July 2017 Cyber Incident Report

August 2, 2017 at 3:00 pm | Posted in Cyber Security | Leave a comment
Tags: , , ,

So the White board has been wiped for the new financial month at work and now I can reveal the statistics behind the last financial month of the incidents recorded in July.
As a reminder the criteria to get on this list is that the Breach/Attack needs to be reported in major media outlet and be over 5000 records in size.

  • There were Six Cyber Attacks and Thirteen Data Breaches.
  • Over 150 million records were compromised.
  • Financial Costs of the Cyber Incidents this month is estimated to be over $1.2 Billion.
  • Insider Threats continue to be a weakness of all organisations.
  • Average time between each incident is just 2.3 Days.

The largest and perhaps the most interesting was the UK Parliament attack and the Nyetya malware attacks of late June, the effects of which are still being felt today. Companies such as TNT are still trying to recover from the attack that compromised their network.

Insider Threat – Negligence or Deliberate?

July 18, 2017 at 4:00 pm | Posted in Cyber Security | Comments Off on Insider Threat – Negligence or Deliberate?
Tags: , , , ,

With the end of the financial year approaching at work time is becoming more of a premium with discussions with clients and prospects taking place all the time.

However, one area that has come to the attention of many conversations is the threats caused by insiders within an organisation.

Insider threats can come in three distinct areas and are one of the most common threats that companies face in cyber security terms, as the best security is only as strong as its weakest link. Usually human error plays a big part in security.

The first is the Accidental threat, where employees are not as well versed in cyber security practices and open up the Phishing emails or accidentally download a compromised file. Accidental data breaches caused 30% of all security incidents in 2016.

The second is the Negligent threat, where employees try to bypass data protection rules created by an organisation in order to make their jobs easier, such as sharing documents on unsecured cloud applications.

The final is the malicious or deliberate threat, where employees deliberately bypass data protection rules, not for ease of their job but for financial or malicious gain. A disgruntled employee did the recent leak of half a million records from BUPA.

Insider threats will also be a threat vector and the attacks are looking at these weakest links and more training is key on this but also diligence as there are increasingly concerning reports that cyber criminals are trying to recruit individuals to act as an insider for them to breach an organisation.

Create a free website or blog at WordPress.com.
Entries and comments feeds.