Black Arrow Cyber Threat Briefing 05 February 2021: Ransomware Gangs Made At Least $350 Million In 2020; Widening Security Shaped Gulf Between Firms And Remote Workers; 3.2 Billion Emails And Passwords Exposed; Account Takeover and Data Leakage Attacks Spiked In 2020; Automated Tools Increasingly Used to Launch Cyber Attacks; 93% Of Workers Overshare Online, Causing Social Engineering Risks;
Read MoreBlack Arrow Cyber Threat Briefing 15 January 2021: Two Thirds of Employees Don’t Consider Security Whilst Working from Home; Ransomware Gangs Targeting Top Execs; Microsoft emits 83 security fixes – and miscreants are already exploiting vulnerabilities in Windows Defender; Android malware gives hackers full control of your smartphone; Massive fraud campaign sees millions vanish from online bank accounts
Read MoreWelcome to this week's Black Arrow Cyber Tip Tuesday, this week James is talking about the security of home routers. A recent study in Germany of 127 home routers from 7 different brands including D-Link, Linksys, TP-Link and Zyxel found that almost 60 percent of models hadn't had a security update in over a year and most were affected by hundreds of known vulnerabilities. On top of that, they found that vendors were shipping updates with no fixes for critical vulnerabilities that have been known about for many years, some are even observed as being actively exploited. Most routers are based on a Linux operating system which is patched and maintained regularly but the home router manufacturers are choosing to use old and known vulnerable versions of the operating system without sending updates to customers devices.
Read MoreDo your children present a cyber risk to you?
This week's Cyber Tip Tuesday looks at whether children present a cyber risk to others in the household
Read MoreCyber Weekly Flash Briefing 21 August 2020: Former Uber security exec charged with cover-up, half of anti-malware products fail to recognise threats, millions of social media accounts compromised by data breach, WFH causes surge in security breaches, staff 'oblivious' to best practices, 40% of firms have sacked staff for cyber security breaches during Covid, HMRC Investigating Over 10,000 COVID-Related Phishing Scams
Read MoreThe Risks Posed by Home Routers - Cyber Tip Tuesday 22 July 2020
Read MoreCyber Weekly Flash Briefing 29 May 2020: Criminals impersonate Google to target remote workers, ransomware up 950% in 2019, cloud collab tool use surges along with attacks, EasyJet £18 billion suit
Read MoreWith more of us working from home in the Coronavirus crisis, employees need to maintain good cyber hygiene. People behave differently at home, often less alert to information security risks.
Read MoreWith more of us working from home in the coronavirus crisis, there is evidence of increasing attacks by cyber criminals who are exploiting those unaware of the risks, according to Tony Cleal, director of Guernsey’s Black Arrow Cyber Consulting BUSINESSES are making significant changes in response to the virus, including asking employees to work from home for the first time. These new practices have often been implemented as quickly as possible, with a priority on keeping the business operations going. At the same time, the cyber and information security consultants at Black Arrow are seeing reports from specialist intelligence and the wider media which show cyber criminals are feasting on the current chaos as they target employees and companies who let their guard down. ‘Cyber criminals usually target people, not technology, to get into their employer’s systems. Companies need to ensure they consider all the basic risks to prevent this, and implement layers of defence that start with the user. As an analogy, the easiest way for a criminal to get into someone’s home is to convince the resident to let them in, for example by pretending to repair an emergency gas leak. It doesn’t matter how good the window locks are, or how sophisticated the burglar alarm is; all they need to do is knock on the front door and be convincing. Thousands of coronavirus scam and malware sites are being created on a daily basis, and we see cyber criminals taking advantage of the crisis to get access to the organisation’s money and information’. That means companies and employees need to maintain good cyber hygiene when working from home, just as they do in the office. People behave differently at home, and are often less alert to information security risks than in the office. ‘We have seen Guernsey employees posting pictures on Facebook to show their new desk at home, but these pictures risk showing confidential documents on the table and screen. This is further evidence that cyber security is a business-wide risk that needs the aligned strength of people and culture, as well as business operations and technology’. Some smaller businesses consider cyber security to be more relevant for larger organisations. ‘Weakened defences will always be exploited, whether by biological viruses or malicious actors. 43% of cyber attacks hit smaller businesses, and a breach now on top of everything else would likely be catastrophic. Luckily, there are things you can do to protect yourself, even with limited resources; we can help ensure that the scarce money is spent wisely by addressing cyber security as a business-wide risk owned by the business leadership.’ Tony concluded: ‘Now more than ever, because of the disruption and changes to business practices, companies need to take appropriate steps to protect themselves against cyber-attacks. We are committed to helping improve cyber hygiene in Guernsey. This started when I used my experience in British Intelligence to lead the review of cyber security across the Bailiwick for the GFSC, which informed the forthcoming new standards. Now at Black Arrow we are reducing our prices during this crisis, to make cyber hygiene easier for all organisations; of course, charities and non-profits can continue to contact us for help free of charge.’ https://guernseypress.com/news/2020/03/24/maintaining-good-cyber-hygiene/
Read MoreCyber Weekly Flash Briefing for 20 March 2020 – Working from home brings security challenges, COVID-19 scams and malware, VPNs and MFA, broadband strain, critical patches
Read More