Cyber Security Disasters in the News & why everyone should care
by David Dwyer on 14/09/2015 1481 Reads
What we can learn from the cyber security disasters of the big boys
Being an IT business means we have to be diligent and our teams up to date with the latest cyber security news and threats. This can come from dedicated IT industry websites and forums.
The speed at which information can be shared means we use the power of Twitter’s search alerts to tell us as soon as the online community knows about any new security vulnerabilities. The truth though is that we're not alone in that approach. The Traditional media model has also evolved and look to use generally the same sources as we do e.g. common reporting on Twitter to identify the latest cyber security issues will often appear in the following days newspapers. You're also just as likely to pick up news of the latest threats and data breaches from the likes of Sky News, the BBC or ITV and their associated websites.
Every newspaper and TV news company appears to have a dedicated 'Cyber Security' Correspondent and those that don't have an almost constant stream of 'Industry Experts' that they wheel out in front of the cameras when the latest cyber attack hits the news. Why the attention - because cyber security, cyber crime and hacking are big news; news that directly impacts the masses, hence the mass media interest.
Most of the cyber attack horror stories we hear about, focus on major data breaches of many of the World's biggest brands. (Update this was written before the Royal Bank of Scotland website was compromised on 01/08/15)
In November 2014, a massive and systematic cyber attack caused huge embarrassment and the cancellation of the cinema release of 'The Interview' a comedy about the fictional assassination of the North Korean leader - Kim Jong-un. Not surprisingly the finger of blame has been pointed squarely at the North Korean government. The attack wiped out internal data centres and resulted in highly confidential data such as contracts, salary details and even entire films, being stolen.
Home Depot is one of the biggest retailers in the US and Canada. It's a bigger version of the UK's well-known B&Q chain. Between April and September 2014 they were subjected to a sustained cyber attack that resulted in over 56 million payment cards being compromised. Embarrassed company chiefs compounded the issue by using the fact that the hackers had used custom built software in the attack as a means of justifying their cyber defense frailties. The estimated cost of the breach was thought to be in the region of $62 million.
Another large American retailer is in the unenviable position of being responsible for one of the biggest data breaches ever recorded. Malware software was installed on the company's network which resulted in 40 million customer card payment being stolen, and a further 70 million email and postal address records being stolen. In total 110 million records were stolen. Not surprisingly when the news first broke there was wide-scale outrage with many customers voting with their feet. As a result for the financial quarter after the breach - the company reported an unprecedented 46% decline in profits.
Don't let the fact that these three high profile examples of cyber attacks happened across the pond fool you. Britain is, in fact, the most cyber-attacked country in Europe, and the 2nd most attacked in the World.
BA Executive Club
In March 2015, BA's Executive Club scheme was the victim of a data breach that resulted in loyalty points being stolen from within Executive Club members online accounts. Some vigilant Executive Club members spotted that their personal data had changed. While others weren't aware of any issues until they found that their loyalty points had been used to book hotel rooms for trips they'd never personally made.
But Cyber Security isn't just a big business issue. David and Goliath both suffer at the hands of hackers. It's a sad fact that while big businesses recover after an attack, in many cases small businesses simply can't, with many being forced to close. Only recently the Police Service of Northern Ireland told the tale of one small business. They were almost forced to close their doors for the last time as a direct result of a particularly aggressive form of 'ransomware'. This crippled their entire IT network and ultimately their business.
According to recent research, 90% of large businesses suffered a data breach in 2014 while 74% of small businesses suffered the same fate. Even worse, this represents a significant increase of 81% for large and 60% of small companies over the previous year's figure.
The hackers and cyber criminals that blight the Internet and businesses large and small aren't going anywhere. In fact, they continue to evolve and are becoming more and more sophisticated and clever about how they exploit the vulnerabilities present in most websites and web application.
At inspire we treat Cyber Security with the respect it deserves for our systems and for those that we manage for our clients. We use the latest software and reporting tool on our sites and servers and as a result we see, first hand, the sheer number of brute force attempts to access our web servers on a daily basis. In the last 12 months, we’ve successfully combated over 116,500 brute force attacks on our servers, and that number continues to rise.
These attacks happen all the time but as diligent web professionals we want to know what activity is happening on our network such that we can plan and take action where appropriate.
We'll continue seeing more cyber attacks reported in the media and as a business we'll continue the on-going battle to educate and protect our clients.
For a free initial cyber security consultation, please contact Frazer on 01738 700 006 or get in touch through our web enquiry form.
David Dwyer is Managing Director of Inspire Web Development. He has years of experience in a range of web and IT roles plus seven years in sales and marketing in a blue-chip FMCG company. David’s academic and professional qualifications include a BA (Hons) in Business Economics (Personnel & Ergonomics) from the University of Paisley, an MSc in Information Technology (Systems) from Heriot-Watt University and PRINCE2 Practitioner-level certification. He is also an active member of the British Computer Society, Entrepreneurial Exchange and Business for Scotland.
Inspire Web Services, Penetration Testing