Welcome to the Ironshare Cyber Round-up where we look back atthe events of that last week and cover some of the news, posts, views, and highlightsfrom the world of Security.
In this week’s round-up:
The global insurance specialist Hiscox has released its 2019Cyber Readiness Report that surveyed 5,400 small, medium and large businessesacross seven countries (UK, US, Belgium, France, Germany, Netherlands &Spain) to determine how prepared they are for dealing with cyber-attacks.
As the number and intensity of cyber-attacks continues to rise,61% of firms confirmed they have reported an attack in the last year, a significantjump up from the 45% in 2018.
In the UK alone reported attacks rose from 40% to 55%.
The report shows that although the Large and Enterprise sizecompanies are still the most likely to be targeted in attacks, the stats highlightthat small and medium size firms are quickly catching them up.
Medium size firms of 50-249 employees have seen the biggestjump, rising to 63%, an overall increase of 27% on the previous year, with anaverage cost of attacks per business sitting at £142k.
While 47% of small firms (1-49 employees), now confirm they have been targeted, with those attacks having an average cost of £11k.
These stats prove that the smaller companies who feel that they won’t be targeted or have nothing of value to cyber criminals, clearly need to adjust their thinking and start taking action.
The introduction of the GDPR in May 2018 has no doubt had a big influence on the rise of reported attacks, especially considering the heavy fines that can follow a breach, if not reported in the mandated 72-hour time frame.
The biggest take away from this report is that although morecompanies of all sizes have become victims of one or more cyber-attacks, preparationto protect and defend our organisations is still way below where it needs tobe.
If you are one of those companies that are yet to establisha cyber security plan, then it’s time to make a start and get cyber ready.
On Thursday 18th April The Weather Channel was unableto air its usual programming for approximately 90 minutes, due to reportedtechnical difficulties.
Normal services were resumed at around 07:30 Eastern time inthe US, with weatherman Jim Cantore confirming that they had been the victim ofa cyber-attack:
“The Weather Channel, sadly, has been the victim of a malicious software attack today.”
These types of hacks on broadcasting organisations are rare,but as the majority now use IP networks to deliver their content, they are vulnerableto the same types of attacks that target other internet connected companies.
Although information on the attack is very limited, there arethoughts among researchers that this could be a result of a ransomware attack.
The Weather Channel reported via their twitter feed thatbackup mechanisms were used to restore the service and that the FBI have beenengaged to investigate the incident.
This week we heard that the UKs National Security Council (NSC)had agreed to allow Huawei to assist with the build of the Britain’s new 5G mobiledata network. After months of discussion on the subject, a decision was made, butnow serious concerns have been raised after that the agreement to involve Huaweiwas leaked prematurely by a senior member of NSC.
The NSC is chaired weekly by the PM and consists of seniorcabinet members, to discuss National Security concerns. NSC meetings are protectedby the Official Secrets Act, due to the nature of the intelligence that is sharedby the likes of GCHQ, MI5 and MI6.
The leak of any information from these meetings is of graveconcern to government, and its likely to be met with a criminal investigationinto its source. This appears to be the first time that a leak of NSC informationhas been committed, since it was established in 2010.
Using Huawei for the 5G network has been a huge debate globally, due to the risk of spying and espionage from a company that is associated with and possibly controlled by the Chinese Government.
This decision brings doubt into the Five Eyes Intelligence Alliance the UK is a part of with the US, Canada, Australia and New Zealand. Australia have already banned Huawei from their 5G projects and the US is now calling for the exclusion of Huawei from their Five Eyes allies.
In their 1st quarter earnings report for 2019,Facebook has stated they are setting aside up to $5 Billion to cover the possiblefines that may result from the FTC’s investigations into their poor datasecurity and privacy practices.
According to the earnings release Facebook stated:
“We estimate that the range of loss in this matter is $3 billion to $5 billion. The matter remains unresolved, and there can be no assurance as to the timing or the terms of any final outcome.”
In March last year the FTC said it would launch aninvestigation into their privacy violation dealings with Cambridge Analytica.
Further reports suggest that the SEC, FBI and DoJ are alsoinvestigating Facebook, and these fines could stack up quickly if found guilty,with $40,000 per violation.
And that’s it for this week round-up, please don’t forget totune in for our next instalment.
Why not follow us on social media using the links providedon the right.
Edition #38 – 26th April 2019
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
