Cyber Risk

The Cyber Security Threats For 2020

by
Cyber Security Threats

Cyber Security threats are evolving all the time making it extremely difficult for business to combat this and it is now even more important to have in place the appropriate protections to keep them safe from hackers.

The same core cyber security threats still exist but these are becoming more sophisticated and difficult to trace and prevent.

Ransomware   

Ransomware is now not just used as a scatter gun approach but is now being more targeted at businesses where ransom demands are now much larger than before. The decision now becomes to pay the ransom in order to obtain the decryption key to mitigate the interruption to the everyday operation of the organisation or to hold out and rely on the back-ups in place that hopefully would not be corrupted. New strains of ransomware are also appearing and becoming increasingly difficult to repel.

Phishing Attacks

These types of threats remain prominent and despite an increase in training by companies to help employees spot such attacks, commonly sent via e-mails, success is high for hackers still reaping rewards.

Internet of Things

The interconnection of devices is increasing at an alarming rate with all aspects of life now being connected from the office to the home . The concern is that people are more reliant on this and this provides greater opportunity for hackers to access a network and cause disruption.

The Supply Chain

The supply chain of any business is in many cases fundamental to its operation where this be the supply of technology or the provision of non IT services. The cyber security of such entities is in a number of cases not as robust as the principal business and should their IT be compromised this can lead to a hacker gaining access up the line.

The Insider Threat

This remains a prominent threat and is to an extent still hard to predict as this is determined by human nature. Even with the most sophisticated firewalls in place if an employee is determined enough to steal data they will succeed. It will be interesting to see how the Morrisons case develops which laid down that businesses are vicariously liable for the actions of employees in the event of a data breach of their employees personal data.

Artificial Intelligence  ( AI)  

AI as it is know is perhaps the newest of the cyber threat vectors that now exist and is the most unknown but potentially the one that could cause the most disruption. It is also the most difficult to defend against. Deep Fake videos are a fast developing area where a believable video conference call from what is thought to be the CEO could have been created by AI , this could lead to misinformation being relayed within the company and impact business decisions.

Image : Shutterstock

Deep Fake – Do You Believe ?

by
Deep Fake

Deep Fake is emerging as a prominent new cyber threat which businesses are now facing and need to implement measures to counteract.

What is Deep Fake?

Deep Fake is a method that combines and superimposes existing images and videos onto source images onto source images and videos using artificial intelligence. It uses a machine learning  technique known as generative adversarial network (GANS)and first emerged towards the end of 2017.

Video content has historically been very difficult to change but with the use of artificial intelligence this has helped make the process easier.

What are the typical threats?

  • Creating an emergency situation that is not real and causing panic.
  • Disruption to an election by false statements
  • The making of a false announcement to directors and shareholders
  • An image of a director requesting the fraudulent transfer of funds.
  • Posing falsely as a partner that may affect a relationship
  • False video of a celebrity in compromising situations.

How are Deep Fakes detected?

Sophisticated deep fakes are difficult to detect where as the more amateurish ones can be spotted quite easily such by a lack of blinking or shadows of individuals that do not seem to be in the correct position.

It is also possible for them to also be trained to avoid detection and is therefore a cyber threat that is hard to combat.

Last week Google released a database of 3,000 deep fakes to alter faces and to make people say things they never said. These were of course actors the purpose of this was to help researchers build tools required to take down harmful fake videos that could cause distress to individuals and harm to businesses.  https://nakedsecurity.sophos.com/2019/09/27/google-made-thousands-of-deepfakes-to-aid-detection-efforts/

Well Known Deep Fakes

Deep fakes have been carried out on many famous individuals from Donald Trump to Tom Cruise and Theresa May.

Here are some examples

https://www.creativebloq.com/features/deepfake-examples

The Future of Deep Fakes

The world of Deep Fakes will no doubt develop beyond a level which makes them impossible to differentiate between what is real and what is not – this is one race that hackers seem to be so far ahead that it will be difficult catch them.

Image : Shutterstock

Ransomware Is Still A Major Threat

by
Ransomware

Ransomware still remains one of the main methods that hackers utilise to carry out cyber attacks on businesses.

New strains of viruses are emerging all the time one such type is Sodinokibi which is only three months old but has had a significant impact already. It is also know as Sodin and REvil and connected to a previous form of ransomware called GrandCrab.

It is beloved that the average ransom demand for Sodinokibi in May was $150,000 against $50,ooo for other forms of ransomware. The largest recorded to date is $500,000.

Furthermore according to a report by Coveware, an incident response company the average downtime from a ransomware attack during the first part of this year has increased from 7.3 days 9.6 days which is believed to be due to the impact of this new ransomware.

The use of  Sodinokibi is also on the increase so much that it now accounts for 12.50% of the overall market.

Attack Methods

Sodinokibi is a ransomware-as-service (RaaS) and is used to attack both businesses and consumers and use various attack methods that include the following:-

  • Acting as malicious spam
  • Phishing attacks
  • Malvertising
  • Exploitation  of vulnerabilities in Oracle

The Signs of this Ransomware Infection

The normal signs of a ransomware attack are displayed when a computer system has been compromised by Sodinokibi this being changes in the desktop wallpaper and the announcement of the attack by way of a ransom note.

https://www.zdnet.com/article/sodinokibi-ransomware-is-now-using-a-former-windows-zero-day/

How it Happens

Files are encrypted on local drives by an encryption algorithm renaming all files with a pre-generated pseudo- random alpha- numeric extension that can be up to eight characters in length. This type of ransomware appears to target files which are mainly media related.

It also has been found to delete shadow copies of back-up and disables the Windows Startup Repair tool which prevents users from fixing any system errors relating to the ransomware attack.

Sodinokibi is unique in that it does latch on to zero-day vulnerabilities and and allow a Sodinokibi ransomware attacker access to endpoints that it infects replicating tasks that administrators would normally carry out.

How to Try and Prevent an Attack

Creation of back-ups of data on an external drive or on the cloud

Ensure that updates are run on all computer systems and appropriate patching is carried out.

Reinforce training of staff so that they are aware of possible phishing attacks that might carry this ransomware.

Restrict the use administrative tools to the IT team

Disable macro on Microsoft Office products

Cyber Insurance

The purchase of cyber insurance can help manage and mitigate the impact of these form of attack. This type of policy will provide coverage for the investigation costs of such an attack, the cost of negotiating with the hackers and if need be the actual ransom itself.

Image : Shutterstock

Mergers & Acquisitions – The Cyber Risks

by
Mergers and Acquisitions

Mergers & Acquisitions are a complicated process with many facets of risk to consider of the target business – cyber exposures will be one of these but is the correct degree of attention given to this when a multimillion takeover or acquisition is at stake ?

Why are these risks ignored?

Mergers and acquisitions are a very complicated and time consuming activity for a business. Due diligence is undertaken which will involve many facets of the business under consideration. This will include the financial standing, employee numbers and makeup, market share and future prospects of the organisation.

Cyber risk maybe considered during this process but it is doubtful that any in-depth cyber risk management is carried out which could present problems post acquisition / merger.

What cyber security due diligence should be carried out?

  • Examination of the types of privacy risks of the targeted business that they may encounter in their industry.
  • Obtain detailed knowledge of the computer network and passage of date to include the supply chain and use of cloud providers.
  • How data is is managed and in particularly personal data of customers and intellectual property of the organisation.
  • Review of any contractual indemnities with customers and third parties who may suffer a data breach as a result of a cyber security breach.
  • Obtain details of any previous cyber attacks or compromise of data  with details of subsequent measures put in place to rectify similar incidents and improvements in cyber security.
  • Ensure that GDPR compliance has been achieved together with any other relevant regulatory requirements in other geographical locations.
  • Evidence of any cyber insurance being in place and review of adequacy together with details of claims made under the policy.
  • Review of their incident response and business continuity plans with proof of the testing of these.

The Verizon and Yahoo Merger 

In February 2007 Verizon Communications Inc purchased Yahoo Inc’s for $4.48 billion, but lowered  its original offer by $350 million in view of two significant cyber attacks that hit the internet business.

https://www.reuters.com/article/us-yahoo-m-a-verizon/verizon-yahoo-agree-to-lowered-4-48-billion-deal-following-cyber-attacks-idUSKBN1601EK

The takeover agreement included requirements that Yahoo would be responsible for any subsequently discovered cyber incidents.

Cyber Insurance

The existence of cyber insurance will assist with helping to mitigate the cyber risks associated of a proposed acquisition . Insurers will want to know in-depth details of their cyber risk management processes and procedures and only consider inclusion within an existing policy if these are satisfactory.

Image : Shutterstock

The Six Major Cyber Risks of 2019

by
Cyber Risks

What are the six major cyber risks of 2019 that businesses will need to guard against in the perpetual war against cyber criminals.

The cyberthreat landscape is constantly changing with hackers using ever more sophisticated means to gain unauthorised access to computer systems.This coupled with some of the more established tools utilised by hackers produces a cocktail of cyber attacks vectors that provide the ultimate test to cyber risk management of a busines.

Cyber risks come in many shapes and forms and it is likely that we will see the following featuring throughout the world in the coming days and months.

Supply Chain Vulnerbilities

This is proving to be a very real vulnerability with businesses heavily reliant on their suppliers and contractors for services whether this be for the provision of technology services that are fundamental to the effective functioning of the business.

If one of the suppliers systems are compromised this is likely to result if a significant businesses interruption loss where income will be lost and reputation damaged.

http://cyberbrokers.co.uk/how-secure-is-your-supply-chain/

Mobile Applications

We are are all reliant on our smart phones and laptops and end to end encryption of these is therefore of paramount importance. Confidential information and personal data is in abundance on these devices and a hacker will no doubt target such devices that do not have the appropriate security in place.

With the emergence of 5G this it will become increasingly harder to protect mobile applications.

Phishing Attacks

These are well established methods that hackers use to overcome human vulnerabilities.

This is carried out by e-mail compromise where uses click on a link that leads to malware being spread resulting in crippling the computer system or falsely changing a clients bank details to one set up by a hacker which leads to a loss of funds.

Ransomware Attacks

There have been a number of high profile ransomware attacks namely WannaCry and Non-Petya that impacted many countries around the world. Business affected by these include WPP, Maerck and the National Health Serice in the U.K.

A ransomware attack can be very cleverly disguised with many means available to gain access to a computer network. Over the past twelve months ransomware attacks have declined but they still remain a very real threat with different strains of malware emerging. This will only increase and make detection harder awareness of new methods and defense of these will therefore be vitally important to mitigate this on-going threat.

The Morrison’s Effect

As a result of a Morrison’s employee stealing salary details and distributing these to a number of newspapers Morrisons were sued for damages by a number of the affected individuals.

As a result of this it was found after appeal that Morrison’s were vicariously liable for the employees’ actions. The court also stated that the affected individuals could claim for financial loss and emotional distress. It is therefore conceivable that this could open the flood gates for class actions against other such businesses in similar circumstances.

https://www.bbc.co.uk/news/business-45943735

Artificial Intelligence and Internet of Things

Artificial Intelligence (AI) is now developing at an alarming pace as businesses recognized the benefits that machine learning can bring such as increased efficiency in manufacturing and data analysis. this however brings increased cyber risks. It is possible for inter-connectivity to take place which leads to communication with other devices called the Internet of Things (IOT) the result of which can lead to a compromise of systems , loss of data or even physical damage.

Cyber attacks backed by AI would be far greater than a conventional human lead cyber attack causing more damage for longer periods. This is a new emerging cyber threat but it could be one of the most dangerous and damaging as cyber security has not kept pace with the ensuing risks.

Cyber attacks will undoubtably become more sophisticated with the cyber risk landscape becoming more unpredictable and difficult to assess the threat vectors that develop.

Image : Shutterstock

Loss of Reputation – The Biggest Cyber Threat ?

by
Ransom

Is the loss of reputation on the biggest cyber threats that a business faces today ?

A good reputation takes a long to build up but the emerging cyber threat landscape can ruin this reputation in a matter of hours. It is important therefore that businesses have in place a loss mitigation plan in place in order to manage this disaster case scenario.

One of the highest profile cyber attack in the UK was the data breach at TalkTalk where the long term consequences of this still being felt within the business today.

The impact on the reputation a business of a data breach 

  • Loss of existing customers
  • Loss of confidence in the business
  • Competitors exploiting the situation
  • Share price of the business
  • Loss of future earnings
  • The stigma of a data breach
  • The attractiveness of future investment in the business
  • Attracting new employees
  • Bad management of the data breach

Be Prepared 

It is essential that the business has an incident response plan in place in order to manage the cyber attack and the ensuing  fall out that will inevitably occur.  This would include a crisis management and business continuity plan.

These should be regularly updated with “dry runs” carried out in order to ensure that they work effectively..

Cyber Insurance 

This specialist form of insurance can help manage and mitigate a cyber attack at both the very early stages of a data breach and also help the business through the process. This is facilitated through the incident services that an insurer offers as part of the policy benefits . This includes public relations consultants and access to a solicitors so that sensitive data can be handled in the most effective manner.

The policy also provides coverage for reputational harm or business interruption coverage modules, typically this would encompass loss of profits and increased costs of working as a result of the data breach.

Policy wordings and intent vary considerably in the insurance market and it is therefore important that an insurance broker with a specialism in this area is utilized.

Image : Shutterstock