Posts

Cyber-Security

Cyber security in 2019 – are you insured?

Cyber security in 2019 – are you insured?

The most recent figures for the extent of cybercrime published by the ONS (Office for National Statistics) in March 2018 state that 4.5 million such crimes had been committed in the previous 12 months.

The ONS figures cover all types of cybercrime, including child pornography.

In the first half of 2018, the number of cyber breaches soared over 140% from a year earlier, leading to 3.3 billion compromised data records worldwide, according to Gemalto, an international data security company.

However, the insurer Hiscox has estimated that UK small businesses are being targeted with an average of 65,000 attempted cyber attacks every day, according to the Insurance Times.

Despite this it estimates that  only 52% of SMEs have clear security strategies despite it costing an average of £25,700 last year in direct costs (eg ransoms paid and hardware replaced) per attack.

The information cyber criminals are most interest in is Email addresses, Social Security numbers, Credit card numbers, Bank information, Product information and Birth dates.

The most vulnerable areas for businesses are online banking details, cloud servers, emails and data leaks and breaches.

One growing problem is the numbers of fraudulent emails using named individuals, such as the CEO or Finance Officer authorising payments to be made.

Business cybercrime is an ever-increasing threat and businesses should regularly conduct security audits, ensuring they have robust back-up systems and should examine and if necessary, restrict entry points into the system, only giving access codes to those within the company who actually need them.

They should also take out cyber insurance, something that was hardly I existence ten years ago, but is now becoming increasingly important.

You should check that the policy includes practical support including legal advice, forensics and reputation management to help get a business back up and running as quickly as possible.

Intel-Security-Flaws

Yet another security flaw in Intel chips

Another security flaw has been discovered in Intel’s computer chips, the third this year, say researchers.

The flaw, named Foreshadow, could be used by hackers to obtain sensitive information from computers released from 2015 onwards.

While Intel has already released a patch to mitigate the problem, this latest revelation is not good news for the company.

It has posted a full list of hardware affected by Foreshadow on its website.

According to an article on the BBC tech pages of its website: “Foreshadow was discovered by collaborative work by researchers from KU Leuven university in Belgium and others from the universities of Adelaide and Michigan.”

Intel subsequently discovered two further weaknesses.

Although there have been warnings that installing the mitigation patch could affect the collective processing power of companies using cloud computing platforms Amazon, Google and Microsoft have already installed fixes for this problem. Individual PC users are unlikely to face this problem, however.

As ever, we advise all our customers and clients to be mindful of their cyber security and to ensure that they download and install security updates promptly as soon as they become available.

Apple-losing-its-edge

Is Apple losing its edge?

Apple laptops and desktops are often the favourite hardware for businesses, partly for quality and partly because they have always been seen as largely hack-proof.

But a recent problem has caused some technical writers to question whether the “big A” is beginning to lose its edge.

A flaw was discovered in the most recent version of MacOS High Sierra, that enabled anyone to enter the machine without a password.

The bug was discovered in late November by a Turkish developer, who discovered that entering the username “root” and leaving the password field blank, hitting “enter” a few times, he could gain access to the machine.

The vulnerability, which fortunately could not be used remotely, could give someone with root access more powers than a normal user, for example to read and write files to other accounts.

More seriously a superuser with root access and with malicious intent could have deleted crucial system files, rendering the computer useless – or install malware that might be undetectable to typical security software.

Apple issued a temporary workaround by allowing users to set a root password while it fixed the problem.

The instructions are here

However, according to the tech publication WIRED, there were more problems when Apple rushed out a patch, within 18 hours, and users discovered that the “root” bug returned if they updated to the 10.13.1, version.  The machine had to be re-booted for the patch to work, but Apple had not included this in the instructions.