies, by CyberArk.

It indicated that the respondents felt that even the slightest downtime affecting business critical applications would be massively disruptive, with 64 per cent of UK respondents agreeing that the impact would be severe.

Despite the fact that half of organisations have experienced data loss, integrity issues or service disruptions affecting business critical applications in the previous two years, the survey found that a large majority (68 per cent) of UK respondents are confident that their organisation can effectively stop all data security attacks or breaches at the perimeter.

This brings to light a what CyberArk says is a ‘remarkable’ disconnect between where security strategy is focused and the business value of what is most important to the organisation. An attacker targeting administrative privileges for these applications could cause significant disruption and could even halt business operations.

The survey also found that 70 per cent of organisations indicated they have moved (or will move within two years) business critical applications to the cloud. A risk-prioritised approach to protecting these assets is necessary in this model as well if this transition is to be managed successfully.

“From banking systems and R&D to customer service and supply chain, all businesses in all verticals run on critical applications. Accessing and disrupting these applications is a primary target for attackers due to their day-to-day operational importance and the wealth of information that resides in them – whether they are on-premises or in the cloud,” said David Higgins, EMEA technical director at CyberArk. “CISOs must take a prioritised, risk-based approach that applies the most rigorous protection to these applications, securing in particular privileged access to them and assuring that, regardless of what attacks penetrate the perimeter, they continue to run uncompromised.”

Government challenges UK boards to up cyber security game

 960 640 Stuart O'Brien
By:
0
0

Boards at some of the UK’s biggest companies still don’t fully understand the potential impact of a cyber attack, according to a government report.

The Government’s Cyber Governance Health Check looked at the approach the UK’s FTSE 350 companies take for cyber security.

The 2018 report shows that less than a fifth (16%) of boards have a comprehensive understanding of the impact of loss or disruption associated with cyber threats.

That’s despite almost all (96%) having a cyber security strategy in place.

Additionally, although the majority of businesses (95%) do have a cyber security incident response plan, only around half (57%) actually test them on a regular basis.

However, awareness of the threat of cyber attacks has increased. Almost three quarters (72%) of respondents acknowledge the risk of cyber threats is high, which is a big improvement of only just over half (54%) in 2017.

The reports says implementation of the General Data Protection Regulations (GDPR) in 2018 has had a positive effect in increasing the attention that boards are giving cyber threats. Over three quarters (77%) of those responding to last years health check said that board discussion and management of cybersecurity had increased since GDPR. As a result over half of those businesses had also put in place increased security measures.

Digital Minister Margot James said: “The UK is home to world leading businesses but the threat of cyber attacks is never far away. We know that companies are well aware of the risks, but more needs to be done by boards to make sure that they don’t fall victim to a cyber attack.

“This report shows that we still have a long way to go but I am also encouraged to see that some improvements are being made. Cyber security should never be an add-on for businesses and I would urge all executives to work with the National Cyber Security Centre and take up the government’s advice and training that’s available.”

Ciaran Martin, CEO of the NCSC, said: “Every company must fully grasp their own cyber risk – which is why we have developed the NCSC’s Board Toolkit to help them. This survey highlights some urgent issues companies will be able to address by putting our Toolkit’s advice into practice.

“Cyber security is a mainstream business risk, and board members need to understand it in the same way they understand financial or health and safety risks.”

Meanwhile, more work is being done to improve the cyber resilience of business, and a new project has been announced that will help companies understand their level of resilience. The cyber resilience metrics will be based on a set of risk-based principles to allow firms to measure and benchmark the extent to which they are managing their cyber risk profile.

Once developed these indicators will provide board members with information to understand where further action and investment is needed.

Biometrics and behaviour-based authentication on the rise

 960 640 Stuart O'Brien
By:
0
0

A new survey suggests our relationship with passwords to identify ourselves online is shifting.

For some of us, it’s shocking to consider single-factor authentication is even in use today, given that poor password habits and stronger computing power has led to an increase in hacking-related breaches involving either stolen or weak passwords.

But a Callsign survey has revealed that a knowledge-based approach, such as passwords, for accessing online accounts is now favoured by less than half of UK and US respondents (45% on both sides of the Atlantic).

Over the last few years, increased availability of biometric tools on laptops, tablets and smartphones has given consumers a taste for biometric identification, and in the survey 30% noted a preference for sharing and storing biometric information (32% in the UK and 27% in the US) for identification when accessing an online account or making a purchase.

Bit it’s clear there’s still a long way to go in shifting consumer attitudes away from solely relying on passwords. Callsign says biometric information as well as behavioural biometric data – such as the way a user swipes their screen or their unique keystroke pattern when entering their password – need to become the norm, so companies can more intelligently identify anomalies and apply additional layers of security.

With employees frequently cited as the weakest link in corporate cybersecurity enforcement, it is no surprise that traditional passwords are preferred at work, where people’s reluctance to embrace more innovative methods of identification over a presumed ease of access is commonplace.

Knowledge-based identification was the most favoured by 56% of workers (58% in the UK and 51% in the US), while biometric methods were preferred by a mere 15% of workers.

Other insights from this survey include:

  • Despite the high preference for knowledge-based identifiers at work (58% in the UK and 51% in the US), they are less favourable for personal use, where 46% noted they were preferred when logging in to check an account balance and 44% chose it for making a purchase or a balance transfer
  • The UK tends to be more receptive to biometrics compared to the US, with 32% to 27%, respectively, noting they’d prefer it overall
  • In the US, age is a significant factor as Baby Boomers (55+) are more receptive to passwords (46%) and biometric identifiers (31%) than younger respondents (aged 18-24), with 39% preferring passwords and 26% preferring biometric identifiers. Younger respondents (those 18 to 24) were more receptive to behavioural identifiers (12%) compared to those aged 55+ (4%)

“The study suggests we’re at a tipping point where our reliance on simple passwords is on a steady downward turn,” said Callsign CEO Zia Hayat. “Although two-factor and multi-factor authentication, along with biometrics, are an improvement, they are still flawed. Ultimately, we understand the privacy of users is paramount. Companies need to offer choice and control when it comes to the data that is collected and the identification methods used – another reason multi-factor identification is so limited.”

“However, there is a new realm of behavioural identification that is truly revolutionising and streamlining identification and improving customer experiences, all whilst minimising fraud. Here at Callsign, we’re creating a much more positive experience with greater protection and better privacy for the consumer or worker.”

Callsign commissioned YouGov Plc to conduct the survey. Total sample size was 2,131 adults in the UK and 1,160 adults in the US. Fieldwork was undertaken in August 2018.

UK cybersecurity skills concerns highlighted

 960 640 Stuart O'Brien
By:
0
0

Only 56 per cent of UK firms believe they have sufficient cybersecurity skills in-house to deal with the numerous threats they are facing, according to new research.

Databarracks questioned over 400 IT decision makers in the UK as part of its 10th annual, survey in order to understand their views on a series of issues relating to IT security and business continuity.

Certainly, it seems cybersecurity investment has grown – in 2016, 59 per cent of respondents said that they had invested in safeguards to help fight against cyber threats, with the figure rising to 67 per cent in 2018.

Likewise, in 2016 only 12 per cent of firms surveyed said that they had updated their cybersecurity policy in the past 12 months, while in 2018 26 per cent of those surveyed said they had done so.

Meanwhile, threat monitoring software is now used by 28 per cent of businesses, compared to just 13 per cent of businesses in 2016.

Plus, the number of organisations that employed a Chief Security Information Officer has increased massively from one per cent in 2016 to 14 per cent in 2018.

Peter Groucutt, Managing Director at Databarracks, said: “Investment in cyber security safeguards, should translate to improved confidence but the findings show it is yet to make a significant difference. We are in the midst of a rapidly accelerating arms race. Organisations are desperately trying to match criminals, by working hard to improve knowledge, training and investment in security defences, but are clearly concerned about keeping pace. Importantly, organisations shouldn’t become disheartened. While confidence levels are not where we hoped, businesses are making positive strides and acting on the front-foot to fight back, which makes us optimistic for the future.”

UK firms ‘overconfident’ on cybersecurity

 960 640 Stuart O'Brien
By:
0
0

Business are displaying a false sense of security when it comes to their IT security, flying in the face of evidence showing rising incidents of cyber attacks.

That’s the conclusion of a study conducted by Ovum on behalf of US-based analytics firm FICO, which found that three quarters of UK execs felt their firm was getter prepped than competitors for  a cyber attack.

What’s more, and 43 per cent said their firm was a top performer – second highest only to Canada out of the eight countries surveyed.

By comparison, 68 per cent of executives from US firms said their firm was better prepared than their competitors, and 37 per cent said their firm was a top performer.

Ovum conducted telephone surveys for FICO of security executives at 500 companies in the US and 10 other countries in order to compile its report.

Power and utilities providers respondents in the US were the most confident, or least realistic, with 86 per cent rating their firms above average or top performers.

Financial services respondents were the least confident, or most realistic, with 60 per cent rating their firms above average or top performers.

In the UK, financial services respondents were least realistic, with 96 per cent rating their firms above average or top performers, while retail and e-commerce respondents were most realistic, with 57 per cent rating their firms above average or top performers.

Only 36 per cent of organisations are carrying out more than a point-in-time assessment of what their cybersecurity risk is.