It only seemed like yesterday when we were celebrating the start of 2019, but all of a sudden we find the evenings closing in and we realise it’s October already. With October comes Hallowe’en and all things spooky! But ghosts, ghouls and excited children brandishing Trick or Treat goody bags are not the only threatening things on our radar here at Ignite Digital HQ! For us, October also highlights another threat…one that if left ignored could prove to be far more sinister than any Halloween costume!
October is Cyber Security Awareness Month.
In today’s technology-infused world where the cyber-threat landscape is constantly evolving, staying safe online and protecting our data is an absolute must. The list of potential threats is getting longer and appears to be endless. Many cyberattacks may hit closer to home than we think. As hackers, ransomware and malware all become more sophisticated, so too must the tech used to detect these threats and protect our systems.
This week Our Week in Digital is recognising Cyber Security Awareness Month and we’ll use this issue to highlight the threat of Cyberattacks. We have picked out the stories which address the risks across the ecosystem. We look at the broader picture AND delve a little deeper. We’ll look into the impact cyberattacks have on our data and what large companies are doing to inform and influence the evolution of this space.
Cybersecurity breaches to increase by 70% over 5 years.
This week, Juniper Research has released data to suggest that the cost of data breaches will rise from $3 trillion each year to over $5 trillion in 2024. This is an average annual growth of 11%.
The Future of Cybercrime & Security: Threat Analysis, Impact Assessment & Mitigation Strategies 2019-2024 noted that these costs will primarily be driven by increasing fines for data breaches as regulation tightens.
The $5 trillion figure also includes loss of business costs as enterprise becomes more dependent on the digital realm. Ransom and Malware attacks have the potential to hinder or stop trade entirely. As such they hold very real financial implications for business should they come under fire from aggressive cybercriminals.
The report detailed that Cybercrime is set to become increasingly sophisticated. It highlighted the suggestion that cybercriminals will use AI to learn the behaviour of security systems. This mirrors the way in which cyber security firms currently employ AI technology to detect abnormal behaviour.
The research also highlights that the evolution of deep fakes and other AI-based techniques is also likely to play a part in social media cybercrime in the future.
Despite the potential threats cybercrime holds for enterprise, the research also points to the fact that cyber security is not necessarily gaining traction with system users. Cyber security will have to become more ingrained in corporate culture and the technologies used if businesses are to protect their systems from the very real threats which loom on the digital horizon.
How will this impact security awareness training?
In line with this assertion, Juniper’s research expects that security awareness training will become an increasingly important part of enterprise cyber security practice.
Research author, Susan Morrow has remarked;
“All businesses need to be aware of the holistic nature of cybercrime and, in turn, act holistically in their mitigation attempts.” She goes on to say, “As social engineering continues unabated, the use of human-centric security tactics needs to take hold in enterprise security.”
In the wake of current research and headlines such as these, businesses are increasing their cyber security budget allocation. Enterprise is bolstering both their technology and cybersecurity teams to strengthen their defences. We have certainly witnessed an increase in our clients’ requests for cyber security talent. We have recently placed a number of these professionals spanning a host of roles across the IT security space.
These companies have realised that “cyber security” is not a role that can be generalised. They have taken their time to assess the needs of their business to ensure they can work alongside us to tailor a solution personal to their requirements.
Can we help find the talent to boost your security defences? Maybe you are an IT security professional looking for your next contract or permanent position…Get in touch with us today.
It has been reported this week that one of the world’s leading cyber security solutions businesses, Comodo, have suffered a forum hack. This goes to show that even the experts can fall foul to cyberattacks.
Comodo Internet Security provides an Internet security suite. It includes an antivirus program, personal firewall, sandbox and a host-based intrusion prevention system.
Despite this though, they have confirmed that a hacker has exploited a vulnerability in vBulltin. vBulltin is a popular forum software used by Comodo. The flaw in question requires little skill to exploit and allowed the hacker to remotely run malicious code on a vulnerable forum. In this instance, the exploit was used to dump the entire user database.
The Exploit code itself was released at the end of September. Two days later vBulletin released patches for the software. However, the company failed to immediately patch its forum software. This is despite claims that security is taken “very seriously” and is a “top priority”. Just four days after the patches were released the forum was hacked.
How has it impacted people?
In its statement, Comodo confirmed that they currently have 245,000 registered forum users whose data was at risk. Hackers stole the usernames, names and the email addresses of some of these contributors. It was also revealed that they had managed to access the last used IP address of these victims. Some social media handles were also stolen as part of the attack.
This is certainly damaging, especially when it is considered that Comodo professes to be “global leaders” in their field. Indeed, this is Comodo’s second security faux-pas this year. They suffered a former breach involving an exposed password. It allowed a security researcher access to the company’s intranet and access to internal files and documents.
Although this may not be the largest attack on record, it just goes to show that even the most security-aware can become victims of cybercrime. Cybercrime is a very real threat and one which we cannot ignore.
Following a ransomware attack, three Alabama hospitals have been forced to refuse care to all but the “most critical” patients.
DCH Health System has been forced to turn patients away after they revealed that:
“A criminal is limiting our ability to use our computer systems in exchange for an as-yet-unknown payment”.
It is not yet known what group or individual launched the ransomware. However, one security expert has confirmed that the groups using ransomware were becoming increasingly well organised and more sophisticated.
How common are these attacks?
UK-based cyber security expert Kevin Beaumont has commented that:
“Unfortunately the groups breaking into individual computers at organisations are becoming rapidly better at obtaining access across networks, and then causing chaos with a goal to being paid,”
Not only are these attacks becoming more advanced, they are also becoming more frequent. Seven Australian hospitals have also reported disruptive ransomware infections. Indeed, the Victorian Government Cyber Incident Service has had to respond to more than 600 cyber-attacks since July 2018.
Elective surgical procedures have had to be cancelled and multiple computer systems have had to be disconnected as a result. Ransomware attacks such as these are incredibly debilitating and can take weeks or even months before normal service can resume.
In his analysis, Beaumont advises that companies and public service organisations need to review their security procedures. They should ensure that backups are in place and that these backups have been recently tested. In the event of an attack, data and systems can then be restored as quickly as possible with the minimum of disruption.
BlackBerry launch new Cyber security Lab.
The unit will be driven by BlackBerry CTO, Charles Eagan. He will lead a team of 120 researchers, security experts, software developers, architects, and more. They will work “at the forefront” of cyber security research.
It has been revealed that at the start, this expert team will concentrate on Machine Learning. They will explore ways in which AI can be leveraged to improve security in cars, mobile devices and other IoT appliances.
Eagan told news sources that
“…the purpose of this new division is to integrate emerging technologies into the work we’re currently accomplishing.”
He went on to say that the R&D centre will concentrate on:
“looking at applying machine learning to our existing areas of application, including automotive, mobile security, and so on. As new technologies and threats emerge, BlackBerry Labs will allow us to take a proactive approach to cybersecurity, not only updating our existing solutions, but evaluating how we can branch out and provide a more comprehensive, data-based, and diverse portfolio to secure the internet of things.”
Eagan believes that the next generation of connected products is hovering on the horizon. He predicts that they will explode on the scene sooner than experts previously anticipated. As a result, we need to be ready. It is crucial that experts can investigate how machine learning can better understand and manage the policies and identities of these connected devices.
The evolution of BlackBerry
BlackBerry has enjoyed a regeneration. Their transformation from phone maker to software and services specialist has been well documented. Today, BlackBerry’s focus is on the B2B realm. It offers software systems for the automotive industry, including info-tainment and autonomous vehicles. Many of these applications offer to address the security concerns of connected devices.
Perhaps in a move to further re-invent themselves, BlackBerry acquired AI-powered cybersecurity startup Cylance for $1.4bn. At the time, this was in-line with BlackBerry’s effort to become “the world’s largest and most trusted AI-cybersecurity company”.
The integration into BlackBerry of Cylance’s core product is expected to be completed early next year. The new cyber security unit is working to set a steady foundation on which the amalgamation of BlackBerry & Cylance can grow and thrive.
Eagan believes that the Cylance acquisition will strengthen their portfolio and the personnel behind the product;
“The addition of the BlackBerry Cylance team has given us an influx of talent that has proven a real boon for our company’s plans to better understand and adopt AI-based technology”.
He goes on,
“Implementing and integrating AI-based solutions, like those pioneered by BlackBerry Cylance, is certainly a focus for our team moving forward, but we remain committed to growing and hiring talent that will work alongside automated processes to ensure the best result possible for all users and organizations.”
A hacker going by the alias Gnosticplayers claims to have successfully hacked Zynga’s popular social mobile game, Words with Friends.
It is believed that he has gained access to a database of information on more than 218 million users. The data breach allegedly affects all Android and iOS players who installed Words With Friends before September 2, 2019.
The same hacker made headlines earlier this year when he stole and sold almost a billion user records from nearly 45 popular online services.
The Zynga breach is such big news because it has so many players. In fact, more than a billion people have played the company’s games. The San Francisco company did not reveal the number of affected people. However, it was revealed that the hacker reportedly got access to a whole gamut of information.
At the current time, it is not thought that any financial information was accessed during the attack. However, the names, email addresses, login IDs, hashed passwords, SHA1 with salt, password reset tokens (if ever requested), phone numbers (if provided), Facebook ID (if connected), and Zynga account ID was stolen from all the affected customers.
Saying that suffering a security breach was one of the “unfortunate realities of doing business today”, Zynga has launched an investigation into the hack. They have also called in outside third-party forensics firms to assist as well as informing law enforcement agencies. Customers are being notified of any suspicious logins and are Zynga are suggesting that they change the passwords to their accounts.
That ties up this Cyber security edition of Our Week in Digital.
Cyber and IT security is clearly a huge issue and one that affects us all. This is reflected by the worldwide efforts to educate and inform about what we can do to protect ourselves online. Despite this though, the UK is suffering a cybersecurity skills shortage of epidemic proportions. More than 50% of UK businesses have reported having a “basic technical cybersecurity skills gap”.
In our latest blog post, our Talent Acquisition Specialist, Allison investigates just how much of a problem it really is, and what UK enterprise can do to address it.
Over the course of October, campaigns such as European Cyber Security Month (ECSM) will look to raise awareness, change behaviours, and provide accessible resources in order to educate people on how to stay safe online.
In a world increasingly vulnerable to cyberattacks, advocacy campaigns such as ECSM are vital in order to educate and increase awareness around the importance of ensuring you are safe and secure online.
Let us know what you think. We’d love to hear your thoughts. Leave your comments below!