Home Insight A year in review: What can we learn from 2019 Cyber Security headlines?

Do cyber security news headlines make you WannaCry? Do you know your Cyborgs from your Jokeroos? Well, because I Love You, we’ve put together a review of some of the biggest cyber security news stories of 2019.

(And we promise, no more puns.)

1. Ransomware Attacks Double in 2019, Brute-Force Attempts Increase

(Health IT Security)

Ransomware has continued to be a major source of disruption across a variety of sectors. In August, McAfee reported a 118% increase in new ransomware in the first quarter of 2019 and more than 2 billion stolen account credentials were available on the cybercriminal underground.

Nursing homes, hospitals and state departments are some of the reported targets. Victims tend to be poorly defended services that can’t afford to be offline. The virus locks victims out of their own systems and demands a ransom to restore access.

The range of targets is a powerful reminder that anyone can fall victim to ransomware. You may think your data isn’t worth anything – but if you can’t afford to be without it, then it has value and attackers will exploit that.

Takeaway:

Help secure your organisation against ransomware by training staff, employing robust physical and cyber security, and creating an effective backup strategy.

[To help educate your staff give them our free best practise infographic]

2. UK boards ignoring £30bn cyber risk

(Computer Weekly)

This headline sums up the continued inaction on cyber security risks – particularly among SMEs. Lack of boardroom oversight on cyber security affects entire organisations, leaving them vulnerable on both the technical and the human front.

Many of the attacks reported in 2019 will be attributed to poor cyber hygiene, like the Microsoft Sharepoint vulnerabilitythat came to light earlier this year. When Microsoft published a patch and guidance to protect users, attackers jumped on the info, but users did not. Attacks continued as hackers exploited this vulnerability to gain access to sensitive data.

On the other hand, is the cyber security industry sending the right message? The NCSC notes the ‘fatalism’ of the general public on the issue of cyber attacks, a natural reaction to some of the scariest headlines, but not one that’s going to inspire action.

Takeaway:

Make cyber security training mandatory for all members of staff at all levels. Think about the best way to communicate your message around your own risk factors – and about cyber security solutions that reduce the impact of individual behaviours.

3. In an Interconnected World, Data Security is a Shared Responsibility

(Security Week)

This summer saw a breach at Luxembourg-based Eurofins, an international group of laboratories that provide services, including forensic science to the UK police. This breach risked the successful continuation of hundreds of UK court cases but was fortunately resolved before that risk was realised.

It was a stark reminder of the exposure we all have to risk through connections with other organisations. You can be sure the UK police force has taken strong measures to protect its own data, but did they ask every organisation in their supply chain for proof that they are taking similar precautions?

Our increasing interconnectivity means a single attack can have a broad impact; you don’t have to be the direct target of an attack in order to fall victim to it.

cyber security inter-connectivity

Takeaway:

Push the organisations you’re connected with to prove their cyber security credentials. But also review your own situation and make sure the way you protect and store your data will be acceptable to your partner businesses. Looking into cyber security or colocation services with a data centre will be the best way to ensure you can show that you are not a point of vulnerability.

Exploring colocation complete guide CTA banner

4. Over a billion Android phones vulnerable to phishing attack

(Tech Radar)

The above headline relates to a security flaw that could leave Android users vulnerable to phishing attacks.

In May there was news of a WhatsApp hack, which had the potential to install spyware onto any of WhatsApp’s 1.5 billion users, simply through receiving a WhatsApp call.

In China, an app ‘Study the Great Nation’ became the most-downloaded free program – and was revealed in October to give administrators backdoor access to the user’s Android smartphone.

Security concerns regarding Huawei have been so prominent that they have led to a delay in the deployment of 5G. The US has even threatened to not share security data with countries who have mobiles on 5G networks supported by Huawei infrastructure.

Can users, especially businesses with sensitive data, continue to trust the security of mobile devices?

Takeaway:

Cyber criminals will find any way in – even if it’s access granted through an employee’s personal phone. Make sure you have a policy in place to limit the potential for cross-contamination and a way to flag any breaches in your security.

[The only way to monitor threats in your system is Vulnerability Scanning]

5. Data breaches hitting more companies than ever

(Tech Radar)

According to one study, 60% of businesses have experienced a data breach in the last three years. The number of cyber attacks is increasing, and the scale is too. 2019 saw one of the biggest ever breaches in the banking sector, with the theft of more than 100 million customer records from Capital One.

These big breaches make headlines, but the small unreported data breaches are also keeping CSOs up at night.  And with GDPR officially in place, the penalties for not properly protecting data are higher than ever. (If you’re in doubt, just ask BA)

Takeaway:

Your organisation will be the target of a cyber attack. If you haven’t, run a full data inventory to establish what you are protecting and review how best to secure it.

[Not knowing where your data is stored breaches GDPR. Consider 100% UK-based data centre]

To summarise:

  • The number and scale of cyber attacks are on the rise
  • Any organisation is a target
  • No device is safe (though some are safer than others!)
  • You are only as secure as the least secure link in your supply chain

In today’s hyper-connected digital workplace, every organisation needs a comprehensive cyber security program in place, including a comprehensive firewall, DDoS mitigation, vulnerability scanning, and secure managed backups. Together, they’ll expose any weak links in your security defences to help you make real differences to your overall security posture.

We’ve built our reputation helping hundreds of organisations like yours leave behind reactive systems and processes. Keep pace with an ever-changing threat landscape - our managed infrastructure and security services are tailored to your exact business requirements giving you peace of mind that your data is secure and accessible 24x7x365.