The business risks of a cyber breach

Technology continues its pace of lightning fast evolvement – and whilst security systems, tools and techniques continue to become ever more advance, so too do the tactics and tools of the IT criminal underworld. To underline and startlingly emphasise this point, we look to the latest UK Government’s report into business security breaches – which found that 74% of SMEs reported a breach in the last year alone (pwc). Sobering figures indeed.

Businesses must be aware and stay continually up-to-date with the very real risks of a cyber breach. This blog article should serve as a firm starting foundation for understanding exactly what outcomes are experienced, when a company’s IT systems are penetrated.

Trade that comes to a screeching halt

An IT security breach is capable of immediately ceasing almost all business activity – creating backlogs, dissatisfied customers and stressed employees. Whilst the financial cost of this downtime will vary from company to company, when we look to Fortune 1000 companies, the cost of unplanned application downtime is palpable – totalling to between $1.25 and $2.5 billion; these figures represent an average hourly cost of $100,000 per hour (IDC).

Lost goodwill – irreplaceable. Bad publicity – potentially never ending

Beyond the dead set financial costs, lies something at risk that is truly priceless – the goodwill of your customers (as well as those who were yet to become customers). We need only look to the IT security breaches in recent time of Yahoo!, Carphone Warehouse and Hilton Worldwide to truly gain a picture of the impact of a cyber-attack.

Yahoo! who’ve continually lost market share in the last decade, fell victim to a hack that exposed the details of 500 million user accounts. This would have been serious enough, however the situation was compounded by an 18 month delay in investigating; the result of which has put buy-out negotiations with Verizon Communications on a knife edge. What’s more, a recent survey highlights just how unpopular this news will be with Yahoo! users themselves, as 90% of people say that they expect to be informed of a breach within 24 hours (FireEye).

Carphone Warehouse are facing potentially years of investigations by the UK data watchdog for the interception of 90,000 customers’ credit card details – something that will repeatedly impact upon the company’s image with each news update on the case. Finally, whilst Hilton Worldwide’s POS infiltration may not have impacted the brand’s share price, the headache of bolstering their security, and offering all affected customers free credit report services, has represented nothing short of an administrative nightmare.

The bad publicity that came about as a result of these breaches is, to this day, impacting upon each of these company’s profit margins. Estimating when, or indeed if, such a loss of confidence will ever subside is impossible.

Lost trust and lost custom – A bird in the hand…

Whilst steps can be taken to rebuild brand image and win over new customers who may have abandoned a company post-breach, winning new customers is considerably more time-consuming that servicing current ones. What’s more, this issue is becoming all the more serious, with more customers today switching to competitors once a breach is revealed. As testament to this, over 2013-14, IT security breaches resulted in 15% more lost customers, than in the year previous (Digicert).

The threat of further attacks

When the news of a successful IT breach breaks, the prospect of that company becoming a target for more cyber criminals is almost unavoidable. This places pressure on a company to react quickly with bolstered security. Unfortunately depending on the IT system in question, this can be a logistical nightmare at best, and technically impossible at worst.

What next?

We help businesses of all shapes and sizes in protecting their vital IT assets. For a consultation with our team as to how we can help protect you from a cyber breach, simply get in touch for a free, no-obligation conversation. Alternatively, our free downloadable guide offers more insight into avoiding (and surviving) a cyber-attack.

Cyber Threats – Steal it with a Click

Security teams often view browser add-ons as a low security risk but recent monitoring has shown some browser based threats can be quite damaging. Cisco’s research established that browser based infections were far more prevalent than many businesses realised the case to be.

Although the number of browser infections measured over a 10 month period, appeared to decline, the trend was deceptive due to the increasing volumes of encrypted browser traffic. The tracking methods were therefore not as effective.

Malicious browser extensions can steal information and therefore be a major source of data leakage. Every time a user opens a new webpage with a compromised browser, malicious browser extensions collect data. They are extracting more than the basic details about every internal or external webpage that the user visits. They are also gathering sensitive information embedded in the URL. This information can include

  • user credentials
  • customer data
  • details about an organization’s internal APIs and infrastructure.

Multipurpose malicious browser extensions are delivered by software bundles or adware. They are designed to pull in revenue by exploiting users in a number of ways. In an infected browser, they can lead users to click on malware advertising such as display ads or pop-ups. They can also distribute malware by enticing users to click a compromised link or to download an infected file encountered in malware advertising. They can also hijack users’ browser requests and then inject malicious webpages into search engine results pages.

Over the survey period Cisco sampled 45 companies. The survey found that in every month more than 85 percent of organizations were observed to be affected by malicious browser extensions, underscoring the scale of these types of threats. Because infected browsers are often considered a relatively minor threat, they can go undetected or unresolved for days or even longer—giving cyber criminals more time and opportunity to carry out their campaigns.

Cisco recommend that security teams are allocated more
time and resources to monitoring this risk, and to consider increased use of automation to help prioritize threats.

Would you like an Independent Security Assessment to understand what threats you may be facing. Just click this link and gives us a few details, we can arrange a call back from one of our Security specialist.

Cyber Threats – Detection reduced from 200 days to 17 hrs

Time to detection, or TTD, is the window of time between the first observation of an unknown file and the detection of a threat. The industry average TTD is 100-200 days meaning many undetected cybercriminals have in excess of 100 days on average to do damage to a compromised business.

In many instances businesses are using outdated modes of protection against the new threat landscape. Many businesses are still dependent on Anti-Virus software and Firewalls rules as their principle means of protection. Given the evolved nature of threats and their ability to easily evade traditional methods of detection, the traditional approach is akin to using a colander to catch water.

A more sophisticated approach to cyber threat defences involving a combination of adaptive, integrated detection techniques with automated protection has led to a significant reduction in TTD rates. In Cisco’s case they have managed to get the TTD down to approximately 17 hours. Cisco sees this approach leading to the establishment of a “detection and response” framework which will make it possible for a faster response to both known and emerging threats.

The new framework will feature a “visibility platform” that delivers full contextual awareness and is continuously updated to assess threats, correlate local and global intelligence, and optimise defences.

Below, we present Cisco’s six tenets of integrated threat defence to help business better understand the intent and potential benefits of this architecture:

1. A richer network and security architecture is needed to address the growing volume and sophistication of cyber threats.

Eliminate the “See a problem, buy a box” mentality. Instead of simply alerting security professionals to an intrusion or a suspicious event this framework gathers activity in an automated fashion to provide a better picture of what is happening on the network.

2. Best-in-class technology alone cannot deal with the current or future threat landscape; it just adds to the complexity of the networked environment.

There isn’t much difference between the major security vendors when it comes to core security. Organisations are investing in the seemingly best and newest technologies to deal with internet security however new vendors offering the same solutions does little other than complicate the landscape.

3. More encrypted traffic will require an integrated threat defence that can converge on encrypted malicious activity that renders particular point products ineffective.

In part 2 we looked at the rise of encrypted traffic and why this is a good thing however it also makes it harder for IT security to monitor threats. With an integrated security platform and increased network visibility tracking these threats will become easier.

4. Open APIs are crucial to an integrated threat defence architecture.

With an integrated platform automation can be enhanced. This also brings awareness to security products which, in a multivendor climate, will result in better visibility and security control.

5. An integrated threat defence architecture requires less hardware and software to install and manage.

Where vendors are able to offer feature rich platforms with extensive functionality, this will decrease the complexity of IT security for SMEs. The result will be reduction in malicious groups and individuals gaining access to the network while remaining undetected.

6. The automation and coordination aspects of an integrated threat defence help to reduce time to detection, containment, and remediation.

Security teams often need to focus on the here and now. With an integrated threat defence system false positives can be reduced through automation and the more pressing security concerns can be dealt with quicker and more effectively.

It is not surprising that the businesses surveyed for Cisco’s Security Capabilities Benchmark Study are less confident in their ability to help secure their businesses. Businesses now need to consider the powerful impact that proactive and continuous integrated threat defence based on collaboration can have in bringing cybercriminal activity to light, undermining adversaries’ ability to generate revenue, and reducing the opportunity to launch future attacks.

Would you like an Independent Security Assessment to understand what threats you may be facing. Just click this link and gives us a few details, we can arrange a call back from one of our Security specialist.

Apple and Cisco Fast-Tracking the Mobile Enterprise

Rowan Trollope, Senior Vice President and General Manager of Cisco’s Internet of Things (IoT) and Collaboration Technology Group, explains how Apple and Cisco plan to form the ultimate enterprise partnership.

“I came to Cisco to create incredible technology experiences for millions of enterprise workers. That’s why I’m so thrilled to be the executive sponsor of our partnership with Apple; together, our two companies are capable of “incredible” on a pretty massive scale.

Since our announcement in August, engineers, user experience and design teams from Cisco and Apple have been working side by side and testing together to make sure you have a truly delightful experience with your iPhone and iPad on your company’s Cisco assets. And today, as Apple introduces iOS 10, we’ve reached a major milestone”.

To find out how, click here.

IT Security – Want to know what you are up against? Part 2 of 3

In our last blog post we looked at various web attack methods, threat updates and where cyber criminals were focusing their efforts.

In part 2 of this series based on the 2016 Cisco Annual Report we want to focus on 3 main areas that are being exploited – Data encryption, WordPress web sites and the IT Security infrastructure vulnerabilities.

These are 3 particularly important aspects of IT Security for SME businesses.

A False Sense of Encrypted Security

Customer details form the cornerstone of any business however in 2015 there seemed to be a false sense of security when it came to encryption. Encrypted traffic, specifically HTTPS, is fast becoming the dominant form of traffic (in fact it accounts for over 50% of all bytes sent over the Internet).

Both sending and storing data have been identified as two ways SMEs become victims of cyber attacks. Cisco found that a number of businesses simply don’t encrypt the data that they store on their internal network. Cyber attackers are establishing ways to circumvent encryption, stealing data at rest and encrypting it while routing it to known malware locations.

For SMEs it means point solutions alone (such as Anti-Virus and Perimeter Firewalls) are becoming less effective and an integrated threat defence is a must for identifying emerging threats.

Compromising Security Through WordPress

Within the SME sector WordPress has emerged as a pivotal platform to build and maintain websites. This has also benefitted attackers who see it as a cost effective way to launching ransomware, bank fraud and phishing attacks.

Dormant WordPress sites are now being used more extensively as relay agents and the number of WordPress domains that were adopted for this purpose by malicious groups increased by 221% between February and October 2015.

Poorly maintained sites are being exploited too as a result of weak security. This can be using an outdated version of WordPress that isn’t up to date security wise, inadequate admin passwords or running plugins that are missing the latest security patches.

Web security that analyses traffic coming from WordPress websites is a must going forward in 2016.

Creating Updated Infrastructure Resilience

Many organisations who try and save money neglect to update their security infrastructure and this leaves them wide open to security compromises.

Cisco found that 92% of the sample they ran on various internet enabled infrastructure devices were vulnerable from a security standpoint and 8% had reached their end of life making the more vulnerable to exploits. Put simply, organisations are failing to properly upgrade their security infrastructure.

The big point to take away from this from a SME perspective is to be proactive regarding IT security rather than only acting when this security is infiltrated.

Are SMEs Really the Weak Link?

We mentioned in our previous post that SMEs can be seen as a weak link when it comes to IT security.

SMEs are less likely to use incident response teams or outsource their security operation to security experts. Another report showed that 33% of UK organisations handle their security internally while this figure drops to 20% for other countries.

These two aspects alone make them increasingly vulnerable to cyber attacks and data compromises with only 51% of companies that have 500 or fewer employees actively patching and upgrading their security.

The fact that SMEs are also less likely to have experienced a major data breach up to this point makes them unprepared to know how to respond and also how to prevent it happening in the future. According to a recent government report the average cost of an IT security breach for an SME can rise to as high as £310,800 which can have devastating financial effects for the business.

In the third part of our series we are going to look at what the future holds for IT security in 2016 and beyond.

IT Security – Want to know what you are up against? Part 1 of 3

In the first part of this blog series on the 2016 Cisco Annual Report we take a look at the methods attackers are using to infiltrate organisations and what sectors and geographical locations are being targeted.

The vulnerability of small and medium sized enterprises (SMEs) to sophisticated attacks on their IT structure is growing. These attacks are becoming bolder and coordinated as the Target data breach in 2013 shows. High profile attacks resulted in 40 million customers having their personal and credit card details hacked due to a third party SME supplier not taking proper steps to safeguard their data. This was a US data breach however in 2015 74% of small organisations in the UK admitted that their IT security had been infiltrated.

In the changing landscape SME businesses are increasingly being targeted according to Toni Allen of the British Standards Institute (BSI). In most cases it can take between 100 – 200 days before a company even realises their security has been compromised.

The latest Web Attack Methods

Even though Flash is being phased out and with it goes one of the most common areas of malicious attacks this has only meant that web attacks are being refocused.

Browser infections and targeting social media platforms are two big methods of gaining access to data. In fact, malicious browser extensions that provide a way to leak data were found to impact 85% of the organisations that were studied.

92% of attackers use DNS to target businesses and familiar botnets such as Bedep, Gamarue, and Miuref account for the majority of the command and control activity that affects businesses these days.

Threat Updates in 2015 and Beyond

Flash might be on its way out but Cisco found that malicious individuals or organisations are still most likely to target Flash users. The fact that exploit kits are publically available means it still ranks at the top of the list for vulnerabilities.

Although some browsers sandbox or block Flash completely, attackers still target either older browsers or those not securely updated and it was still an effective method in 2015 and likely to be so in the near future.

Companies using outdated browsers, and add-on software are most at risk. The Cisco report found that 30% were using software that was reaching end of support which further increases their susceptibility.

Geographical and Industry Overview of Attacks

Where are these attackers focusing their efforts?

Government, healthcare, technology companies and professional services topped the list of most targeted industries with SME businesses found to be a weak link. They use less defences and processes to analyse security intrusions. Only 49% of SMBs used web security in 2015 and only 29% were committed to patching software and using configuration tools that keeps their security up to date.

Hong Kong was subject to the most web attacks in 2015 and the number of attacks aimed at organisations in Hong Kong were 9 times the figure of the US.

Encryption, WordPress and Infrastructure

Over the past 12 months the way in which attackers access and steal data has evolved with an emerging focus on social media platforms while established weaknesses such as Flash are still being exploited quite extensively.

Hackers are not only sharing more information with each other but also becoming more flexible in their approach.

In the second part of this blog series we are going to look at the escalating issues in three main areas namely encryption, WordPress and the infrastructure that SMEs use.

Would you like an independent Security Assessment to understand what threats you may be facing. Just click this link and gives us a few details, we can arrange a call back from one of our Security specialist.

Security Assessment

As Security continues to be a major area of focus for business executives and managers we continue to develop services in this area to address these needs. To this end we have teamed up with Comstor and Cisco to offer Security Assessments that give a comprehensive view of real time security threats. The service also includes actionable steps to mitigate identified threats. Watch this space over the next few weeks for more information on this service.

Congratulations!

NetworkIQ has recently recertified as a Cisco Select Partner in UK. This is our 7th straight year of Cisco certification and we are looking forward to extending the range of specialisations in key technology areas.

Security Assessment
As Security continues to be a major area of focus for business executives and managers we continue to develop services in this area to address these needs. To this end we have teamed up with Comstor and Cisco to offer Security Assessments that give a comprehensive view of real time security threats. The service also includes actionable steps to mitigate identified threats. Watch this space over the next few weeks for more information on this service.