10 months ago



news BUSINESSES BEGIN TO FIGHT BACK Darren Anstee More than half of firms (57%) have experienced a cyber-attack in the past year and two in five (42%) have had to deal with two or more. That's the finding of Hiscox's latest Cyber Readiness Report, compiled from a survey of more than 3,000 executives, departmental heads, IT managers and other key professionals in the UK, US and Germany. Larger companies, particularly those in the US, are targeted most often. The average cost of the largest cyber security incident experienced ranges from 22,000 euros for very small German companies to US$102,000 for very large US companies – somewhat lower than the headline figures often seen. It takes time to get back to 'business as usual' though. While three out of five businesses (62%) took less than 24 hours to uncover their biggest cyber incident in the past 12 months, and a quarter (26%) did so within an hour of its occurrence, nearly half (46%) of businesses took two days or more to get back to business as usual. "As Hiscox reported, the impacts of a successful attack are multi-dimensional, with some costs being immediate and some more long lived," said Darren Anstee, chief security technologist at Arbor Networks. "Our latest research found that brand damage was the most commonly cited impact of a DDoS attack, beating out even operational expense. While this is not a good thing in and of itself, we are seeing increasing proportion of organisations factoring cyber threats into their business and IT risk assessment processes, which should lead to the right investments being made in defensive solutions and services." TOP PHISHING TARGETS: GOOGLE, YAHOO AND APPLE The 2017 Webroot Threat Report has revealed that, for every new phishing URL impersonating a financial institution, there were more than seven impersonating technology companies – a significant change since 2015 when the ratio was less than one to three. This increase may indicate that it is easier to phish a technology account and that, due to password reuse, they can be more valuable to hackers as a gateway to other accounts. The top three phishing targets in 2016 were Google, Yahoo and Apple. Hal Lonas, chief technology officer at Webroot, commented: "It's clear that relying on threat lists, virus signatures, and simplistic rules for protection is wholly insufficient against a threat landscape that is constantly evolving. Proven, real-time machine learning-based analysis that PALO ALTO NETWORKS SEES THE LIGHT Mark McLaughlin Palo Alto Networks has acquired LightCyber, a privately held cybersecurity company that has developed highly automated and accurate behavioural analytics technology, for $105 million in cash. Palo Alto Networks will continue to offer the LightCyber products and also support existing customer implementations while it Hal Lonas includes an understanding of threat behaviour and context is necessary for accurate decision making and protection from today's threats." engineers the technology into the Palo Alto Networks Next-Generation Security Platform by the end of the calendar year. Bringing behavioural analytics to the platform will enhance its automated threat prevention capabilities and the ability for customer organisations to prevent cyber breaches throughout the entire attack lifecycle. "The LightCyber team's vision to bring automation and machine learning to bear in addressing the very difficult task of identifying otherwise undetected and often very sophisticated attacks inside the network is well aligned with our platform approach," said Mark McLaughlin, chairman and CEO of Palo Alto Networks. "This technology will complement the existing automated threat prevention capabilities of our platform to help organisations not only improve, but also scale their security protections to prevent cyber breaches." 6 computing security March/April 2017 @CSMagAndAwards

case study news BAROMETER'S HIGHS AND LOWS Alistair Millar A new security barometer, carried out by office technology specialists Altodigital to better understand the impact of security breaches on UK business, has discovered almost one in five (18%) businesses has been targeted by hackers in the last 12 months, costing the economy a whopping £1.9 billion. The barometer has been directly compared to Altodigital’s security barometer from 2013 to discover how much UK businesses have developed, in terms of office security and to see if the business community is keeping up with cyber criminals. The study found that the average cost of a hack to a UK business was more than £2,000 each. It's not all bad news, though. Only 16% of UK employees admitted that there's a lack of concern at management level to invest in a reliable security infrastructure – a large reduction from 2013 when it was a more significant 28%. Alistair Millar, group marketing manager at Altodigital, commented: "Although UK businesses still have a long way to go, in terms of security in the office, especially concerning simple elements like firewalls and changing passwords, it's very positive to see that the amount of hacks has decreased significantly and a huge majority of UK IT directors always wipe their internal hard drives before disposing of them." 'DEEP DIVE' TO PINPOINT HOW SMES BEAR BRUNT OF CYBER-ATTACKS Cybercrime is a major issue, costing the global economy about £300 billion a year and small-to-medium size businesses (SMEs) are a growing target for cyber criminals. Cyber security threats affect every business and organisation, regardless of size or industry, and impact every department: finance, marketing, compliance, risk, legal and IT. The World Economic Forum (WEF) listed cybersecurity as one of the greatest threats to businesses globally, yet the majority of businesses do not have internal cyber security expertise. A new, 'deep-dive' one-day event, Cyber Security SME – County Hall London, 20 June – will inform and sign-post owners ONLINE EXTORTION HITS NEW HEIGHTS Ed Cabrera Trend Micro's annual security roundup report, '2016 Security Roundup: A Record Year for Enterprise Threats', just released, proves 2016 was truly the year of online extortion. Cyber threats reached an all-time high, with ransomware and business email compromise (BEC) scams gaining increased popularity among cybercriminals looking to extort enterprises. A 748% increase in new ransomware families ultimately resulted in $1 billion in losses for enterprises worldwide. Trend Micro and the Zero Day Initiative (ZDI) and directors of small-to-medium size businesses about the steps they need to take to protect their assets from evergrowing risks. For more information, go to: discovered 780 vulnerabilities in 2016. Of these, 678 were brought to ZDI through their bug bounty program; then ZDI verifies and discloses the issue to the affected vendor. Compared to vulnerabilities discovered by Trend Micro and ZDI in 2015, Apple saw a 188% increase in vulnerabilities, while Microsoft bugs decreased by 47%. Additionally, the use of new vulnerabilities in exploit kits dropped by 71%, partially due to the arrest of the threat actors behind Angler that took place in June 2016. "As threats have diversified and grown in sophistication, cybercriminals have moved on from primarily targeting individuals to focusing on where the money is: enterprises," said Ed Cabrera, chief cybersecurity officer for Trend Micro. "Throughout 2016, we witnessed threat actors extort companies and organisations for the sake of profitability and we don’t anticipate this trend slowing down. This research aims to educate enterprises on the threat tactics actively being used to compromise their data, and help companies adopt strategies to stay one step ahead and protect against potential attacks." March/April 2017 computing security @CSMagAndAwards 7