Learn from our experience

Our experience working across all common sectors has given us unique insight into the multitude of challenges facing organisations of all sizes.

We've learnt that most security challenges are common across verticals and our service offerings reflect that knowledge by providing easy to consume managed services that can be focused on your highest risk activities.

Our experience in dealing cross-sector, worldwide, has given us in-depth insight into effective and appropriate security measures that provides 'security taken care of'.

Bad news

  • 383 organisations 16 industries 12 countries each had between 3,000-100,000 records stolen
  • 32% of organisations had less than 1,000 employees
  • The average total cost of a breach is £3m, up 29% since 2013
  • The average cost per record breached is £120
  • Longer the time to identify breach, higher the cost to repair
  • Largest financial consequence is loss of business
  • 26% likelihood of a breach happening in next 24 month

More bad news

  • World Economic Forum – cyber attack #2 highest issue preventing business operation
  • Gartner – April 2016 - "All organisations should now assume that they are in a state of continuous compromise"
  • Increased regulatory pressure and penalties from UK ICO (up to £500,000) will increase with upcoming GDPR to add 2-5% of annual global turnover
  • Mandatory requirement to declare breaches
  • Increased risk of insolvency or closure

Common Sectors

The common sectors have a number of common IT security risks and challenges.

Correctly understanding and deploying appropriate security technology and processes can effectively mitigate the most prevalent and applicable attack vectors, dramatically increasing overall security.

Risks in the Finance Sector

Spear Phishing

Financial institutions provide a wealth of valuable information to an attacker, by mining publicly available online information regarding employees in a company an attacker can rapidly build a list of contact points in high value departments in a financial institution, subsequently targeting them with malware or with drive-by style exploits.

A decent IDS/IPS combined with web-reputation could identify these threats in transit and prevent compromise from occurring.

Insider attack

Insiders still pose a threat to customer details, whether that’s from employees abusing their privileges, password sharing or breaking corporate policy.

Combined with the loss of accountability through the use of shared accounts or generic accounts such as “update” or “manager”, this means the true culprit of malicious or damaging activity may never be found.

Social Networking

Social networks cause problems for two reasons, data leakage from employees using social networking accounts to chat about the company or broadcast their association to the company to the world (see spear phishing) or the compromise of press accounts such as that of CNN or Reuters that were targeted specifically as prizes for hacking groups.

Company branded social networking accounts should be protected if possible with two factor authentication, and the credentials not widely disseminated amongst employees. Internal use of social networks by employees should be strictly regulated using a DLP system where it is required for business, such as LinkedIn, or an outright ban in the event of purely ‘social’ networking.

Risks in the Online Trading Sector

Domain Name Hijacking

In domain hijacking, a DNS record is changed, often through social engineering, to point traffic for a domain name at a webserver controlled by an attacker.

This attack vector can be used to replace payment systems with malicious phishing forms, or to direct legitimate customers to exploit kits or drive-by downloads, leveraging your business domain’s reputation to draw traffic for malicious use by an attacker.

OWASP

Unsecured websites can damage a business’s reputation and credibility if its website is defaced, altered or used to spread malware. Database theft can also expose an SMB’s client base to attack or fraud.

The most common attacks against websites are outlined in the OWASP top 10 list published annually.

Unpatched Systems

Some systems can remain unpatched for months or even years after a patch has been released under the guise of stability or legacy support. These unpatched machines often provide perfect stepping stones into a business’s network.

Hackers have been known to scan large net blocks looking for unpatched public facing machines that could be used as a point of access.

This could lead to the compromise of private legal case files, and could result in legal repercussions if private information is disclosed.

Risks in the Retail Sector

Domain Name Hijacking

In domain hijacking, a DNS record is changed, often through social engineering, to point traffic for a domain name at a webserver controlled by an attacker.

This attack vector can be used to replace payment systems with malicious phishing forms, or to direct legitimate customers to exploit kits or drive-by downloads, leveraging your business domain’s reputation to draw traffic for malicious use by an attacker.

OWASP

Unsecured websites can damage a business’s reputation and credibility if its website is defaced, altered or used to spread malware. Database theft can also expose an SMB’s client base to attack or fraud.

The most common attacks against websites are outlined in the OWASP top 10 list published annually.

Wi-Fi Hotspots

Although not as common, thanks to recent upgrades in wireless security, wireless networks still provide an entry point to company networks. Often too much data is trusted to wireless networks, an example being attackers exploiting TK Maxx’s wireless network to steal credit card data.

Wireless networks should be secured with the highest level of encryption available and use domain credentials for authentication. Open or low-security wireless access points, such as those used for guests, should be segregated, ideally with a separate connection to the internet to avoid untrusted traffic traversing the corporate network.

With the increasing tendencies of mobile phones to join unencrypted wireless networks, an attacker could steal company or employee specific information from unprotected handsets connected to open guest wireless access points.

Risks in the Online Gaming Sector

Domain Name Hijacking

In domain hijacking, a DNS record is changed, often through social engineering, to point traffic for a domain name at a webserver controlled by an attacker.

This attack vector can be used to replace payment systems with malicious phishing forms, or to direct legitimate customers to exploit kits or drive-by downloads, leveraging your business domain’s reputation to draw traffic for malicious use by an attacker.

OWASP

Unsecured websites can damage a business’s reputation and credibility if its website is defaced, altered or used to spread malware. Database theft can also expose an SMB’s client base to attack or fraud.

The most common attacks against websites are outlines in the OWASP top 10 list published annually.

Unpatched Systems

Some systems can remain unpatched for months or even years after a patch has come out under the guise of stability or legacy support. These unpatched machines often provide perfect stepping stones into a business’s network.

Hackers have been known to scan large net blocks looking for unpatched public facing machines that could be used as a point of access.

This could lead to the compromise of private legal case files, and could result in legal repercussions if private information is disclosed.

Risks in the Hospitality Sector

BYOD

Without a policy to manage devices brought from home, the risk of cross infection rises significantly. An employee’s personal device’s security policy cannot be controlled when the device is outside of the jurisdiction of the company IT policy, and as such can contract viruses that have an impact to the SMB’s network upon re-connection.

A strong AV policy would be the strongest solution, combined with IDS/IPS to detect and quarantine threats on the network.

Drive by Exploits

The past two years have seen heavy trends regarding exploit kits such as the “Blackhole” and “Styx” being used as attack vectors for spreading malware in an automated fashion.

Attackers have been known to use compromised sites to house exploit kits, or use advert vending services to direct user traffic to exploit kits in a technique called “Malvertising”.

A user anywhere in your network subject to a drive-by style attack could provide an entry point for an attacker to the internal network, potentially leading to the loss or theft of corporate or customer data.

Wi-Fi Hotspots

Although not as common, thanks to recent upgrades in wireless security, wireless networks still provide an entry point to company networks. Often too much data is trusted to wireless networks, an example being attackers exploiting TK Maxx’s wireless network to steal credit card data.

Wireless networks should be secured with the highest level of encryption available and use domain credentials for authentication. Open or low-security wireless access points, such as those used for guests, should be segregated, ideally with a separate connection to the internet to avoid untrusted traffic traversing the corporate network.

With the increasing tendencies of mobile phones to join unencrypted wireless networks, an attacker could steal company or employee specific information from unprotected handsets connected to open guest wireless access points.