We`re just sending through your details

Please give us a few moments whilst we get your account ready.

OKAY

Is Your Business Ready To Face A Cyber-attack?

Is Your Business Ready To Face A Cyber-attack?

posted in Disaster Recovery ● 31 Oct 2017

There has been much discussion, in the technology industry, recently around the security of data and the likelihood of suffering a data breach. Some believe that it is only a matter of time before an organisation or individual ultimately suffers a breach. If this is the case, what will the knock-on effect be and will your business be ready to face it?

Statistics from Verizon’s 2017 Data Breach Report, start to paint a picture of the threat landscape and who cyber-criminals are targeting. There’s an irony to Verizon producing such a report, having purchased Yahoo in 2016, Yahoo of course suffered a data breach affected 3billion accounts in 2013.

 

Breach insight

2016 is widely reflected upon as the year of Ransomware; Attacks spiked, headlines were made and cyber-criminals behind the attacks turned a quick profit. Part of the reason for this was the change in how cyber-criminals targeted victims and the new-found effectiveness of this. By targeting organisations rather than individual users, cyber-attackers could increase their effectiveness by targeting contacts more likely to open a malicious attachment (HR, finance or admin workers).

Cyber-criminals have been successful in extorting money from victims, a direct link can be found with the amount of ransomware attacks and this, with the report stating that 73% of attacks have been financially motivated. Internal threats have historically always been an issue and with Ransomware-as-a-Service now available there has also been a rise in cases related to espionage (21%).

Some of the largest attacks to make headlines were able to affect thousands of organisations within hours, causing service outages and unprecedented down-time. One organisation that was badly hit was the NHS in the UK, when struck with a large-scale ransomware attack, accident and emergency services including ambulances were plunged into chaos; the ransomware had extorted a known vulnerability in Windows XP systems that could have been patched.

 

Who’s been hit?

The Breach report reveals that the top 3 industries to have been affected by a breach or cyber-attack were public administration organisations, healthcare organisations and financial service organisations. These are all industries that are likely to process and hold highly-valuable data therefore the need to get this back quickly and stop any down-time, could result in a quick payment for cyber-criminals.

Anti-virus and data protection tools are evolving to deal with the threats of cyber-attacks and cyber-criminals are having to combat this in various ways. Many attacks will use multiple stages to help disarm security protocols. Phishing attacks now make up 21% of all attacks, having grown from just 8% the year prior. HBO are just one organisation who have suffered at the hands of hackers in 2017, when systems were hacked in July. Hackers demanded ransoms of around $6million in return for not releasing key information as story lines and episodes of the most recent series of Game of Thrones; the data totalled around 1.5 Terabytes.

Credit firm Equifax, suffered one of the largest breaches in history this year, when they revealed that data for over 143 million customers in the states alone had been breached. The hack was disclosed in September despite taking place months earlier, this decision, it has later been revealed, was made in fear of more attackers taking advantage of the known vulnerability in commonly used applications within the organisation.

 

Am I ready for an attack?

Many organisations will employ various levels of cyber-security to diverge the effect. One of the largest challenges though, is identifying and reporting breaches; hackers that hack IoT devices and turn them into botnet’s often do so silently. This is evidenced by the fact that 27% of breaches are reported by third parties. Cyber-attacks still often rely on a human element to be effective, this may be someone opening or downloading a malicious file or attachment, or falling victim to a phishing scam. In this event an infection can usually spread quickly across a network taking down systems as it goes. It’s what happens next that will often determine how much damage is done by the attack.

DR and Business continuity planning

A large-scale outage is like any other disaster that could strike your infrastructure, it will cause downtime and if not dealt with properly will likely result in severe loses and reputational damage for any organisation. Having a disaster recovery and business continuity plan is best practice for any organisation and this needs to be built into cyber-security measures.

The effects of a cyber-attack can be mitigated, if they are planned for. Actions like having separate networks for business-critical information and systems and everyday work can stop an infection spreading from one network to the other.

Ultimately a DR and BC plan must consider how a business will get back to operational capacity and analyse the effects of an attack. Backup is often the starting point for getting back up and running again.

10 things every IT service provider should know about providing Azure Kubernetes Services (AKS) backup

Kubernetes data protection represents a massive opportunity. Around 30% of global organizations are currently running containerised applications in production – by 2022, Gartner predicts that figure will be as high as 75%.

Continue reading
Vital new role of AI in keeping backup data safe from malware

Vital new role of AI in keeping backup data safe from malware

Every day more than 350,000 new types of malware are unleashed on the internet. The scale of the problem is so massive, it is no longer enough to have traditional anti-virus software, solely defending against known threats.

Continue reading
Xero Data Backup

Why you should consider Xero Data Backup for your accountancy firm

Ignoring the need for a third-party backup is a major gamble. Xero’s own Services Agreement states: “You must maintain copies of all data inputted into the service. Xero expressly excludes liability for any loss of data no matter how caused.”
Continue reading