The Briefing on Cybersecurity

The latest news, trends and data from the cybersecurity industry

In Data:

Cybersecurity News in Numbers

28%

The percentage of UK organisations that don’t know how many cyberattacks they suffered in the last year, according to the results of PwC‘s Global State of Information Security Survey 2018, which was published in October. 17% also said that they do not prepare or conduct drills for attacks.

8 million

The number of teenagers whose email addresses, usernames and passwords were compromised by a security breach on image sharing site We Heart It. The breach has raised unique concerns due to the age of the users, as they are considered more vulnerable and at greater risk of identity theft than adults.

15%

The rate of increase in cyber incidents recorded by the Australian Cyber Security Centre this year from 2016, according to the organisation’s 2017 threat report. The organisation found that Australian businesses were hit by 7,238 cybersecurity incidents in the past year.

350

The number of clients, including several US government agencies and large corporations, affected by an attack on global accounting firm Deloitte, according to reports by the Guardian. The hackers are thought to have gained access to emails, usernames and passwords and architectural plans, including some highly sensitive information,  in an attack discovered earlier this year, but which began in October 2016.

********

3 Billion:

The number of accounts the 2013 Yahoo hack is now thought to have affected. Previously, the hack, which included the theft of significant personal data, had been thought to have involved 1 billion users – then the largest breach in history – but after being acquired by Verizon, Yahoo has admitted it is treble that number.

Take Action:

Threats You Need to Respond To Now

Disable Flash Player

Cybersecurity expert Kaspersky Lab is recommending users disable Flash Player, after unearthing a malware-based attack using an exploit in Adobe’s software. Flash is due to be retired in 2020, and has seen considerable rollback in use in recent years, but many websites continue to rely on it.

Patch Your Wifi

A WiFi encryption security flaw known as Krack Attack has been identified by researchers at KU Leuven University. The flaw enables hackers to steal data including credit card and bank information on WiFi-connected devices, but can be fixed by installing patches contained in the latest updates on computers, tablets and smartphones.

Secure Webcams

Researchers are warning of active malware that has so far scanned over a million organisations to find connected devices, including wireless webcams, that can be exploited to form part of a massive botnet. Owners of such devices should ensure all security protections are up-to-date and check for available patches.

Consider Advanced Protection

If you are at higher than average risk of attack, or are working on particularly sensitive projects using Google tools, investigate Google’s Advanced Protection Program. Designed with business leaders in mind, it provides advanced security features including physical Security Keys and blocks to third-party access.

From the Influencers:

Key Quotes this Month

The vulnerability remained in an Equifax web application much longer than it should have. I am here today to apologize to the American people myself

Richard Smith, former head of Equifax, apologises during a congressional hearing for failings that led to the landmark attack

“Kaspersky Lab has never helped, nor will help, any government in the world with its cyberespionage efforts.”

A statement made to The Times in response to Israeli accusations that the company was aiding the Russian state in espionage efforts against the US

“The audience is possibly less likely to have security in place or active as people’s perception is that it’s already a dark place to surf.”

Mark James, a security specialist from ESET, tells The Guardian why Pornhub has been targeted by a malware advertising attack

“There are no corporate clients today that don’t have insurance on their buildings or cars, but I think that within a very few years it will be just as evident that you should insure against cyber crime.”

Morten Hubbe, chief executive of Denmark’s biggest insurer Tryg, gives Reuters a prediction about cybersecurity insurance

“We’re seeing criminals change their tactics – moving from the C-suite to lower and midlevel employees, and from large organisations to smaller ones with fewer resources.”

Chris Ross, Senior Sales VP, International, at Barracuda Networks on the changing behavior of cyber attackers

Share this article