Artificial Intelligence – Helping Cyber Security

Artificial Intelligence

Artificial Intelligence (AI)  is now playing a significant role in helping to managing cyber risk. This was recently evident in the aftermath of the Nordsk Hydro ransomware attack where AI was utilised to identify further vulnerabilities.

This form of automative technology would seem to be a good match for managing the constant threats posed by hackers where new cyber attacks relentlessly attack computer systems and constant monitoring is required. Despite the automation basis there however still needs to be human involvement in this process.

How Does AI Work ?

Billions amounts of data is consumed by AI via machine learning and deep learning techniques. This makes it possible to improve and develop its cyber security bank of knowledge which ultimately provides a better understanding of existing and developing cyber risks.

AI utilizes reasoning in order to identify relationships cyber threats malware threats and dubious IP threats . This is then analysed in a very short period of time thus enabling users to respond and act on imminent cyber threats.

Where can Artificial Intelligence be used ?

  • Monitoring of computer systems
  • Predictive tool for new threats
  • Analysis of threats based on current activity
  • Monitor Human activity
  • Post data breach tool
  • Detection of viruses and malware

The Future 

Capgemini released a report last month “Reinventing Cybersecurity with Artificial intelligence”

https://www.capgemini.com/wp-content/uploads/2019/07/AI-in-Cybersecurity_Report_20190711_V06.pdf

The report revealed that 69% of organisations felt that AI will be necessary to respond to cyber attacks in the coming years. Telecoms in particularly were of the view that this would help mitigate the sizable losses already experienced in this sector. Many organisations are gearing up for testing the viability of AI and how it can help their cyber risk management processes. Budget provisions for this are being made as long term there are many  costs benefits in AI.

Artificial Intelligence is developing at a rapid rate and it is important that its application remains relevant to the cyber security sector as other industries also show an interest in this technology.

Image : Shutterstock

Airports : The Importance of Cyber Security

Airports

With critical infrastructure now becoming a prime target for hackers airports now need to ensure that they have in place a comprehensive cyber risk management program in place.

http://cyberbrokers.co.uk/the-cyber-threat-critical-infrastructure/

The European Aviation Safety Agency (EASA) has estimated that an average of 1000 cyber attacks occur each month on aviation systems which further demonstrates the threat posed to this sector.

Airports are technology dependent sector on which also makes it attractive for a hacker who is likely to have the intention of causing maximum disruption with many facets of an airport to target.

Whilst a number of computer networks may be segregated such as  navigational guidance, immigration and retail outlets there are many areas that could be targeted.

  • The airports core IT infrastructure
  • Self-check-in desks
  • Automated bag drop off systems
  • Smart operated gates
  • Wi-Fi available within the airport lounges

Cyber-Attacks on Airports

We have see cyber-attacks on airports notably Bristol airport in the U.K. and Atlanta airport in the US both of which occurred last year.

The computer systems of Bristol airport were accessed by a phishing attack whereby an employee clicked  on a link which lead to malware infiltrating  their systems. For a period airport staff had to communicate arrival / departures by using a blackboard as the messages boards were inoperable.

https://www.bbc.co.uk/news/uk-england-bristol-45539841

The wi-fi of Atlanta airport was taken down as a result of a cyber-attack. Flights had to be cancelled causing passenger delays and significant disruption to the airport services.

https://www.ajc.com/business/hartsfield-jackson-takes-down-after-cyber-attack-city/

The Data Breach Threat

High volumes of data are contained within the computer systems of an airport and it therefore important that this protected. This would typically include :

  • Boarding card details of passengers
  • Car parking details
  • Health and Safety information
  • Details of disabled individuals
  • Employee personal details
  • Salary payment details of employees

With GDPR coming into force last year all organisations are legally required to store and protect data up to certain standards.

The NIS Directive

This came into force last year and sets out minimum standards of cyber security that need to be in place for operators of essential services systems (OES) which will be applicable to the aviation sector.

One of the keys in preventing cyber attacks is the developing of cyber resilience within an airport once potential threat vectors have been identified and solutions are in place to manage potential threats.

Image : Shutterstock

Are You Checking In With Hackers?

Hackers

Are you checking in with Hackers?

The hotel industry has been a prime target for hackers and this trend is likely to continue. So why are cyber attacks so prevelant within this sector?

Volumes of Data

Hotels hold vast quantities of data through many sources such as through their reservation systems for their customers . This will be personally identifiable information that would consist of names, addresss , e-mail addresses and passport details.

Online Payment Processing

Customers will log-in on a hotel website to make a reservation which will require them to provide debit or credit card details. These details could be compromised in the event of a data breach. Payment transactions can also remain exposed for a while on computer systems which presents further opportunity. In 2017 hotels accounted for 92% of all point of sale intrusions.

WiFi

The wi-fi in some hotels can be relatively insecure if their cyber security processes and procedures are not as robust as they should be. This can also lead to their data being compromised.

Symantec released a report this week which revealed that 67% of hotel websites surveyed leaked customer’s booking data. This was over 1500 hotel websites in 54 countries , this equates to two in three websites data could be used by third party sites such as advertisers.

https://www.symantec.com/blogs/threat-intelligence/hotel-websites-leak-guest-data

Supply Chain

Hotels relies on a supply chain which can include a number of contractors, broking and travel agencies . If there is a vulnerability with one of these it is possible that the hotel may be impacted by this causing business interruption or a data loss.

An Attractive Sector

This sector is a target because of the size of the market and the revenue that is generated each year, this provides opportunists threats for cyber criminals and the proliferation of fraud.

Cyber Attacks on the Hotel Industry

There have been a number of high profile cyber attacks on hotels where hackers have sought to steal data or cause disruption to the business.

Marriot International Hotels 

This is the largest data breach in this sector but also one of the largest in the world.

500 million guests were exposed to this cyber attack which included names and addresses and passport numbers. The attack emanated from the Starwood guest reservation database with who they had recently merged.Starwood themselves had previously experienced a data breach a number of years earlier.

https://www.telegraph.co.uk/technology/2018/11/30/private-data-500-million-marriott-guests-exposed-massive-breach/

Hyatt Hotels Corp

Hackers hit the restaurants front desks and parking facilities at 40% of their hotels situated around the world over a four month period.

It is understood that malware was designed to collect cardholder names, numbers and expiration dates.

Hilton Worldwide

Access was gained via the payment card system but on this occasion their was no evidence that data was stolen. The systems were in fact attack twice , cardholder details were again the main target.

As with all business that rely heavily on business via on-line transactions their cyber risk is very high and it is important that cyber risk management is a central focus to management.

Image : Shutterstock

Don’t Underestimate The Insider Threat

Insider Threat

The Insider Threat has now become an even more significant risk to businesses following the dismissal against the High Courts decision that Morrisons was vicariously liable for an employees misuse of data. This is despite the fact that Morrisons were deemed to have carried out as much as they could reasonably been expected to do to protect their employees data.

The case Wm Morrisons Supermarkets v Various Claimants (2018) now states that businesses can be vicariously liable for the actions of a rogue employee.

https://www.bakermckenzie.com/en/insight/publications/2017/12/the-morrisons-data-breach-judgment

With the introduction of the General Data Protection Regulations (GDPR) earlier this year the awareness of data protection by the public has increased which is likely to lead to litigation being bought against businesses in effort to seek remedies for a lack of protection of their personal data.

Background to the case

A security breach occurred when a senior internal auditor leaked payroll data of 100,000 employees. Of this 5,518 former and current employees claimed that this incident exposed them to the risk of identity theft and possible financial loss with Morrison’s being responsible for breaches of privacy.

The Class Action Threat 

The Morrisons case is also an example of a class action where it is not only one individual making a claim but a series of claimants , claims of this nature can be significant and impact severely on the well being of a business. The insider threat has therefore increased and it is likely that businesses will need to re focus their efforts in ensuring that they have procedures in place to help counteract such threats.

Emotional Distress

Under GDPR it is now to bring claims for non -material damage i.e. emotional distress caused as a result of a compromise of an individuals personal data.

Why can business do to monitor employees behavior?

Limit computer admin rights within the business

Monitor abnormally high transfers of data by employees within the business

Ensure CV’s of new employees are what they say they are

Make sure data mapping is in accordance with GDPR ensuring that the business knows where their data is located.

Robust training of employees and expectations made clear of how they manage data.

Ensure highly sensitive data is held in respositories

The Insider Threat is intrinsically linked to the human factors that impact upon cyber security please see our blog on this.http://cyberbrokers.co.uk/human-factor-cyber-risk/

Cyber insurance is also a very valuable asset to have in that it provides insurance protection and offers an incident response service so that businesses can effectively manage a data breach.

 

Image : Shuttertock

How Secure Is Your Supply Chain?

Supply Chain

Many businesses are now reliant on third parties in order to function and to provide their goods or services. These third parties are likely to form a supply chain providing such capabilities as IT services, HR outsourcing and hosting services.

The calibre of these services can vary greatly be they a large conglomerate to small local business. Each suppler will have they own cyber security processes and procedures that should be embedded within the business….. but in practice is this the case and what is the impact on a business if they suffer a cyber security breach?

With reliance now placed on a supply chain it is important that due diligence is carried to ensure that this resilience is in place.

What sort of processes can be carried out in order to provide some assurances?

  • Regular cyber security audits of third party vendors
  • Prioritization of vendors for critical services
  • Review of data monitoring standards of third parties
  • Ensure own security procedures remain at a high standard enforcing regular patching and installation of latest firewalls.
  • Managing of privileges provided outside of the business
  • Robust procurement processes for new vendors
  • Management of contractual liability with the vendor in the event of a possible data breach
  • Due diligence of cloud service providers
  • Insurance checklist for professional indemnity and or cyber insurance by the vendor
  • Review interconnected devices to managed The Internet of Things ( IoT) exposures

The supply chain of a business can be their weakest link and managing this should be given the same level of attention as the internal cyber risks that exist.

The National Cyber Security Center publish a list of some of the risks that businesses should look out for :-

https://www.ncsc.gov.uk/content/files/protected_files/guidance_files/Cyber-security-risks-in-the-supply-chain.pdf

The consequences of a third party suffering a compromise of their computer systems could lead to  the following:-

1.Business Interruption

2. Reputational Damage

3.Regulatory Actions and Fines

4.Loss of customers

5.Costs incurred to the business to rectify loss of data or damage to computer systems

6.There have been a number of high profile data breaches where losses have emanated from the supply chain :-

Target

In December 2003 hackers gained access to the heating and ventilation system of the retailer Target. As a result of network credentials being stolen from a mechanical services engineer the hackers were then able to gain access to credit and debit card data of customers. The cost of the breach is thought to be close to $300M with 100 million individuals being affected and the CIO of Target resigning soon after the breach.

Stuxnet

This was a malicious computer worm that targeted automated processes utilized to control machinery on factory assembly lines and systems within the nuclear industry.

It was introduced into a supply network via an infected USB flash drive by individuals that had access to the system It was then possible for the worm to move across the network which scans software that controls machinery and n influence the commands that were given.

NonPetya

Last year NonPetya was a malicious code aimed at software supply chains. The targets were outdated and unpatched Windows systems utilizing the EternalBlue vulnerability which hit many global businesses such as WPP DLAPiper and Maersk.

The hackers initially breached a financial services company in the name of MeDoc which was a third party software service readily utilized by goverments. Once access had been obtained they were able to install malware on their software which was then distributed to end users when the latest update was downloaded.

A report earlier this year by Symantec reported that there had been a 200% increase over the last 12 months in hackers injecting malware implants into the supply chain to gain access to the organizations computer systems.

https://www.symantec.com/content/dam/symantec/docs/reports/istr-23-2018-en.pdf

Perhaps one of the keys to ensuring that a supply chain is secure is to try and enforce the supply chain to have in place similar robust cyber security procedures and practices to the business in order to manage the evolving cyber risk landscape that exists.

 

Image : Shutterstock

Tackling the Cyber Threat at the World Cup

World Cup

The 2018 FIFA World Cup has finally arrived with the expectations for the England team  more subdued than normal…..away from the football pitch the cyber threat landscape will once again present challenges for this major sporting event.  Already this year we have seen the Winter Olympics in South Korea experience wiper malware that hit the internet and TV broadcasting of the opening ceremony.

With Russian hackers having  “home advantage ” it will be interesting to see the attack vectors utilized and how resilient cyber security will be to combat this.

GCHQ have warned the Football Association that both the officials and players could well be targeted by hackers during the tournament.

https://www.theguardian.com/football/2018/jun/12/england-world-cup-squad-targets-russian-hackers

Why the World Cup ?

Major sporting events grab the attention of the entire world but unfortunately this also attracts elements of the population who perceive this as an opportunity to be exploited  ….. the world of cyber crime.

The threat that cyber crime poses to an event such as this is similar to that which exists for any other business but on a much larger scale and with more dramatic consequences due its high profile and the many threat vectors that may exist.

Assessing the Cyber Threat

Some of the targets for cyber criminals are likely to be the following :-

1.The Official World Cup Website

Distributed denial of service (DDoS) attacks preventing access to website by fans.

The accessing of the website by hackers and altering the data such as falsifying the results and tables and providing incorrect information to the public.

Defacement of the website by a hacktivist.

Fans will no doubt access the website via Wi-Fi and vulnerability will exist if they inadvertently log in through a rogue Wi-Fi connection which could lead to the stealing of their personal data.

2.Match Day Tickets

Ticket fraud with the setting up of bogus websites taking fans money and issuing counterfeit tickets.

Website scamming offering last minute match day tickets for the big games with no ticket actually being produced.

3.The Stadiums

Technology will be pivotal in all aspects of the running of the ten stadiums being used in the tournament. Stadium entry, ticketing processing, management of floodlights and associated infrastructure would all be impacted in the event of a cyber attack.

4. Tournament Data 

The event will involve a huge amount of data ranging from credit card data of fans, players confidential information or the database of the organizers which is likely to be targeted by hackers. This could occur through phishing attacks in order to steal personal private information (PPI)and then lead to possible bank fraud of individuals. With GDPR now in force hackers are likely to focus more on stealing data.

5.E-mail Transmission

E-mail scamming could be caused by bogus e-mails set up to obtain players and officials personal information that is disseminated over the internet. The numerous sending and exchanging of e-mails also presents an opportunity or spamming.

6.Media Coverage

World wide coverage will be provided to this event by television companies who will be reliant on technology and the service could be interrupted or even blacked out by a hacker wishing to cause transmission downtime.

7. Computer Network 

The spreading of a malware attack within the internal computer network and third party providers could cause enormous interruption to the running of the tournament. The reliance on technology reaches far and wide ranging from the transportation network to close circuit TV surveillance systems.

8. Mobile Applications 

Fake mobile apps devised by developers to give the impression of the official FIFA app.

9.Cyber Terrorism

Cyber terrorism could occur in a number of forms. A ransomware attack would limit or entirely restrict the use of computer systems affecting many aspects of the tournament.

There may be political motivation from countries that want to disrupt the tournament. This could be to make a political stand on an issue or perhaps a country that failed to reach the finals or a country that has controversially been knocked out of the competition.

The threat of remotely controlled drones by cyber terrorist entering a stadium causing disruption and delay to matches.

10.Social Media

Infiltration of social media websites by hackers of the tournament and personal accounts pose a threat to fans , players and officials privacy.

Cyber Risk Management Program

FIFA will no doubt have in place a comprehensive cyber risk management program to manage the World Cup  which is likely to be broken down into the following :-

  • Identification of cyber risk vectors
  • The mitigation of cyber risk within the tournament
  • The transfer of residual cyber risks that they are unwilling or unable to manage.

Cyber Insurance

Cyber Insurance can assist with the transfer of cyber risks by the following insurance modules :-

  • Network Security Liability
  • Data Privacy Liability
  • Multimedia Liability
  • Network Business Interruption
  • Data Asset Protection
  • Cyber Extortion
  • Crisis Management

A cyber insurance policy also provides post breach vendor assistance helping with data breach notification , forensic investigation and public relations.

Image : Shutterstock