Category: Information Security

COVID-19

COVID-19 – stay secure and stay safe.

The COVID-19 pandemic has caused a seismic shift towards digital interaction throughout our lives. Remote working became mainstream overnight across thousands of businesses, with virtual meetings and collaboration tools becoming necessities for work and keeping in contact with loved ones. Businesses (and their IT partners) have had to quickly and urgently adapt their business processes, in some cases changing their policy on remote working on-the-fly to keep their businesses functional.

Read more “COVID-19 – stay secure and stay safe.”
Information Security

Psst..do you want some ‘free’ software?

Chances are you’re getting more than you bargained for.

The security research team at Cybereason has recently highlighted the threats from attempting to download ‘cracked’ copies of Microsoft or Adobe products. The research team found that these copies of software had been laced with some particularly nasty malware, which starts by attempting to steal passwords and other information, then contacts a commercial service to download even more malware.

Read more “Psst..do you want some ‘free’ software?”
A large fish pulling fishing a man out of water Information Security

Did you get caught Phishing this summer?

Business Email Compromise (BEC) attacks have become one of the most successful and damaging forms of Phishing, as attackers switch tactics to avoid detection and typical end-user awareness.

According to the NCSC and insurance provider AIG over 23% of all cyber insurance claims in 2018 were because of BEC attacks, even over-performing other popular attacks:

Ransomware at 18% and data breaches at 14% of total claims were relegated to second and third places. Total claims (for Business Email Compromises) in 2018 amounted to more than those in 2016 and 2017 combined.

Source: https://www.ncsc.gov.uk/report/weekly-threat-report-6th-september-2019
Read more “Did you get caught Phishing this summer?”
Information Security

It’s time to get serious with Passwords

Whilst I’m not an avid radio listener, this week I tuned into a spokesperson from the NCSC (UK’s Cyber Security Centre) discussing cyber security and in particular a new top 1000 passwords list that has been compiled in conjunction with Troy Hunt (haveibeenpwned.com). It won’t take you many guesses to find out which passwords were in the top 5 still, but in-case you’re interested here’s a snippet below:

Read more “It’s time to get serious with Passwords”
1 in 5 businesses never update their senior executives regarding cyber security activities. Information Security

Cyber security activities – are you kept up to…

  • 1 in 5 businesses never never update their senior executives regarding cyber security activities…
  • only 17% updated weekly.
  • 5% are only made aware when there’s a breach.

The UK governments annual Cyber Security Breaches Survey (2018) highlights the lack of regular reporting regarding cyber security activities and events to senior executives (business owners, board members etc) and line management.

Read more “Cyber security activities – are you kept up to date?”