The Holiday Cyber Risk Landscape

Holiday

The holiday season is now in full swing where people travel to far off destinations to enjoy a well earned break and to spend time with their families. Unfortutely the cyber threat remains with us …… and arguably is increased as people’s guard is somewhat down due to the relaxed environment that being on holiday promotes.

A survey carried out by Keeper Security Inc last year showed that the US posed to the greatest threat to holiday makers from hackers, however more worryingly the UK came in a second place with France, Spain and Italy also featuring in the top ten.

https://www.marieclaire.co.uk/entertainment/technology/cyber-security-holiday-destinations-523668

Some of the cyber threats that exist to indivuals and businesses are as follows :-

Insecure Wi-Fi Networks

A hotel wi-if network may be vulnerable if not secured with the latest security encryption software. This could also be said of restaurants or cafes. Attacks know as “Man in the Middle” where a third party is listening and changing information pretending to both the user and the application can intercept highly sensitive data and use this to compromise a users details.

GCHQ regularly warn travellers of the threats posed by insecure wi-fi networks and the holidayseason is when these threats become more prevalent. It is therefore important to check that the wi-if has the appropriate safety protocols in place in particularly when money is being transacted.

Holiday Scam E-mails 

It is conceivable that an individual could fall foul of a hacker before they leave their house .Holiday scam e-mails may portray a bogus website that offers a holiday deal which is too good to be true and the likelihood is that this could well be the case. Funds could be stolen by an on-line transaction with debit or credit card details also being compromised by a hacker.

Being Aware

Leaving a laptop or smart phone on your beach towel of on a cafe table opens opportunity for a speculative hacker to steal an electronic device and use data themselves or to post on the dark web to be sold at a later date.

Keeping a tight ship

The same principle applies to businesses during the holiday season who may not have their usual numbers in their cyber security team which creates an environment where threats could be missed or not acted upon as quickly as normal. A greater reliance therefore is imposed on everyday users to carry out good cyber hygiene in their everyday work schedule. Watching out for phishing e-mails and dubious website links which could lead for example to an incident of fraud or a ransom ware attack.

Back Home

Once back home it is good housekeeping to to check matters such as bank statements to ensure that no fraudulent transactions have taken place and that you can account for everything spent.

At work looking for any unusual e-mail activity or change in the functionality of your computer in case a virus may have downloaded itself whilst you were away.

Wherever you are on holiday cyber threats exist in many forms , hackers do not go on holiday so it is vitally important that you maintain the same cyber security posture.

The Challenges Facing Cyber Security

What are the challenges facing cyber security in 2018?

These will involve the development of existing threat vectors and the emergence of new ones, keeping up with the evolving capabilities of hackers will never be more difficult to repel and prevent.

General Data Protection Regulations (GDPR)

This presents a major challenge to all organisations with time marching towards the 25th May deadline. Many businesses in the SME space are behind the curve in their preparations for this and will do well to meet this deadline. If missed they will face the wrath of the ICO and possible fines for non-compliance.

https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/

Artificial Intelligence (AI) 

AI and machine learning is now available to hackers to conduct cyber attacks providing a challenging new cyber threat landscape that will need to be navigated. Machine learning will also be used for the good as it can assist the cyber security sector in analysing and monitoring new and existing threats.

Internet of Things (IoT)

The IoT theat is likely to develop further with possible focus on critical infrastructures and home devices. With it now being possible to purchase botnet kits on the dark web it is becoming easier to set up DDoS attacks.

State Sponsored Cyber Attacks

These do not look they will be alleviating any time soon and are likely to grow eminating from countries that look to install government instalibility or to carry out cyber espionage.

Ransomware

Ransomware will continue to be a major cyber security threat with new strains being developed by hackers focusing on businesses that have immature cyber risk management.

Mobile Breaches

The threat of mobile breaches is still very much with us and this could be the year that a substantial breach occurs. This could happen via a vulnerability in an app which may itself contain considerable amounts of data that a hacker could gain access to for ill gains.

Bitcoin and Blockchain

Bitcoin, the leading cryptocurrency made the headlines at the end of last year with its value increasing by leaps and bounds before coming back down to a more sensible valuation. Blockchain is not very well understood , but is now recognized as method in which fraud can be prevented and will gain in popularity as it becomes more mainstream.

Trust

Trust is emerging as a side issue in the development of cyber security. Trust that business are safe to trade with and that in the event of a data breach they will act in an honorable fashion and in the best interests of their employees and shareholders. This will impact on future trading and the reputation of a business.

What Will Cyber Criminals focus on?

  • Supply Chain

Cyber threats are being targeted on supply chains as their computer systems do not always have the same standard of cyber security as the main contractor this presenting oportinuties for hackers to exploit inferior systems as a gateway to compromising the main contractors systems. This is likely to continue.

  • The Healthcare Sector

This sector has always been a principal focus for hackers as the stolen data can be used for a number of things.With the standard of cyber security not being considered the most robust this presents this sector as being vulnerable to hackers.

SME businesses

The general immaturity of SME’s computer systems and lack of cyber risk management makes them a prime target for hackers . The mentality of “ it won’t happen to us “ does not hold true and is a dangerous game to play.

Adequate levels of cyber security risk management and the emergence of cyber insurance will play an important part in managing a cyber attack on a businesses’s computer systems. The challenges that lay ahead in the coming year will be huge and defending a business against such a varied threat landscape will be demanding.

Image : Shutterstock

Ransomware : The Modern Day “Stand and Deliver”

Ransomware

Ransomware : It you didn’t know what ransomware was a few weeks ago….. it is almost certain that you do now in the wake of the WannaCry cyber attack that occurred earlier this month.

What is Ransomware? 

This is a form of malicious software that is designed to block access to a computer system until a sum of money is paid. It is not possible to use the data and in some cases the hackers threatens to publish the data until a ransom is paid, there is of course no guarantee that once the ransom has been paid that the encryption code will be provided or if the hacker will still delete the data. If the ransom is paid it is possible that the hacker will return to carry out a further attack.

This form of malware effectively employs scare tactics not unlike that which have been seen in the days of a highway man in Victorian times who would hold a coach of unsuspecting passengers at gunpoint until they had handed over a ransom representing their wealth. Ransomware can be compared to the modern day “stand and deliver” threats that a highwayman posed.

The Impact of a Ransomware Attack 

Ransomware attacks have increased four fold over the past two years with the UK being one of main targets for ransomware attacks as we are perceived to be a destination that will readily pay the ransom.

One report has collected data which reveals that 54% of UK businesses have been targeted with a ransomware attack where revenue has been lost and in extreme circumstances the businesses have had to close. The impact of a ramsomware attack can also cause reputational issues to a business that they may never recover from.

With the General Data Protection Regulations (GDPR) coming into force on the 25th May next year the emphasis of protecting personal data is increasing. If a ransomware attack encrypts personal data and the business is unable to restore the data it is conceivable that the ICO would consider that the business has not taken appropriate measures to keep the data safe and as a result in breach of the Data Protection Act.

The WannaCry Attack

The ransomware attack affected approximately 200,000 computers in 150 countries on 12th May . The most high profile organisation hit by this attack in the UK was the NHS . Outside of this, Renault, Nissan, FedEx and Telefonica were also hit by this indiscriminate cyber attack that appear to target legacy software that had not been updated. Organizations that still utilized Windows XP were particularly hard hit as this contained certain software vulnerabilities.

Managing the Ransomware Cyber Risk

Businesses should consider the following:-

  • Adequate Back Up and Recovery of computer systems
  • Patch Management of all systems with particular attention to older systems
  • Staff Training to raise awareness of what to look for in a ransomware attack
  • Regular Firewall Management
  • The Purchase of Cyber Insurance

The National Cyber Security Centre offer some excellence guidance on their website entitled “Protecting your organization from ransomware” at the attached link :-

https://www.ncsc.gov.uk/guidance/protecting-your-organisation-ransomware

How Cyber Insurance Can Help 

Cyber Insurance is a modular policy and it is possible to purchase specific areas of coverage tailored to a businesses requirements.

Cyber Extortion Coverage

This includes the negotiations with hackers and payment of the actual ransom

Forensic Investigation

This determines what data was compromised and how the systems were accessed

Data Restoration

This covers costs associated with trying to unencrypt data and to assist with the back up of data.

Business Interruption

This module provides coverage for costs associated with costs incurred with increased costs of working and possible loss of profits.

There are now many strains of ransomware which are becoming increasing harder to manage , presenting a constant challenge for businesses to manage. Business do need to constantly review their cyber security risk management processes and procedures which will go some way in alleviating this evolving threat that this poses.

Is BYOD an acceptable Cyber Risk?

BYOD

BYOD know as Bring Your Own Device is a practice whereby businesses permit the use of employees own laptops, notebooks or smartphones in the working environment.

The cyber risk associated with this philosophy is very real and it is vitally important that this is managed within the businesss.

A survey carried out by Information Security last year reported that 1 in 5 businesses around the world suffered a mobile security breach. The survey also identified that the main concern of usage of BYOD’s was data leakage or loss.

Did you know that 35% of employees store their work password on their smartphone (Source : SecureEdge Networks)

BYOD Policy

It is crucial that the business has a clear and robust BYOD policy which should include the following:

1.An acceptable use policy that reflects appropriate guidance and accountability with input from other stakeholders of the business.

2.Management of Social Media as it is likely that there will an an increased use of this.

3.The type of personal data that can be processed on the device.

4. Ensure that a back up plan is in place as mobile devices can fail or be compromised.

5.Reporting of incidents in a prompt fashion in order to comply with company policy and to meet any legal obligations.

The Information Comissoners Office provides guidance notes on BYOD which are a good reference point for businesses.

https://ico.org.uk/media/for-organisations/documents/1563/ico_bring_your_own_device_byod_guidance.pdf

What are the risks?

The main feature of BYOD is that the user owns, maintains and supports the device. As a result of this the data controller will not have as much control as they would should the device be provided by the business.The main concern is the security of the data and this is monitored over a number of devices.

With the focus on data the business should be aware of the following:-

The type of data held on the device

What application data will be held on

How the data will be transferred and asssessment of any possible leakage.

The type of security that is operated under the device.

The line between personal use and business use.

Can Cyber Insurance help?

It is possible for a cyber insurance to provide coverage for cyber risks arising from BYOD devices within a business. Insurers will ask certain risk management questions in order to assess the risk and if acceptable will include this aspect of coverage under the policy.

Image : Shutterstock

Navigating Cyber Risk At Sea

Cyber Risk

Navigating Cyber Risk At Sea  

The maritime sector is not immune from the every day cyber risks that other transport industry sectors experience. with a high reliance on technology giving rise to similar cyber risk profiles and the ensuing threats vectors.

Ships that are now built rely on software to run their engines and GPS navigational systems to move from A to B, the impact therefore of a cyber attack from a hacker has the potential to cause severe disruption to the running of the ship.

There is an apparent lack of under reporting of cyber attacks in the shipping world with the true extent of cyber attacks not yet really known.

Cyber risk does not only exist at sea , cargo handling and container tracking at ports are also very dependent on technology which forms part of the cyber threat landscape that ships face.

To help this sector manage safety and security The International Maritime Organization, a United Nations agency released a set of draft guidelines on maritime cyber risk management which identified the following key areas:-

  • Identify: Definition of the roles and responsibilities for cyber risk management of individuals in order to assess cyber risks
  • Protect: The implementation of risk control processes to manage cyber attacks
  • Detect: The installation of systems to detect new and existing cyber risks
  • Respond: Procedures in place to provide cyber resilience and the ability to restore computer systems
  • Recover: Effective recovery procedures to back up and restore shipping operations

http://www.imo.org/en/MediaCentre/HotTopics/piracy/Pages/default.aspx

Possible Types of Cyber Threats

1.Hackers accessing a shipping management systems so that data can be accessed providing details of future shipments and route.

2.Hackers utilizing a GPS system to direct a ship to unsafe waters which may lead to an attack from pirates so that cargo can be stolen

3.Cyber terrorist hacking into a cruise ships’ navigation system in order to cause loss of life or some form of physical damage to the ship.

4.Curtailment of a transportation ship by hackers accessing navigational systems and delaying the ship in reaching it destination and causing goods to perish.

5.The hijacking of a oil tanker via its GPS system by a hacker which leads to the tanker being taken to a different destination.

6. The cyber extortion of ships’ navigational systems that paralyzes it therefore making it is unable to move or reach its’ end destination.

The emerging cyber threat of the Internet of Things is also an new area of concern that will become more prevalent in the coming years.

Can Insurance Help?

The majority of Marine Insurance policies include a cyber attack exclusion clause which is likely to lead to the sector considering the purchase of a stand alone specific cyber insurance policy which will address a number of the associated cyber risks that the maritime sector faces.

It must be stressed that insurance is only part of the process of the cyber risk management process and should be treated as such.

Image : Shutterstock

A Defining Year for Cyber Risk

Cyber Security Threats

2016 has been a defining year for cyber risk….

There have been many events that have contributed towards shaping cyber risk this year however there are a number of stand out “Influencers” that have impacted on businesses during the year and will continue to do so in the future.

This has raised the awareness of cyber risk in the UK and within the business community as a whole.

Such “Influencers” that have had a bearing on cyber risk are the following :-

1.The Threats

Ransomware 

Ransomware is a form of malicious software that a hacker uses to encrypt the hardware of a computer, the hacker then extorts money normally in the form of bitcoins in exchange for the decryption code.

This form of cyber attack is now the most common in the UK with 54% of SME’s experiencing a ransomware attack. Surprisingly this is higher than in the US which is at 47%.

The impact is loss of income as a result of paying the ransom, loss of files, time spent by the business on remediation, downtime and the possible loss of life.

There is no sign of abatement of this form of cyber attack.

Phishing

Phishing is recognized as a method utilized by hackers to gain access to personal or business details in order too commit a crime. This is normally an act of fraud or used to cause disruption to a computer system. It can involve the sending of a bogus invoice sent by e-mail requesting the payment of money to hackers bank account.

The UK is one of the most targeted countries for phishing scams.

https://www.symantec.com/content/dam/symantec/docs/reports/istr-21-2016-en.pdf

Internet of Things     

The Internet of Things is the internet working of “connected devices”, “smart devices” including buildings via embedded electronics, software or sensors. These then enables these objects to collect and exchange data.

When these devices are infiltrated by a hacker the potential to cause disruption is enormous. The treats are two fold which can result in  denial of service attacks or the compromising of security leading to a breach of privacy.

This year saw a cyber attack on Dyn through the malware strain Mirai which targets vulnerable Internet of Things devices. The botnet used in this attack was possible via a compromised digital video recorder.

These forms of attacks are only likely to increase in the future as “connected devices” do not have adequate security protection in place to prevent such attacks.

2.The Breaches

Yahoo

Yahoo announced in the space of a couple of months two major breaches of their user accounts . One occurred in 2014 and consisted of the theft of half a billion of their user accounts , the other in 2013 thought to believed to be nearer a billion. Both attacks are believed to be state sponsored.

These are two of the largest ever recorded compromises of personal information. It demonstrates that attacks of this nature are getting larger and that high profile companies are still a principal target for hackers.

Banks

Banks were hit hard by a number of cyber attacks this year ……. the list is a long one…..Bangladesh Central Bank where USD850M was stolen, Swift attacks on  banks in the Phillipines and Vietnam and the Banco del Austro, attacks also took place in the Ukraine and a number of US and Canadian banks.

In the UK , Tesco bank , HSBC and NatWest were all subject to cyber attacks but with limited losses to the banks.

Cyber attacks on financial institutions have increased dramatically over the past twelve months and good cyber risk management should be a key consideration for this sector.

SME’s and Public Sector are now a focus for Hackers

This year saw SME’s being the subject of increased cyber attacks and demonstrating that they too have a real cyber risk which cannot be ignored. Ransomware attacks were seen at businesses such as hairdressing salons to florists.

Local authorities and hospital were also targeted, the unluckiest county was probably Lincolnshire…… with the county council being hit by a ransomware attack and various hospitals in Grimsby, Scunthorpe and Goole where their computer network was compromised.

3.The Regulation

The Information Commissioners Office (ICO)

The ICO showed it’s teeth and fined TalkTalk GBP400,000 for various security failings following the cyber attack that took place last year.

It is likely that we will see the ICO exercise these powers more and more in the run up to the General Data Protection Regulations when they come into effect in 2018.

General Data Protection Regulations

These were finally adopted in April this year and will come into force on 25th May 2018

The clock is “ticking” and all business will need to assess what data they have, where it is stored and how they mange it, irrespective as to whether they are a data processor or data controller.

The fines for a breach are 4% of gross annual turnover so non-compliance is not an option.

Privacy Shield

The Privacy Shield is now “live” coming into force on the 1st August replacing the Safe Harbour. There have already been some challenges to this notably by Germany and its current framework maybe subject to change in the coming year.

What Else ….. ?

The Panama Papers, Brexit, Trump, the development of cyber insurance….. the list is endless.

This year has without doubt been a defining year for cyber risk….. 2017 will further shape the exposures and the vulnerabilities that businesses face from cyber risk.

 

Image : Shutterstock