The cyber security spotlight has been directed firmly at ransomware in recent times. Yet a recent report in the United Kingdom highlights the fact phishing remains a real headache for businesses, government organisations and not-for-profits. The Cyber Security Breaches Survey 2019, conducted by the Department for Digital Culture, Media and Sport, found nearly one third of businesses (32%) and about one fifth of charities (22%) experienced cyber-security breaches in the previous 12 months. Of these, 80% of businesses and 81% of charities experienced phishing attacks – a considerably higher percentage than those that experienced viruses, spyware or other malware, including ransomware (27% of these businesses and 18% of these charities).
So what are the key differences between phishing attacks and ransomware attacks – and why are phishing attacks a deep concern for businesses? A phishing attack generally involves a malicious person using social engineering techniques to trick a person into supplying sensitive personal or business information, whereas a ransomware attack (that can be delivered through a phishing communication such as an email) aims to extract a ransom from a victim by locking their files and demanding payment for a key to regain access.
Phishing messages often direct victims to fake websites – that may include branding and information copied from legitimate websites to appear authentic to enter their details.
How do you limit the risk to your business – including your people – of being compromised by a phishing attack? The answer is a combination of education, awareness, technologies and processes. The Australian Government’s Stay Smart Online website includes a list of steps your people and your business can take to minimise the risk presented by phishing. These include advising your people to avoid clicking on links or opening attachments in unexpected or suspicious emails and contacting senders to verify concerning emails, using details sourced from a legitimate website or location. Your business should also install and update spam filters and other anti-malware products to help minimise risk.
Firstwave’s Cloud Email Security product provides advanced, feature-rich and configurable cloud email security services for businesses – powered by its cloud email content security and analytics platform technology. If you would like to learn more, please contact email@example.com.
Businesses beware: ransomware is back and the attacks are more complex and costly than ever. Ransomware campaigns targeting businesses rose in January-March 2019, compared to October-December 2018. Businesses also typically paid out more to the groups behind ransomware to retrieve their files, while infections caused more downtime, on average than during the previous quarter.
These trends – highlighted in research from a range of vendors – represent a continuation of worrying circumstances identified in a Telstra report released last year. The report found ransomware was on the rise and was increasingly targeted. Nearly one third – 31% – of Australian respondents whose businesses had been interrupted by a security breach in the past year were experiencing ransomware attacks on a weekly or monthly basis. This was the highest of all countries surveyed.
These findings highlight the importance of vigilance and preparedness in protecting networks and data. This means educating your workforce and working with partners, customers and participants in your supply chain to avoid clicking on suspect email links or attachments. Ransomware groups often incorporate text in these emails that aim to trick people into clicking quickly on these malicious links or attachments.
Other steps your business should take include ensuring anti-malware products are implemented and up to date and taking regular backups that are then stored in isolated locations. Your business should also document the steps to be taken and the responsibilities of individuals and teams in the event of a ransomware infection. These measures will help minimise loss and disruption.
At FirstWave, we provide email and web security solutions featuring advanced malware protection to help businesses avoid falling victim to ransomware and other attacks. For example, our Cloud Email Security product provides advanced, feature-rich and configurable cloud email security services for businesses – powered by our cloud email content security and analytics platform technology. If you would like to learn more, please contact firstname.lastname@example.org.
The global cybersecurity insurance market is growing quickly and is expected to reach more than $20 billion within the next few years. Businesses are increasingly seeking insurance coverage as the number of breaches affecting sensitive customer or corporate data or disrupting systems and operations, increases. Rising reliance on technology to connect with consumers, partners and other stakeholders, the takeup of cloud, mobile, Internet of Things and other models, and the growing sophistication of cyber attacks are all combining to increase cybersecurity risk.
In this environment, board members and senior management teams are shouldering greater responsibility – and in many cases liability – for cybersecurity. For directors and managers, this means dumping traditional perspectives that cybersecurity is the province of the technology team and taking a proactive, organisation-wide approach to minimising cyber risk.
Discharging this responsibility means implementing a comprehensive cybersecurity program that incorporates a range of measures to reduce risk. According to the Australian Government’s business.gov.au website, these measures may include updating all passwords to passphrases that swap letters for symbols and use different spelling; using password managers to securely store and generate passwords; using business-grade cybersecurity software; backing up systems and files to portable hard drives; and seeking help from IT professionals if systems are infected by malware such as ransomware.
The website also recommends businesses talk to insurance brokers or insurers about options for reducing cybercrime risk.
However, businesses should not only tighten their defenses against external attacks. Internal attacks and employee errors can also threaten the integrity of customer and corporate data, as well as key systems. Boards and senior management teams should also become aware of these risks and ensure comprehensive plans are in place to mitigate them. Some issues that may be covered by these plans include implementing role-based access to systems and data – meaning workers only access what they need to do their jobs – and educating workers about how to manage data securely. Adopting these plans can further help businesses reduce risk and consequently lower their cybersecurity insurance premiums. In addition, these plans can also minimise the likelihood of incurring the regulatory and reputational penalties of a cybersecurity breach
According to a new research report by Global Market Insights, the global cybersecurity market is set to grow from its current market value of more than $120 billion to over $300 billion by 2024.
This growth is driven by businesses increasing need to minimize security risks and to build and protect trust, both from within organisations and without. As enterprises globally evolve and shift their business capabilities to cloud computing platforms and other networking technologies, they are becoming more vulnerable to various cyber-attacks. To prevent such attacks organisations are seeking cybersecurity technology that addresses ransomware, phishing, malware and other kinds of cyber assaults as the global average cost of a data breach is up 6.4 percent over the previous year to $3.86 million.
At the recent RSA Conference in San Francisco in March, which brought some of the biggest names in cybersecurity together under one roof, discussed the leading trends impacting the industry. One trend dominated the discussions over the four-day event, and that was that "We are not just protecting data and applications and infrastructures," RSA President Rohit Ghai said. "We are in the business of protecting trust."
Covering the RSA conference, Tony Kontzer said, “And in an age of advanced technology, that trust has to extend endlessly, because tech has enabled us to reach across the globe in an instant to connect with total strangers. Or, conversely, to pluck funds from their bank accounts or chip away at their reputations.”
One of the key drivers contributing to the exponential growth of the cyber security market globally is the increase in access and affordability of numerous mobile devices as well as the advancements in the connectivity infrastructure. This expansion is driving the adoption of smart devices across enterprises and consumers, simultaneously, increasing the number of cyber-attacks on mobile devices, which increased by over 40% with an average of over 1.2 million attacks per month.
Over the next five years, the identity and access management (IAM) market is expected to grow at a compound annual growth rate (CAGR) of over 17%. The public sector is key to fuelling this growth with increased cyber-attacks on state and federal bodies and the increased need to assure trust between civilians and their governments when it comes to outside influences on election results.
As the adoption of IoT devices and the use of email and web-based applications continues to grow, the infrastructure protection market is also expected to grow considerably leading up to 2020. The need for individuals to be able to trust that organisations are storing their information securely has never been more important, especially since the Marriott incident that saw half a billion customers data stolen including their names, addresses and passport numbers.
While the West Coast of the US continues to attract VC investments of up to $2.5 billion in cybersecurity companies globally, the East Coast of the US and the rest of the world are steadily increasing their investments in the industry. Israel, the UK, and China are driving most of the foreign investment outside of the US, with Israel leading the way.
Accorind to With so much personal data captured and stored by businesses and government agencies, cyber-security – the protection of systems and data from malicious individuals – is becoming more and more important. Breaches can have damaging reputational, legal and financial consequences for businesses and agencies, while individuals may lose money and have their digital identities stolen.
Despite these impacts, not a month seemingly goes by without news of a massive breach. For example, an attack on Facebook last year saw hackers steal the names, contact details and other information about 29 million users worldwide – including 111,813 Australian users. More broadly, the Office of the Australian Information Commissioner’s October-December Notifiable Data Breaches Quarterly Statistics Report revealed the Office received 262 notifications of breaches – 64% of which could be attributed to malicious or criminal attacks.
According to Cybersecurity Ventures, cybercrime is expected to cost the world USD$6 trillion annually by 2021.
In this environment, a career spent safeguarding data and systems is an exciting option. According to Deakin University, cyber-security roles include information security officer, cyber security consultant, penetration tester and others. Demand for cyber-security specialists is skyrocketing – a recent AustCyber report revealed that a shortfall in the cyber-security workforce was costing more than AUD$400 million in lost wages and that Australia would need an additional 17,600 cyber-security workers by 2026.
Moving into cyber-security is comparatively easy for workers in related fields, such as software engineers and programmers. However, people in unrelated fields or who are completing an education may look instead to University degrees, information security certifications or other courses to gain a foothold in the industry. A range of certifications are also available to help people already in the industry build and demonstrate their skills.
Top cyber-security certifications available include Certified Ethical Hacker; Certified Information Security Manager; CompTIA Security+; Certified Information Systems Security Professional (CISSP); and GSEC: SANS GIAC Security Essentials.
Cloud security specialist FirstWave is always looking for smart, motivated people to join its engineering team. Based in North Sydney, FirstWave protects businesses and government organisations from risk by providing access to advanced, cloud-based cyber-security solutions.
Malicious groups and individuals continue to be highly active online in 2019 – highlighting the importance of robust education, processes and technology to organisations in tackling cyber-crime. Fraudulent ‘phishing’ messages that aim to trick people into disclosing sensitive information pose an ongoing and increasingly sophisticated threat. These scam messages – typically delivered over email – use a variety of techniques to convince the recipient they are legitimate communications, including the use of authentic logos, text and designs from trusted organisations.
Phishing messages may also include links to fake versions of legitimate websites. These fake websites aim to trick a visitor into entering details such as usernames or passwords. Messages may also include attachments loaded with malicious software that aims to infect a computer to disrupt its operations or capture sensitive information.
While variations such as ‘spear-phishing’ – that occurs when malicious groups target an individual by using his or her personal information to elicit sensitive information – are well known, business email compromise is a comparatively new but increasingly potent threat. Business email compromise occurs when a group or individual impersonates a business representative – often a senior executive – at an organisation to trick employees, vendors or customers to transfer money or sensitive information to the malicious party. The FBI noted in mid-2018 the incidence of ‘identified global exposed losses’ from business email compromise had risen 136% between December 2016 and May 2018 – with the real estate sector a prime target.
The Australian Cyber Security Centre (ACSC) noted in October 2018 “criminals are constantly developing increasingly sophisticated business email compromise techniques often include a combination of social engineering, email phishing, email spoofing [forging an email sender’s address] and malware [malicious software]” to trick recipients. Importantly for many organisations, the ACSC notes that business email compromise attacks tend to spike around tax time – when many people are busy and under pressure to complete workplace tasks quickly.
So how can your organisation protect itself against business email compromise? The ACSC has posted comprehensive information here about the types of business email compromise; how to recover from an incident; and techniques for minimising the risk of being caught out by this type of attack.
By Roger Carvosso, Product and Innovation Director
Data breaches can happen for a variety of reasons. Some companies are hacked. Data can be mishandled or sold to third parties. Holes in a website’s security system can leave information unprotected. Some data breaches are deliberate, while others can occur as a result of outdated or unpatched software. Regardless, the consequences of a breach are usually costly for any business.
2018 proved to be another eventful year for cybercrime, with a number of news-worthy data breaches impacting organisations around the globe. Some of these affected hundreds of millions of customers and users.
Here are three of the major incidents that made headlines:
1. Cathay Pacific
Hong Kong’s flag carrier experienced a data breach that exposed personal information of almost 10 million passengers. While flight systems and safety were not affected by the breach, information accessed without authorisation included passport and credit card numbers, names, nationalities, dates of birth, phone numbers, as well as emails and addresses.
Cambridge Analytica - a data-collecting firm - illegally harvested the information of an estimated 87 million users without their permission. The operation was politically motivated - namely, to influence the 2016 US presidential campaign. While the breach occurred a couple of years ago, investigatory conclusions only emerged in 2018, giving us a clearer picture of what happened.
Marriott’s Starwood reservation database was breached by an unauthorised party, affecting up to 500 million guests who had booked at one of its Starwood properties. Around 327 million of these guests had some combination of the following information stolen: name, address, phone number, email address, passport number, Starwood Preferred Guest account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences. Some credit card information was also leaked, but card numbers were encrypted.
As technology continues to advance, the need to evolve cyber security strategies is as prevalent as ever. Examining the shortcomings that lead to high-profile cyber breaches can teach us some valuable lessons.
FirstWave can help your organisation bolster its cyber security posture and stay ahead of zero-day attacks. Learn more about our Cloud Email Security.
By Roger Carvosso, Product and Innovation Director
Cybercrime is on the rise – attacks are becoming more frequent, methods more sophisticated, and impacts more severe. And while tools and technologies go a long way in protecting your business data and IT infrastructure, effective planning is also vital to risk mitigation and management.
A cyber security incident response plan can help you protect and restore business operations when and if an attack occurs. With new threats continuing to emerge, it is not only critical for your business to have a cyber security incident response plan, but for it to be regularly reviewed and updated. An outdated plan is rarely useful to anyone.
Here are five tips for staying on top of your cyber security incident response plan:
1. Update your list of critical systems and information
A catalogue of your organisation’s most vital digital assets is an important tool for prioritising incident response efforts. Over time, your systems will inevitably change so make sure this is echoed in your plan.
2. Update threat-specific responses
Your incident response plan needs to change to reflect the current cyber threat landscape. Remember, last year's biggest threat may not be this year's.
3. Keep your contact list current
You want to be able to get in touch with the right people in a timely fashion when responding to an incident, and keeping your contacts list up-to-date is the first step for doing this.
4. Document your discoveries
Simulated cyber attacks are an effective, proactive and risk-free way of identifying any deficiencies in your network. But you need to capture and document the results and key learnings along the way.
5. Communicate updates to your plan
Any significant changes to your cyber security incident response plan should be shared with relevant team members.
While a robust cyber incident response plan can help reduce your exposure to cyber risks and mitigate the damage from cyber attacks, its efficacy is contingent upon up-to-date information. Ongoing tweaks and refinements will go a long way in helping to bolster your cyber posture.
FirstWave protects businesses and government organisations of all sizes from risk by providing rapid and affordable access to the most advanced, comprehensive and adaptive cloud-based cyber security solutions available. Get in touch with us today to learn more about how we can help your organisation get on the front foot against cyber threats.
By Roger Carvosso, Product and Innovation Director
As a business owner or manager, you need to address a range of cybersecurity threats. Ransomware is one of the most widespread and insidious.
Ransomware is malicious software (malware) that encrypts files or locks computers. People or groups behind ransomware attacks demand payment – often in digital currency – to restore access.
Ransomware can infect a business or government organisation in many ways. For example, a worker may inadvertently open a malicious attachment or click on a link in a phishing email to a malware-laden website. Once ransomware infects a computer or network, it may seek to spread to vulnerable shared systems.
According to the 2018 Internet Organized Crime Threat Assessment from Europol – the European Union’s law enforcement agency – ransomware remains the key threat in law enforcement and industry reporting.
In 2017, ransomware attacks called WannaCry and NotPetya – that exploited vulnerabilities in older or unpatched versions of Microsoft Windows – caused billions of dollars’ worth of damage to businesses and organisations worldwide. Industry experts expect similar attacks to occur in future.
So how can your business protect itself against ransomware attacks? The following steps may help minimise the risk of infection.
You should note that Australian Government cyber-security bodies typically recommend against paying ransomware owners. There is no guarantee owners will restore access to the compromised files and they or other attackers may identify your business or organisation as a target for future attempts.
If you would like to learn more, please contact us at email@example.com.
By Simon Ryan, CTO
How using the Gartner cyber security CARTA model can help secure customer data
The disclosure by hotel chain, Marriott, that the personal details of up to 500 million guests may have been compromised is a cyber security wake-up call for companies that store customer details—including in the cloud.
The potential theft of millions of passport details ̶ reported on Friday, 30 November ̶ could prove expensive. According to US magazine, Fortune, Marriott will offer to reimburse customers the cost, if fraud has been committed and customers need new passports.
For companies that store customers’ financial and personal details, the breach highlights two key issues that need to be addressed in corporate cyber security policies.
First, cyber prevention requires vigilance. The Marriott breach was detected more than two years after it first occurred. This is a sobering thought for chief information officers. Just because your systems and people have not detected a breach, that doesn’t guarantee that a breach hasn’t occurred.
The second issue is agility. Cyber security is a continuous arms race between cyber security professionals and attackers. The cloud is now extending that arms race into new dimensions. To stay secure, companies have to be fast-paced and stay pro-active. This involves a change in mindset.
Proactive mindset the key to cyber prevention
But what practical steps should your company take to avoid a similar breach? Most important is, don’t wait for a cyber security alert: look into new ways of detecting any breaches that may already have occurred.
And don’t rest easy. If you are a major corporate, it is safest to assume you are constantly being attacked—and that some attacks will succeed.
Four-step process to mitigate risk
To mitigate and manage similar cyber security risks, we recommend a cyber response process built around four key steps:
This four-step process is built on a methodology put together by Gartner, called the ‘Continuous Adaptive Risk and Trust Assessment’ (CARTA). Gartner provides a great 60-minute introduction to this approach, accessible with registration.
To stay secure, though, the key will always be vigilance. As companies move more functions and databases into the cloud, malware designers will refine their attacks. A continuous re-assessment of cyber prevention tactics will prove the most effective strategy in this ongoing cyber arms race. Talk to Roger and his team of experts today on +61 2 9409 7000 to find out more about protecting your business.
By Roger Carvosso, Product and Innovation Director