Cyber crime: ransomware attacks

Ransomware-banner

 Ransomware is malware that encrypts an individual's files so that they no longer have access to them, and subsequently demand payment for the files to be released. Usually the payment is asked to be made in an untraceable cryptocurrency form, such as Bitcoin. The most common way ransomware ends up on an individual's computers is through email spam, which individuals will click on and open.

Unfortunately, the files cannot be decrypted without a mathematical key which is only known by the cyber attacker, and the reason why many individuals tend to pay up. However, many find that despite paying the ransom, their files remain encrypted.

When looking at which countries were affected by ransomware attacks the most, the UK was found to have the highest percentage out of Europe:

  Figure 1: Cybercrime Tactics and Techniques: Ransomware Retrospective Report, Malwarebytes

Despite the NHS facing one of the worst ransomware attacks in May 2017 - the WannaCry ransomware attack - which cost the NHS £92m and caused more than 19,000 appointments to be cancelled (The Department of Health), this chart clearly highlights how organisations in the UK still need to invest more into their Cyber Security solutions to stay protected from ransomware attacks.

At Exponential-e, we help organisations that have been affected by ransomware attacks. Our Head of Cyber Consultancy, Mark Belgrove, discusses a real-life cyber attack in the video below, and shares how Exponential-ehelped mediate the situation. 

  183 Hits
183 Hits

Phishing: attacks and prevention

Phishing-attacks

Phishing is the fraudulent use of electronic communications to try and obtain sensitive information, such as usernames, passwords and credit card details by posing as a legitimate institution. Phishing attacks attempt to get individuals to click on a malicious link and enter confidential information to steal their identity, funds or to be the first step in a serious cyberattack against an organisation.

Continue reading
  463 Hits
463 Hits

The importance of securing your data - Part 2: Data Loss Prevention tools

The-importance-of-securing-your-data-Part-2-Data-Loss-Prevention-tools

All organisations store data, and regardless of whether it's a recipe or an algorithm, this data is an organisation's most prized asset, which is why hackers make it their target. The Cyber Security Breaches Survey 2019 from the Department for Digital, Culture, Media & Sport (DCMS) found that 32% of businesses identified cyber security breaches or attacks in the last 12 months, which have cost an average of £4,180 in lost data and assets

Continue reading
  537 Hits
537 Hits

The importance of securing your data - Part 1: Privacy and compliance

The-importance-of-data-loss-prevention

Cybercriminals are only getting more cunning and skilful with their cyber attacks, which is bad news for organisations when it comes to meeting privacy and compliance regulations. There can be significant legal implications for organisations if their data is not secure and regulations are not met. For instance, since the GDPR (General Data Protection Regulation) came into effect in May 2018, data protection regulators have imposed 114 million euros (approximately 97 million pound) worth of fines under the GDPR regime (GDPR Data Breach Survey 2020 by DLA Piper).

Continue reading
  489 Hits
489 Hits

How technology enables organisations to be more agile

How-technology-enables-organisations-to-be-more-agile
Although 'agile' has become a hype word, it is an important concept that organisations should strive to achieve in a world of continuous change and uncertainty. Being agile enables organisations to be more adaptive and reactive to the changing market, allowing them to respond quickly to customers' demands to keep a competitive edge.
Continue reading
  1499 Hits
1499 Hits

The future of CSOC: Threat Intelligence

The-future-of-CSOC-Threat-Intelligence

​ Organisations generate millions of system logs every day from the likes of servers, firewalls and network devices. Their ability to process, analyse and react to this information affects how they will manage any security risks and incidents. To help process this data, many organisations implement a Security Incident and Event Management (SIEM) system or outsource to a Cyber Security Operations Centre (CSOC) for their monitoring, which provides a real-time analysis of security alerts.

Continue reading
  876 Hits
876 Hits

Cyber breach prevention

cyber-security-advisory

With cyber breaches growing in volume and frequency (Carbon Black reported that 88% of UK organisations suffered a breach in 2018) you can guarantee that your organisation will be targeted by cybercriminals at some point.

Continue reading
  1240 Hits
1240 Hits

Cyber security expertise and the global skills gap

Cyber-Security-Skills-Gap_Large

By 2019, 1 to 2 million roles within cyber security will be unfulfilled. That's a figure that should strike fear into the heart of even the most stoic of business people. The threat of cyberattacks is growing quickly, and there aren't enough skilled people in place to control the wildfire.

This global cyber security skills crisis isn't exactly a new problem, though. Over the last 2 years, 40% of cyber security roles remained unfulfilled, despite an increase in job postings of over 74%. This is a problem, then, that's been smouldering in the background for a long time, and consequently now has the potential to create some serious destruction.

What's fuelling the fire?

Although there is a growing understanding of how vital cyber security is, organisations still don't necessarily understand exactly how fundamental it is to the success of their companies. Just look at cyber security budgets, which usually account for only 25-30% of an organisation's total IT spend (according to the IDC.)

With the number of attacks only growing, this is clearly not enough money. Every time a company gives an employee a take-home device, they're exposing themselves to a lot more than 25-30% of the total security threats!

Even if there were enough people applying for cyber security roles, the relatively meagre budget allocated to cyber security by most organisations still wouldn't be sufficient to hire all the cyber security professionals they need.

Out with the in-housing, in with the out-sourcing!

What with the lack of applicants and budget allocation, many companies are now choosing to outsource their cyber security teams. By the time we get to 2020, it's likely that most organisations won't have their own in-house cyber security skills.

For most companies, the best way to plug the cyber security skills gap is to call in organisations that offer an offsite security service. Even better, they can call in an organisation which provides the cyber security element on top of other useful offerings, like network and virtual data centre services (conveniently).

Going this route is making organisations' total IT spend more efficient.

This is because you don't have to invest in the infrastructure. By outsourcing, you can be flexible with the scope of the estate. You are also going to get better quality responses from analysts because they are keen to make sure you want to maintain the service.

These analysts add an extra dimension to the organisation – you don't have to hire them but they're there. To cut a long story short, if and when the big alarm goes off (and something goes wrong), there's always someone there to help fix it. An outsourced security team is probably going to give your organisation a lot more value than the 25-30% you're currently spending on your IT budgets – their expertise will really give you more bang for your buck.

And crucially, you can switch this service on and off as you wish. The job of a Cyber Security Operations Centre (CSOC) is to be there to protect what really matters - when it matters.

Anyone can buy the tools to offer a cybersecurity service. You can buy a firewall quite easily - just pop onto the internet and order one. But the value lies in knowing what the output means – and which next steps to take. Your recently purchased firewall isn't going to do you much good if you don't know what it's telling you. Therefore, most organisations need to bring in expert cyber security monitoring and advisement in order to get the best use out of their technology. And who wouldn't want to do a better job whilst saving money?

  935 Hits
935 Hits

Post-GDPR: key learnings for housing associations

Post-GDPR-Key-Learning-For-Housing-Associations

The GDPR deadline day of 25th May has been and gone, but sticking to the legislation remains as important as ever. This is because GDPR is, in fact, not something that can just be 'done'; instead, it is ongoing and needs to be constantly changed and updated. The onus is on housing associations to comply with GDPR not just today, but in six months, a year, two years, and beyond. 

Continue reading
  872 Hits
872 Hits

The changing faces of security

The-Changing-Face-of-Security

Cyber security is more complex now than ever before, and the implications of a cyber-attack can be much more disastrous. Organisations must consider not only the financial implications but the reputational damage that can arise following an attack. The proliferation of social platforms and the increasing needs of regulation, mean that security breaches can be publicised across the globe within minutes. Whilst the cost of launching a cyber-attack has reduced over the last few years, the cost of defence has risen. This is because there's a greater variety of attack vectors – means by which an attacker can gain access to your network. The methods deployed are so vast, compared to previously, that it makes it increasingly difficult to build an effective defence against. Highly sophisticated cyber-attacks are also using automation techniques to maximise their damage, to the extent where one piece of code can be used many thousands of times. 

Continue reading
  912 Hits
912 Hits

The recent evolution of the Cyber Threat landscape for Financial Services

The-recent-evolution-of-the-Cyber-Threat-landscape-for-Financial-Services

As the Financial Services (FS) industry continues to adopt and leverage digital technologies to innovate and deliver customer-centric outcomes, there is also a major focus on inward change, on improving employee experience through streamlining, simplifying and consolidating platforms, infrastructure and processes. Of course, Digital Transformation comes with an abundance of risks. Some of these are already widely recognised and covered by the mainstream media, some are newly emerging, and others are as yet unknown.

Continue reading
  1784 Hits
1784 Hits