Cyber Risk Assessment– get good at it

Today’s reliance on IT technology is unparalleled and will only increase. While some businesses are pondering the benefits of IoT deployment or bespoke business applications, others are ploughing ahead and pioneering their initiatives. Some of these initiatives are stuttering and some are big winners that have transformed their business. Digitisation and it’s attendant benefits is the new game in town and it is not going away soon.  

The constant question that new initiatives will always raise is, what about cyber security? These new initiatives also need to be balanced against new compliance regimes such as GDPR which can levy punitive fines for breaches involving sensitive personal data. IoT means a greater footprint or attack surface; a new cloud application means potential exposure of data or the possibility of unauthorised access. While these risks and others exist, this should not hinder businesses taking advantage of the potentially major opportunities from digitization. What is therefore of paramount importance is a way to effectively assess and mitigate the risk from these initiatives and other IT activities that will enable the businesses to safely adopt new technology. 

 

Cyber security is everyone’s concern 

Cyber security is no longer just an IT issue, now it is definitely everyone’s concern. Responsibility is now being devolved as applications move to the cloud. More departments are involved in selecting and implementing their apps, therefore they also need to have security at the forefront in both the selection and operational processes. 

 

Comply with regulation or become extinct 

Regulation is now gaining real teeth and therefore compliance is no longer an optional nuisance. Consider the Carphone Warehouse breaches recently. If the recent 6m records breach occurred under the watch of GDPR, the fine could be a whopping £428m, compared with the max £500k fine which could have been levied under the previous Data Protection Act. Compliance is now an imperative and failure could mean business extinction due to the punitive fines.  Compliance should be seen as an opportunity to get your business in shape in which case everyone benefits. 

 

Cyber risk assessment is a specialism 

Change is another constant in IT, therefore risk assessment should be constant and continuous. Oftentimes risk assessments are left till the end of an initiative when in fact it should feature right at the beginning and be a part of the “go/no go” decision. If risk assessment is built into project implementation, the end result will definitely look a lot better than if it were an after thought. The struggle is to find the skills where there is a good understanding of IT risk management. It is an area where businesses need to invest in training staff at all levels of the organisation. 

 

Risk assessment and mitigation needs to be a continuous process where all departments in a business are engaged in continuing assessment, monitoring and improvement of the risk exposure.  

 

An interesting development in this light is a joint solution offered by Aon, Apple, Cisco and Allianz. The components of the solution include the following; 

  • Risk Assessment with a target output of an analysis of the businesses level of insurability, its security posture with recommendations on how to correct any gaps.  
  • Those wishing to improve their security posture receive a plan that includes an enterprise ransomware solution incorporating, advanced email security, endpoint protection and DNS layer security.  
  • The business will also deploy Apple MacOS and iOS endpoints.  
  • Businesses choosing this solution will receive favourable terms from Allianz who consider this combination to be a more secure solution.  

 

While it may not be practical for all businesses to adopt this solution, the method/approach is a useful indication of a what can be done. The importance things is the assessment needs to be continuous and reflect the status of the business and it’s use of IT at any point in time which of course is a moving goal post.

Take Control with CASB and DNS

Its been a cloudy blog of a fortnight (pardon the pun but I couldn’t help it). To summarise we have been looking at the changing IT landscape and the consequent change in the threat landscape. We then looked at how organisations need to change their approach to cloud security to address this new reality.

 

The age of digitisation is bringing about a dramatic change to the IT landscape. Digitisation is about new efficient ways of doing things at scale. It’s about automation and new ways of engagement with customers in a way that suits them and at a time that suits them.

 

Digitisation is turning century old industries on its head as new players emerge that are agile, visionary and creative at a rate it’s outpacing their peers.

 

The new IT landscape is about DevOps “scoring an end goal” around or despite IT. Being applied to conceive and deploy apps in a fraction of the time it used to take using a conventional approach. Its about using the cloud to take advantage of Infrastructure, Platform or Software as a Service and being able to globally scale an application.

 

The new IT landscape is also about anytime anywhere access for users/employees. Power is being devolved to branch offices because they need better connectivity to access their new apps in the cloud. Analysts are saying that approximately 50% of users now access their applications remotely and 25% actually work remotely.

 

We also need to factor the explosive growth of IoT and the pervasive use of mobile devices to access the web.

 

Digitisation is a bright new horizon but it also brings major security headaches. Some of these include;

  • A massive increase in cyber attack landscape, more devices, more apps, more points of access
  • Increase in the number of alerts security teams need to process and understand
  • More applications to monitor and manageLack of visibility in what users are doing and how they are using apps
  • The growth of shadow IT exposing corporate information and services to attacks
  • Outdated non-cloud savvy security relative to the emerging landscape

 

Cyber attackers have evolved in sophistication to keep apace of the changes in IT. They constantly evolve their exploits, they are offering attacks as a service, they are using cloud scale computing power as well. Cisco’s annual cyber security report identifies that the scale and sophistication of attacks have increased over the past 12 months.

 

Security teams need to evolve their approach to security making it cloud centric with the ability to protect users and data anywhere anytime. Remember cloud services still require organisations to take responsibility for the security of their data. Gartner has identified that 95% of data breaches will be the fault of the end user.

 

Some of the essential tools that security need to include in their new armoury include secure DNS services as well as CASB services. DNS will block access to malware sites before they happen, or if a machine has been infected, it will block the command and control call back. CASB has the ability to monitor user activity in the cloud, profile applications in use and prevent data leakage. Both tools can also provide invaluable visibility into the normal behaviour of users and trigger protective actions and alerts as and when behaviour varies from the norm.

14 Day Free Trial of Cisco Umbrella

Get started in 30 seconds

No credit card or phone call required

 

WHAT IS INCLUDED?

  • Threat protection like no other — block malware, C2 callbacks, and phishing.
  • Predictive intelligence — automates threat protection by uncovering attacks before they launch.
  • Worldwide coverage in minutes — no hardware to install or software to maintain.
  • Weekly security report — get a personalized summary of malicious requests & more, directly to your inbox.
  • 1,000+ users? — You’re eligible for the Umbrella Security Report, a detailed post-trial analysis.

See how easy Umbrella is to instal

DNS Security – The Forgotten Lynchpin

 

So it’s all happening in the cloud. Wholesale adoption of cloud services is now a business imperative as the opportunities and benefits of SaaS become ever clearer.

Here are some numbers though that tell us not only what’s happening but also some concerns that we need to have at the forefront of our minds.

  • 82% of mobile workers admit they always turn off their VPN
  • 15% of command and control threats evades web security
  • 60% of attackers penetrate an organisation in minutes and steal data in hours
  • 100 days is the average detection time for an attack
  • 100% of networks interact with malware sites
  • 92% of attacks make use of DNS

Clearly, there is a wide range of threats that organisations need to address in crafting and implementing an effective approach to cyber security. One area that has and is receiving very little attention is the area of DNS.

DNS is the most ubiquitous protocol on the Internet and is deployed in literally every connection that takes place whether surfing a website, watching youtube videos or accessing corporate cloud applications. This ubiquitous use of DNS means that it is also involved in some very undesirable connections to sites like malware sites, known bad sites, command and control centres etc. Other attacks have involved data exfiltration in packets disguised as DNS.

The fact that DNS is involved in around 92% of web attacks strongly suggests that it is an area that is worthy of further efforts in the fight against cyber attacks. DNS is one of those protocols that just works in the background like a utility and as long as resolution is working then no one pays attention to it. DNS is a lynch pin, if it doesn’t work then most applications will stop working and the IT services will grind to a halt. It is vital therefore that DNS gets more prominence and is monitored and secured to ensure continued running of services.

 

Tackling DNS Security 

DNS should be elevated from a connectivity item to a network security component vital to the operation of the organisations IT. DNS monitoring and the implementation of an active security policy that cannot be circumvented by staff can have untold security benefits. Such an approach could be used to block malware and phishing attacks in real time as opposed to after the event. Also, the use of DNS to resolve requests for known malware sites could also prevent attacks before they happen. The DNS controls could hold a regularly updated list of known malware sites and block devices from accessing these sites. Active monitoring could also provide valuable information about whose machine has been compromised and where they are connecting from.

DNS monitoring can also provide a baseline of what normal behaviour looks like for your organisation. Anomalous behaviour is, therefore, easier to detect and acted on. A number of high profiles sites such as Tesla, that have been hacked could have been prevented if the DNS records were being monitored and these organisations were then able to detect and block changes to their DNS records.

Visibility of who is connecting to what site is also a great benefit of DNS monitoring. The explosive growth of IoT devices poses significant threats if they are not properly secured. DNS security could play a vital role by enforcing policy e.g. if the CCTV network should be blocked from Internet access, DNS security controls could prevent these devices being used as a backdoor that could be used for malware propagation or data exfiltration.

Failing to monitor and control DNS is a lost opportunity not only to secure your organisation’s network but also to gain visibility into who is doing what.

10 Steps to Cyber Security – Parts 1-5

The cyber security threat landscape is constantly changing with the ever growing number and scale of attacks.  The consequent measures necessary to combat the threats need to be robust, comprehensive and agile. Simply put, it is about developing an effective approach and constantly testing and refining it. The sections below cover the first 5 sections of some 10 essential recommended steps that should be taken to achieve a effective level of cybersecurity and is based on Guidance from NCSC. The second part will be featured in a future blog post.

 

Executive Risk Management

Because of the vital role that technology plays in most organisations today, information and their supporting systems need to properly categorised in the business risk profile. The impact of information and systems compromise could be more critical than many other types of business risks and result in reputational and financial damage.

It is important for the risks to be defined and communicated from executive level thus conveying the importance of information and systems.

Further essential steps that the Board should take include;

  • Establish a governance framework
  • Identify risks and approach to risk management
  • Apply standards and best practices
  • Educate users and maintain awareness
  • Constantly review policies

 

Education and Awareness

Training and awareness can help to establish a security conscious culture in the organisation. This could help to reduce the number of people clicking links in phishing emails or writing down passwords on post-it notes. Lack of awareness could result in; users connecting personal removable media that is compromised, users being subjects of phishing attacks, users seeing security as prohibitive and therefore trying to circumvent it. User ignorance to handling sensitive information may result in legal and regulatory sanction as will failure to report certain breaches.

Effective management of the user awareness risk include some of the following;

  • Create a user security policy as part of the overall corporate policy
  • Include cyber security in the staff induction – making them aware of their personal responsibilities to comply with the security policy
  • Security risk awareness – maintain awareness of ongoing security risks and guidance
  • Formal training and assessment – staff in security roles should embark on ongoing formal training and certification to keep up to date with the challenges they face
  • Incident reporting culture – enable staff to voice their concerns and report poor security practices

 

Secure Configuration

Systems that are not securely configured will be vulnerable to attack. A baseline secure configuration of all systems is essential to reduce risk of attacks and the potential for compromise. A lack of secure configurations and updated patching carries risks such as; unauthorised system changes occurring, exploitation of software bugs in unmatched systems and exploitation of insecure systems.

To avoid poor system configuration it is necessary for effective security controls be put in place such as the following;

  • Use supported software
  • Develop and implement policies to update and patch systems
  • Maintain hardware and software inventory
  • Maintain operating systems and software
  • Conduct regular vulnerability scans and act on results in a timely manner
  • Establish configuration  and control management
  • Implement white listing and positively identify software that can be executed
  • Limit privileged user accounts and user’s ability to change configurations

 

Network Security

Network connections could expose your systems and technologies to attack. A set of policies, architectural strategy and technical controls will help to reduce the chances of a successful attack which could include exploitation of systems, compromise of information in transit, propagation of malware, damage or illegal posting to corporate systems.

To effectively manage network security it is important to follow best practices and industry standard design principles at least.

All inbound and outbound traffic should be controlled, monitored and logged. This could be done with an advanced or next generation firewall, intrusion prevention techniques and anti-malware at the perimeter – in addition to endpoint anti-malware

Internal network protection is often ignored especially in the case of small networks. They should however include the following techniques

  • Segregate networks into groups based on functions and security roles
  • Secure wireless networks – only secure authorised devices should be allowed access to corporate networks
  • Secure administration – ensure administrative access is secure and defaults are changed
  • Monitor the network – monitor all traffic with intrusion prevention systems so that indications of attacks can be blocked and altered immediately
  • Testing and assurance- conduct regular penetration testing and simulate cyber attack exercises to ensure controls work

 

Managing User Privileges

Controlling user privileges to the correct level is important to ensure they have what they need to work effectively. Users with unnecessary rights should be avoided and is generally a major risk. If these accounts are compromised it could have a severe impact on your cyber security. Some of the potential harm that could be caused by such a compromise include; users could accidently or deliberately misuse their privileges and cause unauthorised information access

Attackers could also exploit these privileges to gain administrative level access and even negate security controls to increase the scope of their attack.

Some sensible steps that should be taken to manage these risks include;

  • Effective account management – manage the lifecycle of accounts from start to finish when staff leave, including temporary accounts
  • User authentication and access control – issue and enforce an effective password policy and incorporate two factor authentication for secure systems
  • Limit privileges – give users the minimum rights that they need
  • Limit the use of privilege accounts – limit the access to privileged rights and ensure administrators use normal accounts for standard business use
  • Monitor and logging – monitor user activity and log all events to an audit and accounting system for future analysis
  • Education – educate users of their responsibilities to adhere to corporate security policies

GDPR: 9 Steps to Implement a Security Mgmt Tool

Download the PDF Version (GDPR Get Prepared SIEM Checklist)

Background

The General Data Privacy Regulation (GDPR) officially known as REGULATION (EU) 2016/679, will come into force on 25thMay of 2018. The regulation covers the protection of natural persons with regard to the processing of personal data and on the free movement of such data. The regulation builds on existing data protection regulations such as the UK Data Protection Act 1998, the Belgian Privacywet, or the German Bundesdatenschutzgesetz (BDSG).

The regulation will affect the vast majority of businesses as most businesses today hold personal data, even if it’s only HR data. A significant change is that it will put data processors under significantly more legal liability if a breach occurs.

Breaches will need to be reported within 72 hours and must include information such as;

  • The nature of the personal data breach including, where possible:
  • A description of the likely consequences of the personal data breach; and
  • A description of the measures taken, or proposed to be taken, to deal with the personal data breach and, where appropriate, of the measures taken to mitigate any possible adverse effects.

 

If the breach is sufficiently serious to warrant notification to the public, the organisation responsible must do so without undue delay.

In light of the tight timescales for reporting a breach – it is important to have robust breach detection, investigation and internal reporting procedures in place. The following sections of this booklet outlines a checklist to implement a robust security and event management platform that will be a core component of a GDPR compliant security strategy.

 

  1. Implement a Security and Event Management Tool (SIEM)

A SIEM is a fundamental security tool for many organisations.

Implementation of a SIEM helps companies monitor all users and system activity to identify suspicious or malicious behaviour. This is achieved by centralising logs from applications, systems, and the network and correlating the events to alert where unexpected activity is detected.

You can then investigate the cause of the alarm and build up a view of what has occurred by determining if a particular attack method was utilised, looking at related events, source and destination IP address, and other details.

Article 30 of GDPR states that each controller, and where applicable, the controller’s representative, shall maintain a record of processing activities under its responsibility.

You must also take into consideration data stored or processed in cloud environments. If personal data is in the cloud, it is within the scope of GDPR, and therefore it is beneficial for the SIEM tool to maintain a record of activity across your public and private cloud infrastructure as well as on premises.

 

  1. Create a Log of Critical Assets that Store/Process Sensitive Data

GDPR covers all IT systems, network, and devices, including mobile devices, making it essential that you account for all assets across your infrastructure and understand where personal data is held.

It’s important to record all assets and locations that process or store personal data. It’s also worth noting that your company could be exposed to attacks and regulatory fines if employees process or store personal data on unapproved devices.

Without strong governance practices in place, it can be easy to lose track of assets.

It is important to sample your systems, networks, and data stores to determine if personal data is exposed outside your defined data flows and environments.

Keep in mind that this is a process. Records will need to be updated on an ongoing basis as your business and technology changes.

 

  1. Undertake Vulnerability Scanning

To identify where weaknesses exist that could be exploited

New vulnerabilities in systems and applications arise almost daily.

It is essential that your organisation stays on top of these weaknesses with regular vulnerability scanning.

These vulnerabilities may exist in software, system configuration, in business logic or processes. It is essential to consider all aspects of vulnerabilities and where they can exist.

However, simply finding a vulnerability is often not enough.

There are multiple factors that need to be considered such as whether the systems are in accordance with GDPR and what the business-criticality is, whether intrusions have been attempted, and how the vulnerability is being exploited by attackers in the wild.

Effective vulnerability assessment requires continuous scanning and monitoring of critical assets where personal data is stored or processed. It is equally as important to monitor cloud environments in addition to on-premises environments.

 

  1. Conduct Risk Assessments

To identify where weaknesses exist that could be exploited

The use of an information security framework can assist by providing a starting point for organisations to better understand the risks facing the business.

Article 35 of GDPR requires organisations to conduct a data protection impact assessment (DPIA) or similar. Whereas Article 32 of the regulation requires organisations to “implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk.”

Existing frameworks such as NIST, ISO / IEC 27001, or similar standards can assist companies in undertaking and supporting the DPIA process.

While GDPR does not specify a framework for risk assessments or threat modelling, a company’s adherence to any well-established and internationally recognised standard will make demonstrating compliance with Articles 32 and 25 much more likely in the event of a breach.

 

  1. Regularly Test

To gain assurance that security controls are working as designed, GDPR asks for a process for regularly testing, assessing, and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.

Assessing and evaluating the effectiveness of security controls is by no means an easy feat. Usually, the larger the IT environment, the more disparate the technology stack, and the more complex the environment. Thus, the harder it is to gain assurance.

Three broad techniques exist to validate the effectiveness of security controls:

  1. Manual assurance. This involves audits, assurance reviews, penetration testing and red-team activities.
  2. Consolidated and integrated security products, so that fewer point products need to be managed and reported on.
  3. The use of automated assurance technologies.

With these methods, you can gain a measure of assurance that your systems are secured as intended. However, it is worth remembering that assurance is not a one-time effort, rather an ongoing, repeatable process.

 

  1. Ensure Threat Detection Controls are in Place

To reliably inform you in a timely manner when a breach has occurred, GDPR requires organisations to report to the regulatory body within 72 hours of being aware of the breach.

For high-risk events, the controller must notify data subjects without any delay. The typical time-to-compromise continues to be measured in minutes, while time-to-discovery remains in weeks or months. In such circumstances, it’s essential to have comprehensive threat detection capabilities that can detect issues as soon as they occur.

Threats can occur internal to the company or externally and can be on-premises or in cloud environments. This makes it important to be able to collect and correlate events quickly as well as supplement the information with reliable threat intelligence to stay on top of emerging threats.

There is not one place or tool that will be suitable for all purposes. At times a threat is discovered on the endpoint, the perimeter, or by analysing internal traffic. In this case, controls should be placed accordingly in the environment to increase the chance of detecting threats as soon as they occur.

 

  1. Monitor Network and User Behaviour

To identify and investigate security incidents rapidly, GDPR is focused on ensuring that citizen data is gathered and used appropriately for the purposes it was stated.

Therefore, it is important to focus not just on external threats or malware, but also to detect whether users are accessing data appropriately. Context is critical when evaluating system and network behaviour.

For example, an abundance of Skype traffic in the network used by your inside sales team is probably a normal part of operations. However, if the database server that houses your customer list suddenly shows a burst of Skype traffic, something is likely wrong.

There are many methods that can be deployed to monitor behavioural patterns. One method is to utilize NetFlow analysis, which provides the high-level trends related to what protocols are used, which hosts use the protocol, and the bandwidth usage. When used in conjunction with a SIEM, you can generate alarms and get alerted when your NetFlow goes above or below certain thresholds.

 

  1. Have a Documented and Practiced Incident Response Plan

To comply with GDPR regulations, organisations need to have a plan in place to detect and respond to a potential data breach to minimise its impact on EU citizens. In the case of an attack or intrusion, a streamlined incident response process can help you respond quickly and effectively to limit the scope of the exposure.

If you have unified threat detection controls and processes established to alert you to an incident, your incident response plan should be able to quickly and accurately determine the scope of impact. You should investigate all related events in the context of other activity in your IT environment to establish a timeline, and the source of attack should be investigated to contain the incident.

Once you have controlled the incident, you should evaluate if a possible breach of personal data occurred and decide if reporting is required under GDPR. Then, you should prioritise and document all response and remediation tactics. Be sure to verify that your incident response activities have successfully remediated the issue. You will need to inform the regulator of all steps taken, and where necessary, inform any affected EU citizens.

 

  1. Have a Communication Plan in place to detect and respond to a potential data breach

In the event of a breach, your organization must report to the regulatory body within 72 hours of being aware of the breach.

For high-risk events, the controller must notify data subjects without undue delay (Article 31).

The notification given is required to at least:

  • Describe the nature of the breach
  • Provide the name and contact details of the organization’s data protection officer
  • Describe the likely consequences of the breach
  • Describe the measures taken or proposed to be taken by the data controller to address the breach and mitigate its adverse effects.

Ask yourself:

  • Can I identify whether systems in scope of GDPR are affected in a breach?
  • Do I have the contact details of the regulatory body that I need to notify?
  • If need be, do I have a reliable mechanism to contact affected customers

 

Speak to one of our Experts?

We help businesses of all shapes and sizes in protecting their vital IT assets. For a consultation with our team as to how we can help protect you from a cyber breach, simply get in touch for a free, no-obligation conversation. Alternatively, our free downloadable guide offers more insight into avoiding (and surviving) a cyber-attack.

GDPR: 12 Steps That You Can Take Right Now

So now we know what it is and what it means, this week we take a look at what we should do about it. A really useful starting point is contained in the Information Commissioners website which provides a range of resources explaining GDPR and how organisations can go about preparing to comply with it.

Their 12 steps guide covers the initial activities that can be started immediately and include;

  • Awareness of Decision Makers
  • Information Audit
  • Update Privacy Notices
  • Procedures for Individual Rights
  • Subject access requests procedures
  • Consent procedures
  • Under-age Consent Procedures
  • Privacy Impact Assessments
  • Data Protection Officer
  • International Implications

The guide is summarised below for convenience.

1. Awareness 

You should make sure that decision-makers and key people in your organisation are aware that the law is changing to the GDPR. They need to appreciate the impact this is likely to have.

 

2. Information you hold

You should document what personal data you hold, where it came from and who you share it with. You may need to organise an information audit.

 

3. Communicating privacy information

You should review your current privacy notices and put a plan in place for making any necessary changes in time for GDPR implementation.

 

4. Individuals’ rights

You should check your procedures to ensure they cover all the rights individuals have, including how you would delete personal data or provide data electronically and in a commonly used format.

 

5. Subject access requests

You should update your procedures and plan how you will handle requests within the new timescales and provide any additional information.

 

6. Lawful basis for processing personal data

You should identify the lawful basis for your processing activity in the GDPR, document it and update your privacy notice to explain it.

 

7. Consent

You should review how you seek, record and manage consent and whether you need to make any changes. Refresh existing consents now if they don’t meet the GDPR standard.

 

8. Children

You should start thinking now about whether you need to put systems in place to verify individuals’ ages and to obtain parental or guardian consent for any data processing activity.

 

9. Data Breaches

You should make sure you have the right procedures in place to detect, report and investigate a personal data breach.

 

10. Data Protection by Design and Data 

Protection Impact Assessments. You should familiarise yourself now with the ICO’s code of practice on Privacy Impact Assessments as well as the latest guidance from the Article 29 Working Party, and work out how and when to implement them in your organisation.

 

11. Data Protection Officers

You should designate someone to take responsibility for data protection compliance and assess where this role will sit within your organisation’s structure and governance arrangements. You should consider whether you are required to formally designate a Data Protection Officer.

 

12. International

If your organisation operates in more than one EU member state (i.e you carry out cross-border processing), you should determine your lead data protection supervisory authority. Article 29 Working Party guidelines will help you do this.

In our next blog we will discuss some of the technical implications borne out of GDPR compliance.

 

Speak to one of our Experts?

We help businesses of all shapes and sizes in protecting their vital IT assets. For a consultation with our team as to how we can help protect you from a cyber breach, simply get in touch for a free, no-obligation conversation. Alternatively, our free downloadable guide offers more insight into avoiding (and surviving) a cyber-attack.

10 Quick Facts you need to know about GDPR

1. It is an EU regulation as of 27 April 2016. Which gives EU citizens additional privacy and rights

http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN

 

2. GDPR is legally enforceable from 25 My 2018

 

3. GDPR imposes higher fines – 4% annual global revenue or 20m euro, whichever is greater. Non-EU companies that process individual data will need to comply.

 

4. Key features

  • Obtaining permission for processing personal data must be clear and must seek affirmative response
  • Data subject has the right to be forgotten and records erased
  • Controllers must report data breach within 72 hours, unless it is low risk
  • Adequate contracts must be in place for processing data

 

5. Individual rights include

  • Correction
  • Consent
  • Access
  • Portability

 

6. Notification of Breach must include

  • How many records exposed
  • Any mitigating measures taken
  • Categories of data breached
  • Measures taken to prevent breach
  • Risks to individuals

 

7. What is a breach?

A personal data breach means a breach of security leading to the destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.

 

8. GDPR will still apply despite Brexit

 

9. Regulator will have beefed up powers

  • Warnings
  • Reprimands
  • Compliance orders
  • Ban processing
  • Fines
  • Ban processing
  • Order suspension of data flows

 

10. You still have time – JUST

Start the process by auditing your data usage

https://ico.org.uk/for-organisations/resources-and-support/data-protection-self-assessment/getting-ready-for-the-gdpr/

 

Speak to one of our Experts?

We help businesses of all shapes and sizes in protecting their vital IT assets. For a consultation with our team as to how we can help protect you from a cyber breach, simply get in touch for a free, no-obligation conversation. Alternatively, our free downloadable guide offers more insight into avoiding (and surviving) a cyber-attack.

Nyetya Global Ransomware – actual costs

You may recall our recent blog post below which was posted in June.

A new ransomware virus variously named Nyetya, Petrwrap and GoldenEye has been spreading globally over the last 24 hours.


This virus is distinct from WannaCry and other initially suspected variants, it has some unique new features which makes it harder to detect and defend against, clearly showing that today’s malware landscape is evolving apace. This rapidly changing threat landscape has a number of factors including; leaked tools from government agencies, more advanced security controls that require advanced malware (the cat and mouse game) or just because attackers are more determined and more capable.

This and other recent virus attacks serves to reinforce the need for a defence in-depth approach to security with comprehensive controls at all levels of an organizations IT infrastructure.

Some figures have been released about the actual financial damage caused by the virus

It cost the TNT division of parcel delivery company FedEx over $300m, losses are continuing and the company has not yet fully restored its systems. At one stage they had to resort to WhatsApp for internal communication because email systems were not useable.

Shipping company Maersk has announced damage around the $300m mark also.

Reckitt Benckiser the company behind household brand names such as Dettol and Durex have also taken a massive hit announcing potential attributable losses at a minimum of $140m. This figure is due to be updated when they announce results in October.

More details about these costs and impact on the businesses can be found in the BBC article below.

View the article

With such eye-watering figures from just a few selected companies who have been transparent enough to share the information, you really wonder the full scale of damage that this and other cyber attacks have caused.

Speak to one of our Experts?

We help businesses of all shapes and sizes in protecting their vital IT assets. For a consultation with our team as to how we can help protect you from a cyber breach, simply get in touch for a free, no-obligation conversation. Alternatively, our free downloadable guide offers more insight into avoiding (and surviving) a cyber-attack.

Ransomware 101 – How To Combat It

Ransomware has grown to become the most popular cyber attack method on the Internet today. Growing at a rate that will see it become a $1 trillion dollar industry within a few years.

It is imperative that every business develop and execute a comprehensive ransomware defense strategy to ensure the survival of their business. An invaluable tool to help with this plan is provided by Cisco in the form of flipbook aimed at combating Ransomware.

The flipbook includes;

  • An overview of Ransomware
  • Infection methods
  • How to prevent infections
  • Detecting and containing infections
  • Learning lessons after an attack
  • Elements of a multi-layered defense

We know you will find this resource highly valuable and well worth investing a little of your time.

Click to view the Flipbook

 

Speak to one of our Experts?

We help businesses of all shapes and sizes in protecting their vital IT assets. For a consultation with our team as to how we can help protect you from a cyber breach, simply get in touch for a free, no-obligation conversation. Alternatively, our free downloadable guide offers more insight into avoiding (and surviving) a cyber-attack.

Cyber Report – Detection time reducing to 4 hrs

Once Malware breaches a business, it goes about whatever activity it has been programmed to undertake to be that CnC, file encryption or just general reconnaissance and infection of other devices and networks. The longer the malware remains undetected, the more potential damage it can do.

Cisco’s inception the Cisco Security report has tracked the time to detection of malware. Time to detection, or TTD, is the window of time between a compromise and the detection of a threat. The industry average for 20 known malware was a staggering 100 days and while it has fallen this year, it still means that for 20 known malware types, cyber attackers have on average a vast amount of time to probe and create maximum damage. Cisco research base on telemetry contained with it’s globally deployed devices has steadily seen it’s own detection time reduce to 3.5 hours as of April 2017.

Increases in the median TTD indicate times when cyber attackers introduce new threats. Decreases show periods where defenders are identifying known threats quickly. Since the summer of 2016, the ongoing tug-of-war between attackers and defenders has been less dramatic, with the latter taking back ground quickly after each attempt by adversaries to gain—and maintain—the upper hand.

Developments in the cyber threat landscape, especially within the past six months, show that cyber criminals are under even more pressure to evolve their threats to evade detection and devise new techniques.

The figure below shows the median TTD for the top 20 malware families by percentage of detections that researchers observed from November 2016 to April 2017. Many of the families that Cisco products are detecting within their median TTD of 3.5 hours are industrialized threats that move fast and are widespread. Old and prevalent threats are also typically detected below the median TTD.

Many malware families can still take a long time for defenders to identify even though they are known to the security community. That’s because the attackers behind these threats use various obfuscation techniques to keep their malware active and profitable. Some of these malware families include —Fareit (a remote access Trojan or “RAT”), Kryptik (a RAT), Nemucod (a downloader Trojan), and Ramnit (a banking Trojan)—use specific strategies to stay ahead of defenders.

Many malware families can still take a long time for defenders to identify even though they are known to the security community. That’s because the attackers behind these threats use various obfuscation techniques to keep their malware active and profitable. Some of these malware families include —Fareit (a remote access Trojan or “RAT”), Kryptik (a RAT), Nemucod (a downloader Trojan), and Ramnit (a banking Trojan)—use specific strategies to stay ahead of defenders.

Their methods are effective: As the Figure above shows, all these families were outside the Cisco median TTD window of 3.5 hours— Kryptik significantly so. Even Nemucod, the most frequently detected among the top families shown, takes longer to identify because it evolves so rapidly.

In many instances, businesses are using outdated modes of protection against these threats and may typically fall in the industry average which days not hours. Many businesses are still dependent on Anti-Virus software and Firewalls rules as their principle means of protection.

Given the evolved nature of threats and their ability to easily evade traditional methods of detection, the traditional approach is akin to using a colander to catch water.

A more sophisticated approach to cyber threat defences involving a combination of adaptive, integrated detection techniques with automated protection is necessary for business today.

Speak to one of our Experts?

We help businesses of all shapes and sizes in protecting their vital IT assets. For a consultation with our team as to how we can help protect you from a cyber breach, simply get in touch for a free, no-obligation conversation. Alternatively, our free downloadable guide offers more insight into avoiding (and surviving) a cyber-attack.