February

Remote Working – Is Your Data Safe?

by
Data Safe

Keeping data safe in the current climate with a significant proportion of the workforce still working from home is one of the biggest challenges faced by individuals and the business world.

Covid-19 has bought about many changes to our daily lives and highlighted how important it is that data is adequately protected from being compromised inadvertently or from a cyber-attack.

We deal and handle enormous amounts of data at home and at our workplace and this is now concentrated at one place in our remote locations.  The security of this data is therefore more vulnerable with reliance on individuals as to how they take precautions to protect this data.

The ICO have recently posted their top ten tips to help make data secure whilst working from home.

https://ico.org.uk/for-organisations/working-from-home/how-do-i-work-from-home-securely/

  • Follow your organisations policies, procedures and guidance
  • Only use approved technology for handling personal data
  • Consider confidentiality when holding conversations or using a screen.
  • Take care with print outs
  • Don’t mix your organisations data with your own personal data.
  • Lock it away where possible
  • Be extra vigilant about opening web links and attachments in e-mails or other messages
  • Use strong passwords
  • Communicate securely
  • Keep software up to date

Phishing

It is very easy to inadvertently provide data and one of the most common methods that hackers use is that of phishing. Keeping data safe from such techniques means that you have to be extremely vigilant. Clicking on an e-mail link where you are uncertain of it’s origin could lead to your personal details being divulged.

With this data it is possible for hackers to build up a comprehensive profile of an individual. This can lead to identity theft and subsequently fraudulent activity on bank accounts, the application for jobs and a whole variety of scams that could lead to financial loss to an individual.

Keeping data safe is a constant challenge – our mobiles are used as much if not more that our wallets or purses and we tend to use our mobiles far more and with this increases the dangers of safeguarding data.

Image : Shutterstock

Norsk Hydro – A Ransomware Case Study

by

Norsk Hydro, the Norwegian aluminium manufacturer were hit by a ransomware attack in March 2019. The company is one of the largest aluminium producers of its kind with smelting plants and factories in 40 countries being managed by their 35,000 employees.

The ransomware attack impacted on their production in Europe and the US which resulted in the company having to revert to manual operations to manage their industrial control systems albeit on a much slower basis than normal whilst they battled against the ransomware attack.

Parts of the business were however still operational which allowed a degree of production to still be maintained.The stoppage of the primary metal and rolled products had some operation impact from a business interruption perspective.

The CFO announced that the ransom bitcoin demand had and will not be paid as they attempted to restore the company’s software and preserve their data.

The cause of the cyber attack was as a result of an employee opening an infected e-mail from what was thought to be a trusted customer which allowed the hackers to gain access to their IT infrastructure and put in place the ransomware virus.This was an example of an Advanced Persistent Threat (APT).

The type of ransomware is thought to have been LockerGoga which enables hackers to encrypt computer files very quickly which are then locked with a ransom demand then being made to release them. The hackers also threatened to increase the ransom should their be any be any delays in paying to add further pressure to the situation.

Norsk Hydro made three quick decisions which helped mitigate the attack:-

  • The CFO announced that the ransom bitcoin demand had and will not be paid.
  • Microsofts cybersecurity team ( Detection and Response Team know as DART)  were engaged to help restore the operation.
  • Norsk Hydro were very transparent about the attack and hosted daily webcasts and press conferences providing updates on the attack which does not normally occur.

A special team was build up in the coming weeks which helped the business re over and reconstitute its business operations . This helped remove the threat posed by the hackers and to understand the mechanism of the ransomware attack.

Norsk Hydro shared a video of how they dealt with the ransomware attack in their Toulouse plant.

https://securityboulevard.com/2019/04/norsk-hydro-shares-a-4-minute-video-on-how-its-employees-stood-up-for-the-firm-post-an-extensive-cyberattack/

The financial impact of the ransomware attack is through to be in the region of $70- 80M. NorskHydro also purchased a cyber insurance policy which is believed to date to have paid out $33M.

Image : Shutterstock

What is Cryptomining?

by
Cryptomining

So what is Cryptomining ? 

This is an emerging cyber threat to businesses where hackers gain access to cryptocurrencies by utilizing a computers’ processing power .

A recent report by Checkpoint Research revealed that 20% of companies are the subject of cryptoming attacks every week and a leading source of malware attacks.

https://www.checkpoint.com/press/2019/cryptominers-hit-10x-more-organizations-than-ransomware-in-2018-but-only-1-in-5-it-pros-aware-of-infections-shows-check-points-2019-security-report/

How is Cryptomining carried out ?

This involves the use of a computers’ processing power to solve very complexed mathematical equations in order to confirm that cryptocurrency transactions are as they should be. As a sign of reward the cryptocurrency provides a specific amount of the cryptocurrency to the user who has verified the transaction the quickest.

The more computers utilized the quicker that it is possible to mine the cryptocurrency in question, this however does generate an enormous amount of actual processing power and bandwidth which in turn requires a great deal of electricity to facilitate this.

Out of the 21 million bitcoins available, 17 million have already been mined leaving just 4 million.

How do Hackers infiltrate the computer system?

  • Hackers can fool a user to download a cryptomining code to their computer system via a phishing attack normally disguised in an e-mail where a link is innocently clicked upon. This will then be activated so that the code can access the computer.
  • An alternative to this is where a user visits a website that contains a code which operates in the background to mine cryptocurrency.
  • Similarly a user could click on an ad pop up where again it operates without the user knowing whilst the code takes advantage of the processing power of the computer.

The principle concern with cryptomining is that these forms of cyber attacks can go undetected for sometime without the user being aware of what is happening to their computer system.

Proactive Risk Management 

When a cryptomining incident has been discovered it is of course too late to do anything about but measures should be put in place to avert a reoccurrence these can include:-

  • Ensure all computer systems are effectively and regularly patched
  • Make regular back-ups are carried out.
  • Improved training of users so that a potential attack can be identified.
  • Implementation of zero day prevention techniques
  • The cloud is a common threat vector for cryptomining and focus should be given on the latest security protection available.

Cyber Insurance

This form of specialist insurance can provide coverage for cryptomining where a business suffers a financial loss arising from this type of cyber attack. Just as important is the vendor services that this policy provides which includes forensic investigation and the use of legal assistance in managing and mitigating this form of cyber attack. 

 

 Image : Shutterstock

Winter Olympics Viewed As Cyber Target

by
Winter Olympics

The Winter Olympics has already captured the attention of hackers and with this major event only a few days away the cyber threat is very real …..

Hackers have already targeted the Winter Olympics with a number of organisations being subject to attacks in an effort to gain access to sensitive information.

MacAfee have revealed that a hacking campaign has been in place for a while which appears to be backed by a nation state . The targets have been ice hockey teams and ski-ing suppliers discovered.

https://www.wired.com/story/pyeongchang-winter-olympics-cyberattacks/

Why the Winter Olympics?

Major sporting events grab the attention of the entire world but unfortunately this also attracts elements of the population who perceive this as an opportunity to be exploited  ….. the world of cyber crime.

The threat that cyber crime poses to an event such as this is similar to that which exists for any other business but on a much larger scale and with more dramatic consequences due its high profile and the many threat vectors that exist.

The Cyber Threat Landscape

Some of the targets for cyber criminals are likely to be the following :-

1.The Official PyeongChang 2018 Website

Distributed denial of service (DDoS) attacks preventing access to website by fans.

The accessing of the website by hackers, altering the data such as falsifying the results and interfering with medal tables.

Defacement of the website by a hacktivist.

Spectators and visitors will no doubt access the website via Wi-Fi and vulnerability will exist if they inadvertently log in through a rogue Wi-Fi connection which could lead to the stealing of their personal data.

2.Event Tickets

Ticket fraud with the setting up of bogus websites taking fans money and issuing counterfeit tickets.

Website scamming offering last minute match day tickets for the big events with no ticket actually being produced.

3.The Venues

Technology will be pivotal in all aspects of the running of the 15 venues being used in PyeongChang . Entry to the venues, ticketing processing, management of lighting and associated infrastructure would all be impacted in the event of a cyber attack.

4. Competitors Data 

The event will involve a huge amount of data ranging from credit card data of spectators, athletes confidential information or the database of the organizers which is likely to be targeted by hackers. This could occur through phishing attacks in order to steal personal private information (PPI)and then lead to possible bank fraud of individuals. Brazil does have an established reputation for on-line banking fraud.

5.E-mail Transmission

E-mail scamming could be caused by bogus e-mails set up to obtain athletes and officials personal information that could be disseminated over the internet. The endless sending and exchanging of e-mails also presents an opportunity or spamming.

6.Media Coverage

World wide coverage will be provided to this event by television companies who will be reliant on technology and the service could be interrupted or even blacked out by a hacker wishing to cause transmission downtime. For example a video re-run of the 200 m final could be disrupted by a ransomware attack.

7. Computer Network 

The spreading of a malware attack within the internal computer network and third party providers could cause enormous interruption to the running of the numerous events taking place. The reliance on technology reaches far and wide ranging from the transportation network to close circuit TV surveillance systems.

8. Mobile Applications 

Fake mobile apps devised by developers to give the impression of the official Winter Olympics app. Smartphones area also at risk if stolen and personal data is sourced.

9.Cyber Terrorism

Cyber terrorism could occur in a number of forms. A ransomware attack would limit or entirely restrict the use of computer systems affecting the running of the Winter Olympics.

There may be political motivation from countries that want to disrupt the event. This could be to make a political stand on an issue or perhaps a country that failed to win an event or perhaps a competitor that was disqualified and the country that was represented takes retaliation.

The threat of remotely controlled drones by cyber terrorist entering an event causing disruption and delay to matches.

10.Social Media

Infiltration of social media websites by hackers of the tournament and personal accounts pose a threat to fans , players and officials privacy.

Cyber Risk Management Program

The International Olympic Committee will no doubt have in place a comprehensive cyber risk management program to manage the programs of events which is likely to be broken down into the following :-

  • Identification of cyber risk vectors
  • The mitigation of cyber risk within the tournament
  • The transfer of residual cyber risks that they are unwilling or unable to manage.

Cyber Insurance

Cyber Insurance can assist with the transfer of cyber risks associated with sporting events by providing the following insurance modules :-

  • Network Security Liability
  • Data Privacy Liability
  • Multimedia Liability
  • Network Business Interruption
  • Data Asset Protection
  • Cyber Extortion
  • Crisis Management

A cyber insurance policy also provides post breach vendor assistance helping with data breach notification , forensic investigation and public relations.

The Winter Olympics is global event that is reliant on technology which does make it especially vulnerable to cyber security threats, it is therefore important that these are recognized and measures are put in place to mitigate the potentially severe consequences that could impact on the games.

This post is based on “Rio 2016 – The Cyber Threat”

http://cyberbrokers.co.uk/rio-2016-cyber-threats/

Image : Shutterstock

 

Navigating Cyber Risk At Sea

by
Cyber Risk

Navigating Cyber Risk At Sea  

The maritime sector is not immune from the every day cyber risks that other transport industry sectors experience. with a high reliance on technology giving rise to similar cyber risk profiles and the ensuing threats vectors.

Ships that are now built rely on software to run their engines and GPS navigational systems to move from A to B, the impact therefore of a cyber attack from a hacker has the potential to cause severe disruption to the running of the ship.

There is an apparent lack of under reporting of cyber attacks in the shipping world with the true extent of cyber attacks not yet really known.

Cyber risk does not only exist at sea , cargo handling and container tracking at ports are also very dependent on technology which forms part of the cyber threat landscape that ships face.

To help this sector manage safety and security The International Maritime Organization, a United Nations agency released a set of draft guidelines on maritime cyber risk management which identified the following key areas:-

  • Identify: Definition of the roles and responsibilities for cyber risk management of individuals in order to assess cyber risks
  • Protect: The implementation of risk control processes to manage cyber attacks
  • Detect: The installation of systems to detect new and existing cyber risks
  • Respond: Procedures in place to provide cyber resilience and the ability to restore computer systems
  • Recover: Effective recovery procedures to back up and restore shipping operations

http://www.imo.org/en/MediaCentre/HotTopics/piracy/Pages/default.aspx

Possible Types of Cyber Threats

1.Hackers accessing a shipping management systems so that data can be accessed providing details of future shipments and route.

2.Hackers utilizing a GPS system to direct a ship to unsafe waters which may lead to an attack from pirates so that cargo can be stolen

3.Cyber terrorist hacking into a cruise ships’ navigation system in order to cause loss of life or some form of physical damage to the ship.

4.Curtailment of a transportation ship by hackers accessing navigational systems and delaying the ship in reaching it destination and causing goods to perish.

5.The hijacking of a oil tanker via its GPS system by a hacker which leads to the tanker being taken to a different destination.

6. The cyber extortion of ships’ navigational systems that paralyzes it therefore making it is unable to move or reach its’ end destination.

The emerging cyber threat of the Internet of Things is also an new area of concern that will become more prevalent in the coming years.

Can Insurance Help?

The majority of Marine Insurance policies include a cyber attack exclusion clause which is likely to lead to the sector considering the purchase of a stand alone specific cyber insurance policy which will address a number of the associated cyber risks that the maritime sector faces.

It must be stressed that insurance is only part of the process of the cyber risk management process and should be treated as such.

Image : Shutterstock

Should we share Cyber Security information ?

by
cyber security

Should we share cyber security information ?

Is this a good idea… there are very good reasons why we should share cyber security information and there are also reasons that perhaps it may not be such a good idea.

The current landscape seems to be moving towards the sharing of this confidential and sensitive information with regulation being imposed on both sides of the Atlantic in recent months to promote and encourage the sharing of cyber security information.

At the end of last year  the EEC announced The Network and Information Security Directive (NIS) which is a security and reporting directive for companies in critical business sectors , namely transport , energy , health and finance. This is also applicable to the businesses such as Google and Amazon.

This Directive includes a requirement to report cyber security breaches which is aimed to encourage greater visibility of cyber crime and data breaches within companies and for companies to address their own cyber security.

It is anticipated that this will be ratified in the Spring, with implementation anticipated within the next two years.

In the US , also at the end of last year, the Cybersecurity Information Sharing Act (CISA) was passed by the Senate which allows companies to share cybersecurity threat data with the Department of Homeland Security (DHS) and other federal agencies. A number of bodies that already exist in the US which include the sharing of cybersecurity information . These include Enhanced Cybersecurity Services (ECS) which is a  voluntary information sharing program and whose aim is to help better protect busineses customers and the National Cybersecurity and Communications Integration Centre (NCCIC) which shares  information with public and private sector partners.

In the UK the Cyber-security Information Sharing Partnership (CiSP) exists which is part of CERT-UK . This is a joint industry government initiative set up to share cyber threat and vulnerability information in order to increase overall awareness of cyber threats and help mitigate the impact this may have on UK businesses.

The British Insurance Brokers Association ( BIBA) have recently endorsed (CiSP) to encourage insurance brokers to join CiSP to share the knowledge of over 4000 cyber-security professionals from over 1500 organisations. The government is also very keen that the insurance industry works closer with cyber security professionals and it is likely that we will see evidence of this in the future via associations and collaborations.

Let’s now review the positives and negatives of sharing cyber security information :-

Positives

  • It provides information to business on the latest forms of malware, spear phishing campaigns, and known malicious domains
  • Improvement in technology to combat the latest forms of security threats
  • Information derived from claims that insurers can assess / rate and improve the coverage under cyber insurance policies.
  • Assessment of insurers aggregation
  • Information to help insurers analyse cyber catastrophe models
  • Provision of knowledge to help anticipate future terrorists lead cyber attacks

Negatives

  • Possible release of confidential information of cyber attacks and data breaches to third parties
  • The information provided may impact on a company to carry out businesses with existing customers being concerned with poor cyber security measures.
  • Collateral damage to reputation of a business and impact on stock market share price
  • Hackers gain access to extremely sensitive data bases
  • Perceived by some that “big brother” is spying and will encourage surveillance of businesses
  • Inadvertent sharing of personally identifiable information

The cyber security industry also has an important role to play as they are arguably possess the greatest amount of cyber security data, this is no doubt considered valuable intellectual property and there would be a reluctance to readily share this to a wider audience without distribution to secure destinations.

The sharing of cyber security information is more advanced in the US than the EEC / Rest of the World and is reflective of two very differing cyber landscapes , with the US being more mature in terms of number and size of cyber security breaches and the existing litigation that helps drives notification.

The sharing of cybersecurity information definitely has a role to play in the development of the improvement of cyber security and the defence of cyber attacks that can threaten a business……  how it is shared is perhaps the current dilemma facing governments and regulators.