📡 InfoSec Radar #3

Written by Chris Hepple, Head of Information and Cyber Security | Posted in News on 11 December 2020

InfoSec monthly roundup from Banking Works, Head of Information & Cyber Security, Chris Hepple

“It takes 20 years to build a reputation and few minutes of cyber-incident to ruin it.”–Stephane Nappo

👉 Foreword

The National Cyber Security Centre (NCSC) is a Government organisation that provides advice and support for the public and private sector regarding security threats. I encourage all colleagues, clients and suppliers to follow their articles which communicate recent InfoSec threats that could affect our businesses, products and/or services. I have focussed this month’s blog on the most relevant articles to our business and industry.

⏩ COVID-19 driving a cyber security focus for UK business

In a report, published by PwC, 96% of the businesses that responded stated their cyber security strategy has been shifted due to COVID-19. In addition, 50% said cyber security would be considered in every business decision.The percentage of UK participants who believed a ransomware attack could affect them in 2021 was 50%, below the report’s 57% global average. This is despite a number of high-profile ransomware attacks in 2020.

👨‍💻HICS comment –Unfortunately, I suspect this may include some financial sector businesses. I am however surprised it has taken something like COVID for some businesses to bring information security to the table during decision making. Security is risk management; ensuring the correct security is applied when considering impact to the business. I consider the best way to avoid ransomware attacks is to ensure you carry out regular backups of all data, infrastructure, and configurations. Not only should these be backed, but businesses should also realise the importance of ensuring that backups are working as expected -should a rollback/recovery be required. However, first and foremost stop the criminals getting in to your network by ensuring an appropriate balance of risk management has been carried out (at the earliest opportunity) and promote an effective security culture to all staff, at all levels.

🎣 Phishing attacks focus on online shoppers

Cyber criminals are upping their efforts to catch out online shoppers with phishing scams disguised as delivery emails.

Researchers at CheckPoint have reported that there has been a 440% rise in shipping-related phishing emails in the last month, with Europe seeing the biggest increase.

The emails are reportedly designed to look like the ‘real deal’, encouraging victims to make payments and, most importantly for the criminal, to input your details which can then be stolen. There is also an example of a scam encouraging someone to ‘log in’, which hands over an email address and password for the account which the victim thinks they are accessing.

👨‍💻HICS comment –Educate, educate, educate. You may have all available technical controls configured in your environment, yet without educating those operating within your network you are at risk of a phishing attack. It is extremely important that you ensure your staff are aware of this threat; how to identify, understand responsibilities and processes to assess and report accordingly. A rule of thumb -whenever in doubt, contact the sender direct to confirm the authenticity of the email and content. Never open attachments unless you are certain it is legit and do not follow hyperlinks unless absolutely certain it will take you to where you expect to go to -I always recommend to manually type in the address or use a search engine to locate the correct URL. NCSC regularly provide great awareness articles relating to phishing, I encourage all colleagues and businesses to read these.

Check out our previous InfoSec articles:

InfoSec Radar #2

InfoSec Radar #1