Written by Haydon Kirby – 9th of January 2018
There was a distinct rise in cyber attacks during 2017. Security breaches rose more than 27% and ransomware attacks doubled, we saw WannaCry, Petya and BadRabbit infect thousands of computers and large businesses across the globe. Unarguably in 2017, one of the most prolific and damaging data breaches the world has seen in years was the Equifax data breach; whereby 143 million customer records were compromised over the period of a month. The devastating effect this attack had on the credit markets was astounding and an good example of how disruptive and expensive security breaches can be.
Taking the learnings from last year, it is clear that in 2018, cyber criminals will use even more advanced methods of attack to penetrate businesses. Cyber security measures are now being enhanced by Governments around the world and there are several new initiatives and regulations coming in to force such as the EU General Data Protection Regulation GDPR.
In this blog, we’re going to explore the biggest cyber security threats to be aware of in 2018 and give you some useful advice to help safeguard your business.
A business around the world is hit by a Ransomware attack every 40 seconds. In the first quarter of 2017, it was reported that a business was attacked every 2 minutes, but by the third quarter it was every 40 seconds. In 2018, it’s safe to say that these attacks will increase.
Ransomware was relatively unknown to many people but has become a known threat over the past few years due to the regularity and scale of attacks. Last year the NHS was hit by the WannaCry ransomware which has risen the awareness of these type of attacks.
Ransomware encrypts either an individual’s computer or an entire network of computers and injects malicious software that stops the user(s) from being able to use their computer until a ransom is paid to the individual or criminal organisation behind the attack.
However, many people fall in to the trap of paying the ransom hoping the’ll retrieve their data. This is often not the case as once the money is paid there is no guarantee the machine/network will be decrypted. If you are a victim to a ransomware attack, we recommend that you contact us as we may be able to retrieve the encrypted data for you.
How can you protect yourself from ransomware?
Many businesses believe the best form of protection from Ransomware is implementing a regular backup. Although this is a good practice, it’s not a preventative method of protecting against Ransomware attacks and some types of backups can also be intercepted. There is a wide range of preventative equipment and software you can implement to prevent ransomware attacks on your business. We highly recommend Sophos Intercept X and WatchGuard Firewall Solutions together with cloud and on premise backup coupled with a robust disaster recovery plan.
Here are the recommended steps you should take to ensure you are protected against Ransomware attacks.
In our blog ‘The framework and components of a Cyber Security strategy’ we explore the products mentioned above in more detail and explore the benefits of each.
Supply Chain Attacks
We predict there will also be an increase in supply chain attacks. Most businesses communicate with a variety of partners and third-party vendors and often this will include the sharing of sensitive data and information. You may be able to trust that your own businesses security is up to scratch, but what about those who you partner and share that information with?
Supply chain attacks generally occur from third party software providers, third party data storage and websites and watering holes; which are all used to distribute harmful malware. Cyber criminals identify the vulnerabilities of the weakest member of a supply chain to target. Once they have accessed that business’s data they can then potentially access the data from others within the supply chain.
How to protect against Supply Chain Attacks?
The key thing to remember is that the security of a supply chain is only as strong as the weakest member of the chain. If you use supply chains such as storing data offsite on a third party servers or website hosting we recommend you check the security of all members within the chain and ensure you have adequate protection against supply chain attacks.
In our useful blog ‘Supply Chain Cyber Attacks – what businesses need to know’ we explore supply chain attacks in more detail and the four different forms.
The Internet of Things (IoT)
The Internet of Things, which is in effect a network of internet-connected objects able to collect and exchange data using embedded sensors such as an Apple Watch, Mobile or Smart Meter can become vulnerable to cyber attacks. Whilst the IoT emerged initially with a focus on domestic products, these IoT market has now expanded in to providing workplace solutions such as sophisticated door entry systems, automated thermostats and smart coffee machines.
With many businesses choosing to now deploy IoT devices in the workplace, they must select them carefully and fully understand how they are managed and the security risk they could pose to the business. All it takes is for one IoT device on the network to be insecure, which opens the door for cyber criminals to seek this vulnerability and potentially gain access to an entire network.
Below is an image of how IoT is being used in industry:
How can you protect yourself against IoT?
We would recommend that before any IoT device is connected to your business network that a thorough risk assessment is carried out where your IT Team has assessed the security risks and is familiar with the management of the product. If you don’t have the resources or knowledge available to you to carry out these assessments please do get in touch – we will be happy to help.
Undoubtedly, 2018 is going to be a challenging year for businesses across the UK and with the GDPR looming over everyone, a lot of businesses will be panicking to prepare in time. It is important that businesses review their cyber security strategy and ensure they have taken the correct steps to prevent a data breach to minimise the risk of the large fines the GDPR carries if a business is deemed non compliant.
If you have any questions or concerns about any of the forms of cyber attacks we have listed in this blog then please feel free to get in touch and one of our security specialists will be happy to discuss.
If you found this blog useful, you may want to read our blog ‘GDPR and the role of a Data Protection Officer’ which will help you prepare for the GDPR and understand if your business needs to appoint a Data Protection Officer in order to be compliant.