A modern dynamic business needs to be proactive about their cyber security. A data breach can be costly, with latest estimates said to be (on average) £3.18 million, and reputational damage can be even harder to recover from. Hackers can strike at anytime from anywhere in the world, which means businesses have to be on guard 24/7. This is where the Security Operations Centre (SOC) comes in.
Throughout the year, we have conducted hundreds of penetration tests. 20% of all tests contained a critical to high flaw. We define a critical issue as a flaw which poses an immediate and direct risk to a business. Having a critical flaw in an app or network will leave you vulnerable to a costly, reputation damaging data breach. Among these, default or poor passwords, as well as access control issues make up a large portion with outdated software being the worst offender.
The nights are drawing in and the world outside has been painted with autumnal colours once again. The year is ending and, as such, it is a time for reflection before the inevitable glance towards the white light of the future breaking upon the horizon. Flowery prose aside, we've just had our latest Quarterly Business Update (QBU). We’ve had a pretty good year. We’ve grown, innovated, added to our services and taken on more clients than ever.
Cyber Essentials and Cyber Essentials Plus are Government-backed schemes which highlight key technical controls that need to be in place in order to defend against the most common cyber threats. By becoming Cyber Essentials certified your organisation can display the logo on your website and marketing materials, improving trust with your customers. Many Government contracts will only consider applications from Cyber Essentials certified companies.
The digital world has become a dangerous place. It’s like the Wild West (the movie kind, not the real kind, which was decidedly less wild than it’s portrayed), with outlaws out to do you harm and make off with your precious data. Fortunately, like any good western, there are also honour-bound gun slingers seeking to bring law, order and – most importantly – security to the digital landscape.
If you’re in your mid-twenties or beyond, you will be familiar with people at family gatherings saying ‘remember when we didn’t have all these gadgets, and we used to actually talk to each other?’ The answer to this is ‘no’ – the level of conversation has remained largely unchanged, it’s just now we have gadgets and gizmos to occupy our attention during these moments of strained silence. I put it down to the Mandela effect.
The cyber kill chain illustrates the structure of a successful cyber attack. It is effectively the hacker’s process from beginning to end, from scoping a target (reconnaissance) all the way to achieving their objective, whether that’s data theft or dropping and executing malware. When approaching your cyber security strategy, you should align your defences to the cyber kill chain. Like Batman becoming fear, to defeat the hacker, you must become a hacker.
Cyber security may be about to become more than AOB for organisational boards across the country. British Airways has been struck with a record-breaking £183-million fine as a result of its data breach last year in which around 500,000 customers had their data stolen, including credit card and CVV numbers.
According to Google, Ryuk is ‘a fictional character in the manga series Death Note’. I have no idea what this is, but I imagine it’s significantly less interesting than the Ryuk ransomware campaign that’s currently hitting businesses right across the world. The UK’s NSCS is investigating such campaigns and has recently published an advisory on it, and we’re no strangers to Ryuk at Bulletproof either.
